MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Deployed 6e93622 with MkDocs version: 1.0.4

gh-pages
Alexandre Dulaunoy 2020-11-18 15:42:33 +01:00
parent b435b9db42
commit bd8973ab6e
14 changed files with 28 additions and 3646 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
404.html
View File

@ -222,7 +222,7 @@
<li class="md-nav__item">
<a href="/." title="Home" class="md-nav__link">
<a href="/index.md" title="Home" class="md-nav__link">
Home
</a>
</li>
@ -294,7 +294,7 @@
<li class="md-nav__item">
<a href="/install/" title="Install Guides" class="md-nav__link">
<a href="/install.md" title="Install Guides" class="md-nav__link">
Install Guides
</a>
</li>
@ -306,7 +306,7 @@
<li class="md-nav__item">
<a href="/contribute/" title="Contribute" class="md-nav__link">
<a href="/contribute.md" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
@ -337,7 +337,7 @@
<li class="md-nav__item">
<a href="/license/" title="License" class="md-nav__link">
<a href="/license.md" title="License" class="md-nav__link">
License
</a>
</li>

3
REQUIREMENTS.txt
View File

@ -1,3 +0,0 @@
mkdocs
mkdocs-material
markdown_include

1017
contribute/index.html
View File

File diff suppressed because it is too large Load Diff

22
expansion/index.html
View File

@ -228,7 +228,7 @@
<li class="md-nav__item">
<a href=".." title="Home" class="md-nav__link">
<a href="../index.md" title="Home" class="md-nav__link">
Home
</a>
</li>
@ -882,7 +882,7 @@
<li class="md-nav__item">
<a href="../install/" title="Install Guides" class="md-nav__link">
<a href="../install.md" title="Install Guides" class="md-nav__link">
Install Guides
</a>
</li>
@ -894,7 +894,7 @@
<li class="md-nav__item">
<a href="../contribute/" title="Contribute" class="md-nav__link">
<a href="../contribute.md" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
@ -925,7 +925,7 @@
<li class="md-nav__item">
<a href="../license/" title="License" class="md-nav__link">
<a href="../license.md" title="License" class="md-nav__link">
License
</a>
</li>
@ -3013,20 +3013,6 @@ yara_python python library</p>
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href=".." title="Home" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Home
</span>
</div>
</a>
<a href="../export_mod/" title="Export Modules" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">

8
export_mod/index.html
View File

@ -228,7 +228,7 @@
<li class="md-nav__item">
<a href=".." title="Home" class="md-nav__link">
<a href="../index.md" title="Home" class="md-nav__link">
Home
</a>
</li>
@ -413,7 +413,7 @@
<li class="md-nav__item">
<a href="../install/" title="Install Guides" class="md-nav__link">
<a href="../install.md" title="Install Guides" class="md-nav__link">
Install Guides
</a>
</li>
@ -425,7 +425,7 @@
<li class="md-nav__item">
<a href="../contribute/" title="Contribute" class="md-nav__link">
<a href="../contribute.md" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
@ -456,7 +456,7 @@
<li class="md-nav__item">
<a href="../license/" title="License" class="md-nav__link">
<a href="../license.md" title="License" class="md-nav__link">
License
</a>
</li>

BIN
img/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

BIN
img/misp.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

22
import_mod/index.html
View File

@ -228,7 +228,7 @@
<li class="md-nav__item">
<a href=".." title="Home" class="md-nav__link">
<a href="../index.md" title="Home" class="md-nav__link">
Home
</a>
</li>
@ -406,7 +406,7 @@
<li class="md-nav__item">
<a href="../install/" title="Install Guides" class="md-nav__link">
<a href="../install.md" title="Install Guides" class="md-nav__link">
Install Guides
</a>
</li>
@ -418,7 +418,7 @@
<li class="md-nav__item">
<a href="../contribute/" title="Contribute" class="md-nav__link">
<a href="../contribute.md" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
@ -449,7 +449,7 @@
<li class="md-nav__item">
<a href="../license/" title="License" class="md-nav__link">
<a href="../license.md" title="License" class="md-nav__link">
License
</a>
</li>
@ -769,20 +769,6 @@ vmray_rest_api</p>
</a>
<a href="../install/" title="Install Guides" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Install Guides
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>

