An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE). +- features:
+++The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to gather additional information.
+The result of the query is then parsed to return additional information about the vulnerability, like its cvss score or some references, as well as the potential related weaknesses and attack patterns.
+The vulnerability additional data is returned in a vulnerability MISP object, and the related additional information are put into weakness and attack-pattern MISP objects. +- input: +Vulnerability attribute. +- output: +Additional information about the vulnerability, such as its cvss score, some references, or the related weaknesses and attack patterns. +- references: +https://cve.circl.lu, https://cve/mitre.org/
+
An expansion module to enrich attributes in MISP by quering the Cytomic Orion API @@ -1750,7 +1864,7 @@ IP address resolving the input. dnspython3: DNS python3 library
Module to extract freetext from a .docx document. - features:
@@ -1845,6 +1959,39 @@ Text containing information about the input, resulting from the query on the Far An access to the Farsight Passive DNS API (apikey)+- descrption:
+++An expansion module to query a local copy of Maxmind's Geolite database with an IP address, in order to get information about its related AS number. +- features: +The module takes an IP address attribute as input and queries a local copy of the Maxmind's Geolite database to get information about the related AS number. +- input: +An IP address MISP attribute. +- output: +Text containing information about the AS number of the IP address. +- references: +https://www.maxmind.com/en/home +- requirements: +A local copy of Maxmind's Geolite database
+
An expansion module to query a local copy of Maxmind's Geolite database with an IP address, in order to get information about the city where it is located. +- features:
+++The module takes an IP address attribute as input and queries a local copy of the Maxmind's Geolite database to get information about the city where this IP address is located. +- input: +An IP address MISP attribute. +- output: +Text containing information about the city where the IP address is located. +- references: +https://www.maxmind.com/en/home +- requirements: +A local copy of Maxmind's Geolite database
+
Module to query a local copy of Maxmind's Geolite database. @@ -1862,6 +2009,23 @@ Text containing information about the location of the IP address. A local copy of Maxmind's Geolite database
+- descrption:
+++A hover module to get information about an url using a Google search. +- features: +The module takes an url as input to query the Google search API. The result of the query is then return as raw text. +- input: +An url attribute. +- output: +Text containing the result of a Google search on the input url. +- references: +https://github.com/abenassi/Google-Search-API +- requirements: +The python Google Search API library
+
Module to access GreyNoise.io API @@ -1905,6 +2069,36 @@ Additional information about the email address. https://haveibeenpwned.com/
+- descrption:
+++An expansion module to query Intel471 in order to get additional information about a domain, ip address, email address, url or hash. +- features: +The module uses the Intel471 python library to query the Intel471 API with the value of the input attribute. The result of the query is then returned as freetext so the Freetext import parses it. +- input: +A MISP attribute whose type is included in the following list: +- hostname +- domain +- url +- ip-src +- ip-dst +- email-src +- email-dst +- target-email +- whois-registrant-email +- whois-registrant-name +- md5 +- sha1 +- sha256 +- output: +Freetext +- references: +https://public.intel471.com/ +- requirements: +The intel471 python library
+
Module to access intelmqs eventdb. @@ -2069,7 +2263,7 @@ File object(s) related to the input attribute found on MALWAREbazaar databases. https://bazaar.abuse.ch/
Module to process some optical character recognition on pictures. - features:
@@ -2082,7 +2276,7 @@ Text and freetext fetched from the input picture. cv2: The OpenCV python library.
Module to extract freetext from a .ods document. - features:
@@ -2096,7 +2290,7 @@ Text and freetext parsed from the document. ezodf: Python package to create/manipulate OpenDocumentFormat files., pandas_ods_reader: Python library to read in ODS files.Module to extract freetext from a .odt document. - features:
@@ -2233,7 +2427,7 @@ An access to the OTX API (apikey)Module to extract freetext from a PDF document. - features:
@@ -2247,7 +2441,7 @@ Text and freetext parsed from the document. pdftotext: Python library to extract text from PDF.Module to extract freetext from a .pptx document. - features:
@@ -2274,6 +2468,35 @@ The URL or bitcoin address the QR code is pointing to. cv2: The OpenCV python library., pyzbar: Python library to read QR codes.++Module to access the ransomcoinDB with a hash or btc address attribute and get the associated btc address of hashes.
+
++The module takes either a hash attribute or a btc attribute as input to query the ransomcoinDB API for some additional data.
+If the input is a btc address, we will get the associated hashes returned in a file MISP object. If we query ransomcoinDB with a hash, the response contains the associated btc addresses returned as single MISP btc attributes.
+
++A hash (md5, sha1 or sha256) or btc attribute.
+
++Hashes associated to a btc address or btc addresses associated to a hash.
+
+ ++
++A ransomcoinDB API key.
+
Module to check an IPv4 address against known RBLs. - features:
@@ -2399,6 +2622,22 @@ Text describing the validity of the Sigma rule. Sigma python library, Yaml python libraryAn expansion module to query the Sophoslabs intelix API to get additional information about an ip address, url, domain or sha256 attribute. +- features:
+++The module takes an ip address, url, domain or sha256 attribute and queries the SophosLabs Intelix API with the attribute value. The result of this query is a SophosLabs Intelix hash report, or an ip or url lookup, that is then parsed and returned in a MISP object. +- input: +An ip address, url, domain or sha256 attribute. +- output: +SophosLabs Intelix report and lookup objects +- references: +https://aws.amazon.com/marketplace/pp/B07SLZPMCS +- requirements: +A client_id and client_secret pair to authenticate to the SophosLabs Intelix API
+
Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page. - features:
@@ -2707,7 +2946,7 @@ MISP attributes mapped from the result of the query on X-Force Exchange. An access to the X-Force API (apikey)Module to extract freetext from a .xlsx document. - features:
diff --git a/expansion/logos/google.png b/expansion/logos/google.png new file mode 100644 index 0000000000000000000000000000000000000000..492f44c27eb2d402e0dd3446b4d38192e75874c4 GIT binary patch literal 15903 zcmeHuWl$VZn=S+=2`<6i-3E7ex8N{?5AGf$xCaXsEVv9ZI0OO{+=E*P5-fv5&`Unq zyFa$JZf({6yHho%yU#qYocFv(db*!jEe*xjn538p2nes0mE?2~5D>?nzc0{HpKCmY z_hg