Deployed be27869 with MkDocs version: 1.0.4

gh-pages
Alexandre Dulaunoy 2020-04-08 10:48:56 +01:00
parent 1f446f3be4
commit c06963410c
9 changed files with 105 additions and 13 deletions

View File

@ -337,6 +337,13 @@
btc_steroids
</a>
</li>
<li class="md-nav__item">
<a href="#censys_enrich" title="censys_enrich" class="md-nav__link">
censys_enrich
</a>
</li>
<li class="md-nav__item">
@ -379,6 +386,13 @@
cve
</a>
</li>
<li class="md-nav__item">
<a href="#cytomic_orion" title="cytomic_orion" class="md-nav__link">
cytomic_orion
</a>
</li>
<li class="md-nav__item">
@ -924,6 +938,13 @@
btc_steroids
</a>
</li>
<li class="md-nav__item">
<a href="#censys_enrich" title="censys_enrich" class="md-nav__link">
censys_enrich
</a>
</li>
<li class="md-nav__item">
@ -966,6 +987,13 @@
cve
</a>
</li>
<li class="md-nav__item">
<a href="#cytomic_orion" title="cytomic_orion" class="md-nav__link">
cytomic_orion
</a>
</li>
<li class="md-nav__item">
@ -1488,6 +1516,21 @@ dnspython3: dns python library</p>
Text to describe the blockchain balance and the transactions related to the btc address in input.</p>
</blockquote>
<hr />
<h4 id="censys_enrich"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/censys_enrich.py">censys_enrich</a><a class="headerlink" href="#censys_enrich" title="Permanent link">&para;</a></h4>
<p>An expansion module to enrich attributes in MISP by quering the censys.io API
- <strong>features</strong>:</p>
<blockquote>
<p>This module takes an IP, hostname or a certificate fingerprint and attempts to enrich it by querying the Censys API.
- <strong>input</strong>:
IP, domain or certificate fingerprint (md5, sha1 or sha256)
- <strong>output</strong>:
MISP objects retrieved from censys, including open ports, ASN, Location of the IP, x509 details
- <strong>references</strong>:
<a href="https://www.censys.io">https://www.censys.io</a>
- <strong>requirements</strong>:
API credentials to censys.io</p>
</blockquote>
<hr />
<h4 id="circl_passivedns"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivedns.py">circl_passivedns</a><a class="headerlink" href="#circl_passivedns" title="Permanent link">&para;</a></h4>
<p><img src=logos/passivedns.png height=60></p>
<p>Module to access CIRCL Passive DNS.
@ -1616,6 +1659,22 @@ Text giving information about the CVE related to the Vulnerability.
<a href="https://cve.circl.lu/">https://cve.circl.lu/</a>, <a href="https://cve.mitre.org/">https://cve.mitre.org/</a></p>
</blockquote>
<hr />
<h4 id="cytomic_orion"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cytomic_orion.py">cytomic_orion</a><a class="headerlink" href="#cytomic_orion" title="Permanent link">&para;</a></h4>
<p><img src=logos/cytomic_orion.png height=60></p>
<p>An expansion module to enrich attributes in MISP by quering the Cytomic Orion API
- <strong>features</strong>:</p>
<blockquote>
<p>This module takes an MD5 hash and searches for occurrences of this hash in the Cytomic Orion database. Returns observed files and machines.
- <strong>input</strong>:
MD5, hash of the sample / malware to search for.
- <strong>output</strong>:
MISP objects with sightings of the hash in Cytomic Orion. Includes files and machines.
- <strong>references</strong>:
<a href="https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/">https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/</a>, <a href="https://www.cytomicmodel.com/solutions/">https://www.cytomicmodel.com/solutions/</a>
- <strong>requirements</strong>:
Access (license) to Cytomic Orion</p>
</blockquote>
<hr />
<h4 id="dbl_spamhaus"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dbl_spamhaus.py">dbl_spamhaus</a><a class="headerlink" href="#dbl_spamhaus" title="Permanent link">&para;</a></h4>
<p><img src=logos/spamhaus.jpg height=60></p>
<p>Module to check Spamhaus DBL for a domain name.
@ -1823,11 +1882,11 @@ psycopg2: Python library to support PostgreSQL, An access to the IntelMQ databas
<p>Module to query an IP ASN history service (<a href="https://github.com/D4-project/IPASN-History">https://github.com/D4-project/IPASN-History</a>).
- <strong>features</strong>:</p>
<blockquote>
<p>This module takes an IP address attribute as input and queries the CIRCL IPASN service to get additional information about the input.
<p>This module takes an IP address attribute as input and queries the CIRCL IPASN service. The result of the query is the latest asn related to the IP address, that is returned as a MISP object.
- <strong>input</strong>:
An IP address MISP attribute.
- <strong>output</strong>:
Text describing additional information about the input after a query on the IPASN-history database.
Asn object(s) objects related to the IP address used as input.
- <strong>references</strong>:
<a href="https://github.com/D4-project/IPASN-History">https://github.com/D4-project/IPASN-History</a>
- <strong>requirements</strong>:
@ -1892,7 +1951,8 @@ jbxapi: Joe Sandbox API python3 library</p>
The analysis link can also be retrieved from the output of the <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py">lastline_submit</a> expansion module.
- <strong>features</strong>:</p>
<blockquote>
<p>The module uses the new format and it is able to return MISP attributes and objects.
<p>The module requires a Lastline Portal <code>username</code> and <code>password</code>.
The module uses the new format and it is able to return MISP attributes and objects.
The module returns the same results as the <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/lastline_import.py">lastline_import</a> import module.
- <strong>input</strong>:
Link to a Lastline analysis.
@ -1907,7 +1967,7 @@ MISP attributes and objects parsed from the analysis report.
<p>Module to submit a file or URL to Lastline.
- <strong>features</strong>:</p>
<blockquote>
<p>The module requires a Lastline API key and token (or username and password).
<p>The module requires a Lastline Analysis <code>api_token</code> and <code>key</code>.
When the analysis is completed, it is possible to import the generated report by feeding the analysis link to the <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_query.py">lastline_query</a> module.
- <strong>input</strong>:
File or URL to submit to Lastline.

Binary file not shown.

After

Width:  |  Height:  |  Size: 898 B

View File

@ -372,6 +372,13 @@
</li>
<li class="md-nav__item">
<a href="#vt_graph" title="vt_graph" class="md-nav__link">
vt_graph
</a>
</li>
@ -555,6 +562,13 @@
</li>
<li class="md-nav__item">
<a href="#vt_graph" title="vt_graph" class="md-nav__link">
vt_graph
</a>
</li>
@ -741,6 +755,23 @@ ThreatConnect CSV format file
csv</p>
</blockquote>
<hr />
<h4 id="vt_graph"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/vt_graph.py">vt_graph</a><a class="headerlink" href="#vt_graph" title="Permanent link">&para;</a></h4>
<p><img src=logos/virustotal.png height=60></p>
<p>This module is used to create a VirusTotal Graph from a MISP event.
- <strong>features</strong>:</p>
<blockquote>
<p>The module takes the MISP event as input and queries the VirusTotal Graph API to create a new graph out of the event.</p>
<p>Once the graph is ready, we get the url of it, which is returned so we can view it on VirusTotal.
- <strong>input</strong>:
A MISP event.
- <strong>output</strong>:
Link of the VirusTotal Graph created for the event.
- <strong>references</strong>:
<a href="https://www.virustotal.com/gui/graph-overview">https://www.virustotal.com/gui/graph-overview</a>
- <strong>requirements</strong>:
vt_graph_api, the python library to query the VirusTotal graph API</p>
</blockquote>
<hr />

Binary file not shown.

After

Width:  |  Height:  |  Size: 898 B

View File

@ -655,7 +655,8 @@ MISP attributes &amp; objects parsed from the analysis report.</li>
<p>Module to import and parse reports from Lastline analysis links.
- <strong>features</strong>:</p>
<blockquote>
<p>The module uses the new format and it is able to return MISP attributes and objects.
<p>The module requires a Lastline Portal <code>username</code> and <code>password</code>.
The module uses the new format and it is able to return MISP attributes and objects.
The module returns the same results as the <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_query.py">lastline_query</a> expansion module.
- <strong>input</strong>:
Link to a Lastline analysis.

Binary file not shown.

After

Width:  |  Height:  |  Size: 898 B

File diff suppressed because one or more lines are too long

View File

@ -2,37 +2,37 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://www.misp-project.org/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/expansion/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/export_mod/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/import_mod/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/install/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/contribute/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/license/</loc>
<lastmod>2019-12-20</lastmod>
<lastmod>2020-04-08</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

Binary file not shown.