704
index.html
View File

@ -1,704 +0,0 @@
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="description" content="MISP Modules Project">
<link rel="canonical" href="https://www.misp-project.org/">
<meta name="author" content="MISP Project">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="img/favicon.ico">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.0">
<title>MISP Modules Documentation</title>
<link rel="stylesheet" href="assets/stylesheets/application.0284f74d.css">
<link rel="stylesheet" href="assets/stylesheets/application-palette.01803549.css">
<meta name="theme-color" content="">
<script src="assets/javascripts/modernizr.74668098.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="assets/fonts/material-icons.css">
</head>
<body dir="ltr" data-md-color-primary="white" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
<svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#home" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://www.misp-project.org/" title="MISP Modules Documentation" class="md-header-nav__button md-logo">
<img src="img/misp.png" width="24" height="24">
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
MISP Modules Documentation
</span>
<span class="md-header-nav__topic">
Home
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://www.misp-project.org/" title="MISP Modules Documentation" class="md-nav__button md-logo">
<img src="img/misp.png" width="48" height="48">
</a>
MISP Modules Documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Home
</label>
<a href="." title="Home" class="md-nav__link md-nav__link--active">
Home
</a>
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#existing-misp-modules" title="Existing MISP modules" class="md-nav__link">
Existing MISP modules
</a>
<nav class="md-nav">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#expansion-modules" title="Expansion modules" class="md-nav__link">
Expansion modules
</a>
</li>
<li class="md-nav__item">
<a href="#export-modules" title="Export modules" class="md-nav__link">
Export modules
</a>
</li>
<li class="md-nav__item">
<a href="#import-modules" title="Import modules" class="md-nav__link">
Import modules
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#how-to-contribute-your-own-module" title="How to contribute your own module?" class="md-nav__link">
How to contribute your own module?
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" title="Licenses" class="md-nav__link">
Licenses
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2">
<label class="md-nav__link" for="nav-2">
Modules
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-2">
Modules
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="expansion/" title="Expansion Modules" class="md-nav__link">
Expansion Modules
</a>
</li>
<li class="md-nav__item">
<a href="export_mod/" title="Export Modules" class="md-nav__link">
Export Modules
</a>
</li>
<li class="md-nav__item">
<a href="import_mod/" title="Import Modules" class="md-nav__link">
Import Modules
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="install/" title="Install Guides" class="md-nav__link">
Install Guides
</a>
</li>
<li class="md-nav__item">
<a href="contribute/" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-5" type="checkbox" id="nav-5">
<label class="md-nav__link" for="nav-5">
About
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-5">
About
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="license/" title="License" class="md-nav__link">
License
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#existing-misp-modules" title="Existing MISP modules" class="md-nav__link">
Existing MISP modules
</a>
<nav class="md-nav">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#expansion-modules" title="Expansion modules" class="md-nav__link">
Expansion modules
</a>
</li>
<li class="md-nav__item">
<a href="#export-modules" title="Export modules" class="md-nav__link">
Export modules
</a>
</li>
<li class="md-nav__item">
<a href="#import-modules" title="Import modules" class="md-nav__link">
Import modules
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#how-to-contribute-your-own-module" title="How to contribute your own module?" class="md-nav__link">
How to contribute your own module?
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" title="Licenses" class="md-nav__link">
Licenses
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1 id="home">Home<a class="headerlink" href="#home" title="Permanent link">&para;</a></h1>
<p><a href="https://travis-ci.org/MISP/misp-modules"><img alt="Build Status" src="https://travis-ci.org/MISP/misp-modules.svg?branch=master" /></a>
<a href="https://coveralls.io/github/MISP/misp-modules?branch=master"><img alt="Coverage Status" src="https://coveralls.io/repos/github/MISP/misp-modules/badge.svg?branch=master" /></a>
