From e7e8f28a036a3c49812413fe0515a9b9f8c76afd Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Wed, 17 Feb 2016 18:33:33 +0100
Subject: [PATCH 1/4] curl is now silent
---
tests/query-dns.sh | 2 +-
tests/search-modules.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/query-dns.sh b/tests/query-dns.sh
index adaddc0..d03dc4d 100644
--- a/tests/query-dns.sh
+++ b/tests/query-dns.sh
@@ -1 +1 @@
-curl http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST
diff --git a/tests/search-modules.sh b/tests/search-modules.sh
index 926335f..5b7e09f 100644
--- a/tests/search-modules.sh
+++ b/tests/search-modules.sh
@@ -1 +1 @@
-curl http://127.0.0.1:6666/modules
+curl -s http://127.0.0.1:6666/modules
From a0c462ee339f8539541962a2d1464feef7cf9c41 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Wed, 17 Feb 2016 18:40:55 +0100
Subject: [PATCH 2/4] Minimal documentation added
---
README.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 README.md
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c796692
--- /dev/null
+++ b/README.md
@@ -0,0 +1,52 @@
+# MISP modules
+
+MISP modules are autonomous modules that can be used for expansion and other services in [MISP](https://github.com/MISP/MISP).
+
+The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities
+without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.
+
+MISP modules support is included in MISP starting from version 2.4.X.
+
+## Existing MISP modules
+
+* [DNS](modules/expansion/dns.py) - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.
+
+## How to add your own MISP modules?
+
+Create your module in [modules/expansion/](modules/expansion/). The module should have at minimum two functions:
+
+* **introspection** function that returns an array of the supported attributes by your expansion module.
+* **handler** function which accepts a JSON document to expand the values and return a dictionary of the expanded values.
+
+## Testing your modules?
+
+MISP uses the **modules** function to discover the available MISP modules and their supported MISP attributes:
+
+~~~
+% curl -s http://127.0.0.1:6666/modules | jq .
+[
+ {
+ "name": "dns",
+ "mispattributes": [
+ "hostname",
+ "domain"
+ ]
+ }
+]
+
+~~~
+
+The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.
+
+Based on this information, a query can be built in a JSON format and saved as body.json:
+
+~~~json
+{"module": "dns", "hostname": "www.github.com"}
+~~~
+
+Then you can POST this JSON format query towards the MISP object server:
+
+~~~
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST
+~~~
+
From f17d24beb3bb83578b0b7187d57069126ed05deb Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Wed, 17 Feb 2016 18:41:17 +0100
Subject: [PATCH 3/4] Debug messages removed
---
bin/misp-modules.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/bin/misp-modules.py b/bin/misp-modules.py
index 0d38136..7f3588b 100644
--- a/bin/misp-modules.py
+++ b/bin/misp-modules.py
@@ -38,7 +38,6 @@ for module in os.listdir(modulesdir):
modulename = module.split(".")[0]
modules.append(modulename)
mhandlers[modulename] = importlib.import_module('modules.expansion.'+modulename)
- print (module)
class ListModules(tornado.web.RequestHandler):
def get(self):
From 4b7aba64cbde86e59d3f16b3f09b5cc1be2e3466 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Wed, 17 Feb 2016 21:35:54 +0100
Subject: [PATCH 4/4] Minimal logging added to the server
---
bin/misp-modules.py | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/bin/misp-modules.py b/bin/misp-modules.py
index 7f3588b..1a7418c 100644
--- a/bin/misp-modules.py
+++ b/bin/misp-modules.py
@@ -24,9 +24,20 @@ import sys
import tornado.web
import importlib
import json
+import logging
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, '..'))
+port = 6666
+
+log = logging.getLogger('misp-modules')
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+handler = logging.StreamHandler(stream=sys.stdout)
+handler.setFormatter(formatter)
+handler.setLevel(logging.INFO)
+
+log.addHandler(handler)
+log.setLevel(logging.INFO)
modulesdir = '../modules/expansion'
@@ -37,6 +48,7 @@ for module in os.listdir(modulesdir):
continue
modulename = module.split(".")[0]
modules.append(modulename)
+ log.info('MISP modules {0} imported'.format(modulename))
mhandlers[modulename] = importlib.import_module('modules.expansion.'+modulename)
class ListModules(tornado.web.RequestHandler):
@@ -46,13 +58,14 @@ class ListModules(tornado.web.RequestHandler):
x = {}
x['name'] = module
x['mispattributes'] = mhandlers[module].introspection()
- print (x['mispattributes'])
ret.append(x)
+ log.debug('MISP ListModules request')
self.write(json.dumps(ret))
class QueryModule(tornado.web.RequestHandler):
def post(self):
jsonpayload = self.request.body.decode('utf-8')
x=json.loads(jsonpayload)
+ log.debug('MISP QueryModule request {0}'.format(jsonpayload))
ret = mhandlers[x['module']].handler(q=jsonpayload)
self.write(json.dumps(ret))
@@ -60,5 +73,6 @@ class QueryModule(tornado.web.RequestHandler):
service = [(r'/modules',ListModules), (r'/query',QueryModule)]
application = tornado.web.Application(service)
-application.listen(6666)
+log.info('MISP modules server started on TCP port {0}'.format(port))
+application.listen(port)
tornado.ioloop.IOLoop.instance().start()