From a4426727f4585c0c7cbf7f90d8bbbd9fc3cff7b2 Mon Sep 17 00:00:00 2001 From: Robert Nixon Date: Sun, 7 Aug 2022 18:26:41 +0200 Subject: [PATCH 1/5] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 178e07f..a260d20 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,7 @@ sudo -u www-data /var/www/MISP/venv/bin/pip install . sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/ sudo systemctl daemon-reload sudo systemctl enable --now misp-modules +sudo service misp-modules start #or /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 & #to start the modules ~~~~ From a86ac9d715ae245572271e55dd807b8fab95b654 Mon Sep 17 00:00:00 2001 From: Robert Nixon Date: Sun, 7 Aug 2022 18:27:38 +0200 Subject: [PATCH 2/5] Update misp-modules.service Service doesn't like or need the -s option to execute the modules. --- etc/systemd/system/misp-modules.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/systemd/system/misp-modules.service b/etc/systemd/system/misp-modules.service index 99cd102..078ebec 100644 --- a/etc/systemd/system/misp-modules.service +++ b/etc/systemd/system/misp-modules.service @@ -7,7 +7,7 @@ User=www-data Group=www-data WorkingDirectory=/usr/local/src/misp-modules Environment="PATH=/var/www/MISP/venv/bin" -ExecStart=/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s +ExecStart=/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 [Install] WantedBy=multi-user.target From 90a1644c8cbea8439e1e95a75fcc51ef3a8841ff Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Wed, 10 Aug 2022 14:07:00 +0200 Subject: [PATCH 3/5] fix: [shodan] Fixed wrong asset used to add attribute to - This caused the input `ip-src` or `ip-dst` input attribute to be added to the `ip-api-addres` which does not have these attributes in their template, where they should be added to the Event instead --- misp_modules/modules/expansion/shodan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/shodan.py b/misp_modules/modules/expansion/shodan.py index f295deb..356abc5 100755 --- a/misp_modules/modules/expansion/shodan.py +++ b/misp_modules/modules/expansion/shodan.py @@ -73,7 +73,7 @@ class ShodanParser(): ip_address_object = MISPObject('ip-api-address') for attribute in ip_address_attributes: ip_address_object.add_attribute(**attribute) - ip_address_object.add_attribute(**self._get_source_attribute()) + self.misp_event.add_attribute(**self._get_source_attribute()) ip_address_object.add_reference(self.attribute.uuid, 'describes') self.misp_event.add_object(ip_address_object) From 71d8745b9137fa7e2cfacc8ac140613123f25581 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 10 Aug 2022 16:17:08 +0200 Subject: [PATCH 4/5] fix: [shodan] The input attribute is actually already added to the event at the beginning --- misp_modules/modules/expansion/shodan.py | 1 - 1 file changed, 1 deletion(-) diff --git a/misp_modules/modules/expansion/shodan.py b/misp_modules/modules/expansion/shodan.py index 356abc5..2ea9749 100755 --- a/misp_modules/modules/expansion/shodan.py +++ b/misp_modules/modules/expansion/shodan.py @@ -73,7 +73,6 @@ class ShodanParser(): ip_address_object = MISPObject('ip-api-address') for attribute in ip_address_attributes: ip_address_object.add_attribute(**attribute) - self.misp_event.add_attribute(**self._get_source_attribute()) ip_address_object.add_reference(self.attribute.uuid, 'describes') self.misp_event.add_object(ip_address_object) From de1687c11a56ec2222ae129a5084dd793c3b2d37 Mon Sep 17 00:00:00 2001 From: Benni0 Date: Fri, 19 Aug 2022 09:19:38 +0200 Subject: [PATCH 5/5] Add __init__.py to action_mod/_utils As _utils is currently not a package, this folder is missing in a built wheel from this package. --- misp_modules/modules/action_mod/_utils/__init__.py | 1 + 1 file changed, 1 insertion(+) create mode 100644 misp_modules/modules/action_mod/_utils/__init__.py diff --git a/misp_modules/modules/action_mod/_utils/__init__.py b/misp_modules/modules/action_mod/_utils/__init__.py new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/misp_modules/modules/action_mod/_utils/__init__.py @@ -0,0 +1 @@ +