MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'MISP:main' into main

pull/545/head
Silvian Iosub 2022-01-11 14:00:35 +01:00 committed by GitHub
parent 13cb1f472d 8ae64ba264
commit beefab0b12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
DOC-REQUIREMENTS Normal file
View File

@ -0,0 +1,3 @@
mkdocs
pymdown-extensions
mkdocs-material

14
documentation/README.md
View File

@ -916,6 +916,20 @@ Query the MALWAREbazaar API to get additional information about the input hash a
-----
#### [mwdb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/mwdb.py)
Module to push malware samples to a MWDB instance
- **features**:
>An expansion module to push malware samples to a MWDB (https://github.com/CERT-Polska/mwdb-core) instance. This module does not push samples to a sandbox. This can be achieved via Karton (connected to the MWDB). Does: * Upload of attachment or malware sample to MWDB * Tags of events and/or attributes are added to MWDB. * Comment of the MISP attribute is added to MWDB. * A link back to the MISP event is added to MWDB via the MWDB attribute. * A link to the MWDB attribute is added as an enrichted attribute to the MISP event.
- **input**:
>Attachment or malware sample
- **output**:
>Link attribute that points to the sample at the MWDB instane
- **requirements**:
>* mwdblib installed (pip install mwdblib) ; * (optional) keys.py file to add tags of events/attributes to MWDB * (optional) MWDB attribute created for the link back to MISP (defined in mwdb_misp_attribute)
-----
#### [ocr_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ocr_enrich.py)
Module to process some optical character recognition on pictures.