<a href="https://codecov.io/gh/MISP/misp-modules"><img alt="codecov" src="https://codecov.io/gh/MISP/misp-modules/branch/master/graph/badge.svg" /></a>
<a href="https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_shield"><img alt="FOSSA Status" src="https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=shield" /></a></p>
<p>MISP modules are autonomous modules that can be used for expansion and other services in <a href="https://github.com/MISP/MISP">MISP</a>.</p>
<p>The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities
without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.</p>
<p>MISP modules support is included in MISP starting from version <code>2.4.28</code>.</p>
<p>For more information: <a href="https://www.circl.lu/assets/files/misp-training/switch2016/2-misp-modules.pdf">Extending MISP with Python modules</a> slides from MISP training.</p>
<h2 id="existing-misp-modules">Existing MISP modules<a class="headerlink" href="#existing-misp-modules" title="Permanent link">&para;</a></h2>
<h3 id="expansion-modules">Expansion modules<a class="headerlink" href="#expansion-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py">Backscatter.io</a> - a hover and expansion module to expand an IP address with mass-scanning observations.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/bgpranking.py">BGP Ranking</a> - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_scam_check.py">BTC scam check</a> - An expansion hover module to instantly check if a BTC address has been abused.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_steroids.py">BTC transactions</a> - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivedns.py">CIRCL Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivessl.py">CIRCL Passive SSL</a> - a hover and expansion module to expand IP addresses with the X.509 certificate seen.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/countrycode.py">countrycode</a> - a hover module to tell you what country a URL belongs to.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/crowdstrike_falcon.py">CrowdStrike Falcon</a> - an expansion module to expand using CrowdStrike Falcon Intel Indicator API.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve.py">CVE</a> - a hover module to give more information about a vulnerability (CVE).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve_advanced.py">CVE advanced</a> - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cuckoo_submit.py">Cuckoo submit</a> - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dbl_spamhaus.py">DBL Spamhaus</a> - a hover module to check Spamhaus DBL for a domain name.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dns.py">DNS</a> - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/docx-enrich.py">docx-enrich</a> - an enrichment module to get text out of Word document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/domaintools.py">DomainTools</a> - a hover and expansion module to get information from <a href="http://www.domaintools.com/">DomainTools</a> whois.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eupi.py">EUPI</a> - a hover and expansion module to get information about an URL from the <a href="https://phishing-initiative.eu/?lang=en">Phishing Initiative project</a>.</li>
<li><a href="misp_modules/modules/expansion/eql.py">EQL</a> - an expansion module to generate event query language (EQL) from an attribute. <a href="https://eql.readthedocs.io/en/latest/">Event Query Language</a></li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/farsight_passivedns.py">Farsight DNSDB Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/geoip_country.py">GeoIP</a> - a hover and expansion module to get GeoIP information from geolite/maxmind.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/greynoise.py">Greynoise</a> - a hover to get information from greynoise.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hashdd.py">hashdd</a> - a hover module to check file hashes against <a href="http://www.hashdd.com">hashdd.com</a> including NSLR dataset.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hibp.py">hibp</a> - a hover module to lookup against Have I Been Pwned?</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/intel471.py">intel471</a> - an expansion module to get info from <a href="https://intel471.com">Intel471</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ipasn.py">IPASN</a> - a hover and expansion to get the BGP ASN of an IP address.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/iprep.py">iprep</a> - an expansion module to get IP reputation from packetmail.net.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py">Joe Sandbox submit</a> - Submit files and URLs to Joe Sandbox.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py">Joe Sandbox query</a> - Query Joe Sandbox with the link of an analysis and get the parsed data.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macaddress_io.py">macaddress.io</a> - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from <a href="https://macaddress.io">MAC address Vendor Lookup</a>. See <a href="https://macaddress.io/integrations/MISP-module">integration tutorial here</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macvendors.py">macvendors</a> - a hover module to retrieve mac vendor information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ocr-enrich.py">ocr-enrich</a> - an enrichment module to get OCRized data from images into MISP.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ods-enrich.py">ods-enrich</a> - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/odt-enrich.py">odt-enrich</a> - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe.py">onyphe</a> - a modules to process queries on Onyphe.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe_full.py">onyphe_full</a> - a modules to process full queries on Onyphe.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/otx.py">OTX</a> - an expansion module for <a href="https://otx.alienvault.com/">OTX</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/passivetotal.py">passivetotal</a> - a <a href="https://www.passivetotal.org/">passivetotal</a> module that queries a number of different PassiveTotal datasets.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pdf-enrich.py">pdf-enrich</a> - an enrichment module to extract text from PDF into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pptx-enrich.py">pptx-enrich</a> - an enrichment module to get text out of PowerPoint document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/qrcode.py">qrcode</a> - a module decode QR code, barcode and similar codes from an image and enrich with the decoded values.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/rbl.py">rbl</a> - a module to get RBL (Real-Time Blackhost List) values from an attribute.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/reversedns.py">reversedns</a> - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/securitytrails.py">securitytrails</a> - an expansion module for <a href="https://securitytrails.com/">securitytrails</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/shodan.py">shodan</a> - a minimal <a href="https://www.shodan.io/">shodan</a> expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_queries.py">Sigma queries</a> - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_syntax_validator.py">Sigma syntax validator</a> - Sigma syntax validator.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sourcecache.py">sourcecache</a> - a module to cache a specific link from a MISP instance.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py">STIX2 pattern syntax validator</a> - a module to check a STIX2 pattern syntax.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatcrowd.py">ThreatCrowd</a> - an expansion module for <a href="https://www.threatcrowd.org/">ThreatCrowd</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatminer.py">threatminer</a> - an expansion module to expand from <a href="https://www.threatminer.org/">ThreatMiner</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py">urlhaus</a> - Query urlhaus to get additional data about a domain, hash, hostname, ip or url.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlscan.py">urlscan</a> - an expansion module to query <a href="https://urlscan.io">urlscan.io</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal.py">virustotal</a> - an expansion module to query the <a href="https://www.virustotal.com/gui/home">VirusTotal</a> API with a high request rate limit required. (More details about the API: <a href="https://developers.virustotal.com/reference">here</a>)</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal_public.py">virustotal_public</a> - an expansion module to query the <a href="https://www.virustotal.com/gui/home">VirusTotal</a> API with a public key and a low request rate limit. (More details about the API: <a href="https://developers.virustotal.com/reference">here</a>)</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vmray_submit.py">VMray</a> - a module to submit a sample to VMray.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulndb.py">VulnDB</a> - a module to query <a href="https://www.riskbasedsecurity.com/">VulnDB</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulners.py">Vulners</a> - an expansion module to expand information about CVEs using Vulners API.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/whois.py">whois</a> - a module to query a local instance of <a href="https://github.com/rafiot/uwhoisd">uwhois</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/wiki.py">wikidata</a> - a <a href="https://www.wikidata.org">wikidata</a> expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xforceexchange.py">xforce</a> - an IBM X-Force Exchange expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xlsx-enrich.py">xlsx-enrich</a> - an enrichment module to get text out of an Excel document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_query.py">YARA query</a> - a module to create YARA rules from single hash attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_syntax_validator.py">YARA syntax validator</a> - YARA syntax validator.</li>
</ul>
<h3 id="export-modules">Export modules<a class="headerlink" href="#export-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cef_export.py">CEF</a> module to export Common Event Format (CEF).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py">Cisco FireSight Manager ACL rule</a> module to export as rule for the Cisco FireSight manager ACL.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/goamlexport.py">GoAML export</a> module to export in <a href="http://goaml.unodc.org/goaml/en/index.html">GoAML format</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/liteexport.py">Lite Export</a> module to export a lite event.</li>
<li><a href="misp_modules/modules/export_mod/mass_eql_export.py">Mass EQL Export</a> module to export applicable attributes from an event to a mass EQL query.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/pdfexport.py">PDF export</a> module to export an event in PDF.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py">Nexthink query format</a> module to export in Nexthink query format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/osqueryexport.py">osquery</a> module to export in <a href="https://osquery.io/">osquery</a> query format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threat_connect_export.py">ThreatConnect</a> module to export in ThreatConnect CSV format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threatStream_misp_export.py">ThreatStream</a> module to export in ThreatStream format.</li>
</ul>
<h3 id="import-modules">Import modules<a class="headerlink" href="#import-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/csvimport.py">CSV import</a> Customizable CSV import module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/cuckooimport.py">Cuckoo JSON</a> Cuckoo JSON import.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/email_import.py">Email Import</a> Email import module for MISP to import basic metadata.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/goamlimport.py">GoAML import</a> Module to import <a href="http://goaml.unodc.org/goaml/en/index.html">GoAML</a> XML format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py">Joe Sandbox import</a> Parse data from a Joe Sandbox json report.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/ocr.py">OCR</a> Optical Character Recognition (OCR) module for MISP to import attributes from images, scan or faxes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/openiocimport.py">OpenIOC</a> OpenIOC import based on PyMISP library.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/threatanalyzer_import.py">ThreatAnalyzer</a> - An import module to process ThreatAnalyzer archive.zip/analysis.json sandbox exports.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/vmray_import.py">VMRay</a> - An import module to process VMRay export.</li>
</ul>
<h2 id="how-to-contribute-your-own-module">How to contribute your own module?<a class="headerlink" href="#how-to-contribute-your-own-module" title="Permanent link">&para;</a></h2>
<p>Fork the project, add your module, test it and make a pull-request. Modules can be also private as you can add a module in your own MISP installation.
For further information please see <a href="contribute/">Contribute</a>.</p>
<h2 id="licenses">Licenses<a class="headerlink" href="#licenses" title="Permanent link">&para;</a></h2>
<p><a href="https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_large"><img alt="FOSSA Status" src="https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=large" /></a></p>
<p>For further Information see also the <a href="license/">license file</a>.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="expansion/" title="Expansion Modules" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Expansion Modules
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 MISP Project
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
<div class="md-footer-social">
<link rel="stylesheet" href="assets/fonts/font-awesome.css">
<a href="https://www.misp-project.org/" class="md-footer-social__link fa fa-globe"></a>
<a href="https://github.com/MISP" class="md-footer-social__link fa fa-github-alt"></a>
<a href="https://twitter.com/MISPProject" class="md-footer-social__link fa fa-twitter"></a>
</div>
</div>
</div>
</footer>
</div>
<script src="assets/javascripts/application.245445c6.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"."}})</script>
</body>
</html>

793
install/index.html
View File

@ -1,793 +0,0 @@
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="description" content="MISP Modules Project">
<link rel="canonical" href="https://www.misp-project.org/install/">
<meta name="author" content="MISP Project">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.0">
<title>Install Guides - MISP Modules Documentation</title>
<link rel="stylesheet" href="../assets/stylesheets/application.0284f74d.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.01803549.css">
<meta name="theme-color" content="">
<script src="../assets/javascripts/modernizr.74668098.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
</head>
<body dir="ltr" data-md-color-primary="white" data-md-color-accent="blue">
<svg class="md-svg">
<defs>
<svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://www.misp-project.org/" title="MISP Modules Documentation" class="md-header-nav__button md-logo">
<img src="../img/misp.png" width="24" height="24">
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
MISP Modules Documentation
</span>
<span class="md-header-nav__topic">
Install Guides
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://www.misp-project.org/" title="MISP Modules Documentation" class="md-nav__button md-logo">
<img src="../img/misp.png" width="48" height="48">
</a>
MISP Modules Documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Home" class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2">
<label class="md-nav__link" for="nav-2">
Modules
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-2">
Modules
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../expansion/" title="Expansion Modules" class="md-nav__link">
Expansion Modules
</a>
</li>
<li class="md-nav__item">
<a href="../export_mod/" title="Export Modules" class="md-nav__link">
Export Modules
</a>
</li>
<li class="md-nav__item">
<a href="../import_mod/" title="Import Modules" class="md-nav__link">
Import Modules
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Install Guides
</label>
<a href="./" title="Install Guides" class="md-nav__link md-nav__link--active">
Install Guides
</a>
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="How to install and start MISP modules (in a Python virtualenv)?" class="md-nav__link">
How to install and start MISP modules (in a Python virtualenv)?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="How to install and start MISP modules on RHEL-based distributions ?" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-use-an-misp-modules-docker-container" title="How to use an MISP modules Docker container" class="md-nav__link">
How to use an MISP modules Docker container
</a>
<nav class="md-nav">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-build" title="Docker build" class="md-nav__link">
Docker build
</a>
</li>
<li class="md-nav__item">
<a href="#docker-run" title="Docker run" class="md-nav__link">
Docker run
</a>
</li>
<li class="md-nav__item">
<a href="#docker-compose" title="Docker-compose" class="md-nav__link">
Docker-compose
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#install-misp-module-on-an-offline-instance" title="Install misp-module on an offline instance." class="md-nav__link">
Install misp-module on an offline instance.
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../contribute/" title="Contribute" class="md-nav__link">
Contribute
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-5" type="checkbox" id="nav-5">
<label class="md-nav__link" for="nav-5">
About
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-5">
About
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../license/" title="License" class="md-nav__link">
License
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="How to install and start MISP modules (in a Python virtualenv)?" class="md-nav__link">
How to install and start MISP modules (in a Python virtualenv)?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="How to install and start MISP modules on RHEL-based distributions ?" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-use-an-misp-modules-docker-container" title="How to use an MISP modules Docker container" class="md-nav__link">
How to use an MISP modules Docker container
</a>
<nav class="md-nav">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-build" title="Docker build" class="md-nav__link">
Docker build
</a>
</li>
<li class="md-nav__item">
<a href="#docker-run" title="Docker run" class="md-nav__link">
Docker run
</a>
</li>
<li class="md-nav__item">
<a href="#docker-compose" title="Docker-compose" class="md-nav__link">
Docker-compose
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#install-misp-module-on-an-offline-instance" title="Install misp-module on an offline instance." class="md-nav__link">
Install misp-module on an offline instance.
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1>Install Guides</h1>
