mirror of https://github.com/MISP/misp-modules
Completed Testing
parent
fe1dc07de8
commit
98cb43668d
|
@ -41,6 +41,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
|
||||||
* [Greynoise](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py) - a hover to get information from greynoise.
|
* [Greynoise](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py) - a hover to get information from greynoise.
|
||||||
* [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
|
* [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
|
||||||
* [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
|
* [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
|
||||||
|
* [Ipgeolocation](https://ipgeolocation.io/) - an expansion and hover module for IP Intelligence Stack with [IP to Geolocation](https://ipgeolocation.io/ip-location-api.html), [Timezone](https://ipgeolocation.io/astronomy-api.html) and [Astronomy API](https://ipgeolocation.io/timezone-api.html).
|
||||||
* [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
* [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
||||||
* [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
* [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
||||||
* [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
* [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
||||||
|
@ -75,6 +76,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
|
||||||
* [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
|
* [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
|
||||||
* [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
* [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
||||||
* [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
* [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
||||||
|
* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - an expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information. Our [Whois service](https://whoisfreaks.com/products/whois-api.html), [DNS Lookup API](https://whoisfreaks.com/products/dns-records-api.html), and [SSL analysis](https://whoisfreaks.com/products/ssl-certificate-api.html), equips organizations with comprehensive threat intelligence and attack surface analysis capabilities for enhanced security. Explore our website's product section at https://whoisfreaks.com/ for a wide range of additional services catering to threat intelligence and attack surface analysis needs.
|
||||||
* [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
* [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
||||||
* [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
* [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
||||||
* [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
|
* [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
|
||||||
|
|
|
@ -74,24 +74,6 @@ def handler(q=False):
|
||||||
return {
|
return {
|
||||||
'results': {key: event[key] for key in ('Attribute', 'Object')}
|
'results': {key: event[key] for key in ('Attribute', 'Object')}
|
||||||
}
|
}
|
||||||
# return {'error' : 'Completed Response'}
|
|
||||||
|
|
||||||
def get_mapping():
|
|
||||||
return {
|
|
||||||
'isp':'ISP',
|
|
||||||
'asn':'asn',
|
|
||||||
'city':'city',
|
|
||||||
'country_name':'country',
|
|
||||||
'country_code2':'country-code',
|
|
||||||
'latitude':'latitude',
|
|
||||||
'longitude':'longitude',
|
|
||||||
'organization':'organization',
|
|
||||||
'continent_name':'region',
|
|
||||||
'continent_code':'region-code',
|
|
||||||
'state_prov':'state',
|
|
||||||
'zipcode':'zipcode',
|
|
||||||
'ip':'ip-src'
|
|
||||||
}
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
@ -101,14 +83,5 @@ def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
||||||
# def main():
|
|
||||||
# attribute = {
|
|
||||||
# 'type' : 'ip-src',
|
|
||||||
# 'value' : '20.20.12.154'
|
|
||||||
# }
|
|
||||||
# handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)
|
|
||||||
|
|
||||||
# if __name__ == '__main__':
|
|
||||||
# main()
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue