MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [misp-modules] doc updated

pull/667/head
Alexandre Dulaunoy 2024-06-06 07:40:57 +02:00
parent 55b0914185
commit a225047e8c
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
5 changed files with 53 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/index.md
View File

@ -65,7 +65,6 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
* [Sigma queries](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_queries.py) - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures.
* [Sigma syntax validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_syntax_validator.py) - Sigma syntax validator.
* [sourcecache](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance.
* [stairwell](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stairwell.py) - an expansion module to enrich hash observables with the Stairwell API
* [STIX2 pattern syntax validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py) - a module to check a STIX2 pattern syntax.
* [ThreatCrowd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/).
* [threatminer](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatminer.py) - an expansion module to expand from [ThreatMiner](https://www.threatminer.org/).
@ -76,7 +75,6 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
* [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
* [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
* [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
* [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
* [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
* [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
* [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.

BIN
docs/logos/stairwell.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

BIN
docs/logos/whoisfreaks.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

26
documentation/README.md
View File

@ -1586,19 +1586,18 @@ Module to cache web pages of analysis reports, OSINT sources. The module returns
<img src=logos/stairwell.png height=60>
An expansion module to enrich hash observables with the Stairwell API.
Module to query the Stairwell API to get additional information about the input hash attribute
- **features**:
>This module takes a file hash as input and queries the Stairwell API. It will create a misp-object with the additional enrichment intel.
>The module takes a hash attribute as input and queries Stariwell's API to fetch additional data about it. The result, if the payload is observed in Stariwell, is a file object describing the file the input hash is related to.
- **input**:
>MD5, SHA1, or SHA256
>A hash attribute (md5, sha1, sha256).
- **output**:
>A stairwell misp-object with additional enrichment intel.
>File object related to the input attribute found on Stairwell platform.
- **references**:
>https://docs.stairwell.com
> - https://stairwell.com
> - https://docs.stairwell.com
- **requirements**:
>- json
>- pymisp
>- requests
>Access to Stairwell platform (apikey)
-----
@ -1924,23 +1923,24 @@ An expansion hover module to expand information about CVE id using Vulners API.
-----
#### [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
#### [vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
<img src=logos/vysion.png height=60>
Module to enrich the information by making use of the Vysion API.
- **features**:
>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
- **input**:
>MISP Attribute which include: company(target-org), country, info.
- **output**:
>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
- **references**:
>https://vysion.ai/
> - https://vysion.ai/
> - https://developers.vysion.ai/
> - https://github.com/ByronLabs/vysion-cti/tree/main
- **requirements**:
> Vysion python library
> Vysion API Key
> - Vysion python library
> - Vysion API Key
-----

40
documentation/mkdocs/expansion.md
View File

@ -1579,6 +1579,25 @@ Module to cache web pages of analysis reports, OSINT sources. The module returns
-----
#### [stairwell](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stairwell.py)
<img src=../logos/stairwell.png height=60>
Module to query the Stairwell API to get additional information about the input hash attribute
- **features**:
>The module takes a hash attribute as input and queries Stariwell's API to fetch additional data about it. The result, if the payload is observed in Stariwell, is a file object describing the file the input hash is related to.
- **input**:
>A hash attribute (md5, sha1, sha256).
- **output**:
>File object related to the input attribute found on Stairwell platform.
- **references**:
> - https://stairwell.com
> - https://docs.stairwell.com
- **requirements**:
>Access to Stairwell platform (apikey)
-----
#### [stix2_pattern_syntax_validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py)
<img src=../logos/stix.png height=60>
@ -1901,6 +1920,27 @@ An expansion hover module to expand information about CVE id using Vulners API.
-----
#### [vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
<img src=../logos/vysion.png height=60>
Module to enrich the information by making use of the Vysion API.
- **features**:
>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
- **input**:
>MISP Attribute which include: company(target-org), country, info.
- **output**:
>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
- **references**:
> - https://vysion.ai/
> - https://developers.vysion.ai/
> - https://github.com/ByronLabs/vysion-cti/tree/main
- **requirements**:
> - Vysion python library
> - Vysion API Key
-----
#### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).