<h2 id="how-to-install-and-start-misp-modules-in-a-python-virtualenv">How to install and start MISP modules (in a Python virtualenv)?<a class="headerlink" href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="Permanent link">&para;</a></h2>
<div class="codehilite"><pre><span></span><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u www-data&quot;</span>
sudo apt-get install -y <span class="se">\</span>
git <span class="se">\</span>
libpq5 <span class="se">\</span>
libjpeg-dev <span class="se">\</span>
tesseract-ocr <span class="se">\</span>
libpoppler-cpp-dev <span class="se">\</span>
imagemagick virtualenv <span class="se">\</span>
libopencv-dev <span class="se">\</span>
zbar-tools <span class="se">\</span>
libzbar0 <span class="se">\</span>
libzbar-dev <span class="se">\</span>
libfuzzy-dev
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> virtualenv -p python3 /var/www/MISP/venv
<span class="c1"># END with virtualenv</span>
<span class="nb">cd</span> /usr/local/src/
<span class="c1"># Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp</span>
sudo adduser misp staff
sudo chmod <span class="m">2775</span> /usr/local/src
sudo chown root:staff /usr/local/src
git clone https://github.com/MISP/misp-modules.git
git clone git://github.com/stricaud/faup.git faup
git clone git://github.com/stricaud/gtcaca.git gtcaca
<span class="c1"># Install gtcaca/faup</span>
<span class="nb">cd</span> gtcaca
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
sudo make install
<span class="nb">cd</span> ../../faup
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
sudo make install
sudo ldconfig
<span class="nb">cd</span> ../../misp-modules
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install .
<span class="c1"># END with virtualenv</span>
<span class="c1"># BEGIN without virtualenv: </span>
sudo pip install -I -r REQUIREMENTS
sudo pip install .
<span class="c1"># END without virtualenv</span>
<span class="c1"># Start misp-modules as a service</span>
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl <span class="nb">enable</span> --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l <span class="m">127</span>.0.0.1 -s <span class="p">&amp;</span> <span class="c1">#to start the modules</span>
</pre></div>
<h2 id="how-to-install-and-start-misp-modules-on-rhel-based-distributions">How to install and start MISP modules on RHEL-based distributions ?<a class="headerlink" href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="Permanent link">&para;</a></h2>
<p>As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.</p>
<div class="codehilite"><pre><span></span><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u apache&quot;</span>
sudo yum install <span class="se">\</span>
rh-ruby22 <span class="se">\</span>
openjpeg-devel <span class="se">\</span>
rubygem-rouge <span class="se">\</span>
rubygem-asciidoctor <span class="se">\</span>
zbar-devel <span class="se">\</span>
opencv-devel <span class="se">\</span>
gcc-c++ <span class="se">\</span>
pkgconfig <span class="se">\</span>
poppler-cpp-devel <span class="se">\</span>
python-devel <span class="se">\</span>
redhat-rpm-config
<span class="nb">cd</span> /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
<span class="nb">cd</span> misp-modules
<span class="nv">$SUDO_WWW</span> /usr/bin/scl <span class="nb">enable</span> rh-python36 <span class="s2">&quot;virtualenv -p python3 /var/www/MISP/venv&quot;</span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U .
</pre></div>
<p>Create the service file /etc/systemd/system/misp-modules.service :</p>
<div class="codehilite"><pre><span></span><span class="nb">echo</span> <span class="s2">&quot;[Unit]</span>
<span class="s2">Description=MISP&#39;s modules</span>
<span class="s2">After=misp-workers.service</span>
<span class="s2">[Service]</span>
<span class="s2">Type=simple</span>
<span class="s2">User=apache</span>
<span class="s2">Group=apache</span>
<span class="s2">ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 &#39;/var/www/MISP/venv/bin/misp-modules l 127.0.0.1 s&#39;</span>
<span class="s2">Restart=always</span>
<span class="s2">RestartSec=10</span>
<span class="s2">[Install]</span>
<span class="s2">WantedBy=multi-user.target&quot;</span> <span class="p">|</span> sudo tee /etc/systemd/system/misp-modules.service
</pre></div>
<p>The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:</p>
<div class="codehilite"><pre><span></span>systemctl daemon-reload
systemctl <span class="nb">enable</span> --now misp-modules
</pre></div>
<h2 id="how-to-use-an-misp-modules-docker-container">How to use an MISP modules Docker container<a class="headerlink" href="#how-to-use-an-misp-modules-docker-container" title="Permanent link">&para;</a></h2>
<h3 id="docker-build">Docker build<a class="headerlink" href="#docker-build" title="Permanent link">&para;</a></h3>
<div class="codehilite"><pre><span></span>docker build -t misp-modules <span class="se">\</span>
--build-arg <span class="nv">BUILD_DATE</span><span class="o">=</span><span class="k">$(</span>date -u +<span class="s2">&quot;%Y-%m-%d&quot;</span><span class="k">)</span> <span class="se">\</span>
docker/
</pre></div>
<h3 id="docker-run">Docker run<a class="headerlink" href="#docker-run" title="Permanent link">&para;</a></h3>
<div class="codehilite"><pre><span></span><span class="c1"># Start Redis</span>
docker run --rm -d --name<span class="o">=</span>misp-redis redis:alpine
<span class="c1"># Start MISP-modules</span>
docker run <span class="se">\</span>
--rm -d --name<span class="o">=</span>misp-modules <span class="se">\</span>
-e <span class="nv">REDIS_BACKEND</span><span class="o">=</span>misp-redis <span class="se">\</span>
-e <span class="nv">REDIS_PORT</span><span class="o">=</span><span class="s2">&quot;6379&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_PW</span><span class="o">=</span><span class="s2">&quot;&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_DATABASE</span><span class="o">=</span><span class="s2">&quot;245&quot;</span> <span class="se">\</span>
-e <span class="nv">MISP_MODULES_DEBUG</span><span class="o">=</span><span class="s2">&quot;false&quot;</span> <span class="se">\</span>
dcso/misp-dockerized-misp-modules
</pre></div>
<h3 id="docker-compose">Docker-compose<a class="headerlink" href="#docker-compose" title="Permanent link">&para;</a></h3>
<div class="codehilite"><pre><span></span>services:
misp-modules:
# https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
image: dcso/misp-dockerized-misp-modules:3
# Local image:
#image: misp-modules
#build:
# context: docker/
environment:
# Redis
REDIS_BACKEND: misp-redis
REDIS_PORT: &quot;6379&quot;
REDIS_DATABASE: &quot;245&quot;
# System PROXY (OPTIONAL)
http_proxy:
https_proxy:
no_proxy: 0.0.0.0
# Timezone (OPTIONAL)
TZ: Europe/Berlin
# MISP-Modules (OPTIONAL)
MISP_MODULES_DEBUG: &quot;false&quot;
# Logging options (OPTIONAL)
LOG_SYSLOG_ENABLED: &quot;no&quot;
misp-redis:
# https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
image: redis:alpine
</pre></div>
<h2 id="install-misp-module-on-an-offline-instance">Install misp-module on an offline instance.<a class="headerlink" href="#install-misp-module-on-an-offline-instance" title="Permanent link">&para;</a></h2>
<p>First, you need to grab all necessary packages for example like this :</p>
<p>Use pip wheel to create an archive
<div class="codehilite"><pre><span></span>mkdir misp-modules-offline
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
</pre></div>
On offline machine :
<div class="codehilite"><pre><span></span>mkdir misp-modules-bundle
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
cd misp-modules-bundle
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
</pre></div>
Next you can follow standard install procedure.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../import_mod/" title="Import Modules" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Import Modules
</span>
</div>
</a>
<a href="../contribute/" title="Contribute" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Contribute
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 MISP Project
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
<div class="md-footer-social">
<link rel="stylesheet" href="../assets/fonts/font-awesome.css">
<a href="https://www.misp-project.org/" class="md-footer-social__link fa fa-globe"></a>
<a href="https://github.com/MISP" class="md-footer-social__link fa fa-github-alt"></a>
<a href="https://twitter.com/MISPProject" class="md-footer-social__link fa fa-twitter"></a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.245445c6.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
</body>
</html>

1073
license/index.html
View File

File diff suppressed because it is too large Load Diff

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

22
sitemap.xml
View File

@ -1,38 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://www.misp-project.org/</loc>
<lastmod>2020-10-21</lastmod>
<loc></loc>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/expansion/</loc>
<lastmod>2020-10-21</lastmod>
<lastmod>2020-11-18</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/export_mod/</loc>
<lastmod>2020-10-21</lastmod>
<lastmod>2020-11-18</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/import_mod/</loc>
<lastmod>2020-10-21</lastmod>
<lastmod>2020-11-18</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/install/</loc>
<lastmod>2020-10-21</lastmod>
<loc></loc>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/contribute/</loc>
<lastmod>2020-10-21</lastmod>
<loc></loc>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/license/</loc>
<lastmod>2020-10-21</lastmod>
<loc></loc>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.