Added vysion expansion and documentation

README.md

@@ -95,6 +95,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [VMware NSX](misp_modules/modules/expansion/vmware_nsx.py) - a module to enrich a file or URL with VMware NSX Defender.
 * [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
+* [Vysion](misp-modules/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
 * [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
 * [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
 * [wikidata](misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.

REQUIREMENTS

@@ -177,6 +177,7 @@ validators==0.14.0
 vt-graph-api==2.2.0
 vt-py==0.17.5
 vulners==2.0.10
+vysion=1.0.8 ; python_version >= '3.7'
 wand==0.6.11
 websocket-client==1.5.1 ; python_version >= '3.7'
 websockets==11.0.3 ; python_version >= '3.7'

docs/index.md

@@ -75,6 +75,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
 * [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
+* [Vysion](misp-modules/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
 * [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
 * [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.

documentation/README.md

@@ -1904,6 +1904,26 @@ An expansion hover module to expand information about CVE id using Vulners API.
 
 -----
 
+#### [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
+
+<img src=logos/vysion.png height=60>
+
+Module to enrich the information by making use of the Vysion API.
+- **features**:
+>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
+>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
+- **input**:
+>MISP Attribute which include: company(target-org), country, info.
+- **output**:
+>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
+- **references**:
+>https://vysion.ai/
+- **requirements**:
+> Vysion python library
+> Vysion API Key
+
+-----
+
 #### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
 
 Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).

documentation/website/expansion/vysion.json

@@ -0,0 +1,16 @@
+{
+    "description": "Module to enrich the information by making use of the Vysion API.",
+    "logo": "vysion.png",
+    "requirements": [
+        "Vysion python library",
+        "Vysion API Key"
+    ],
+    "input": "MISP Attribute which include: company(target-org), country, info.",
+    "output": "MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.",
+    "references": [
+        "https://vysion.ai/",
+        "https://developers.vysion.ai/",
+        "https://github.com/ByronLabs/vysion-cti/tree/main"        
+    ],
+    "features": "This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack."
+}

misp_modules/modules/expansion/__init__.py

@@ -20,7 +20,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
            'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
            'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
            'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',
-           'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio']
+           'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio', 'vysion']
 
 
 minimum_required_fields = ('type', 'uuid', 'value')

misp_modules/modules/expansion/vysion.json

@@ -0,0 +1,16 @@
+{
+    "description": "Module to enrich the information by making use of the Vysion API.",
+    "logo": "vysion.png",
+    "requirements": [
+        "Vysion python library",
+        "Vysion API Key"
+    ],
+    "input": "MISP Attribute which include: company(target-org), country, info.",
+    "output": "MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.",
+    "references": [
+        "https://vysion.ai/",
+        "https://developers.vysion.ai/",
+        "https://github.com/ByronLabs/vysion-cti/tree/main"        
+    ],
+    "features": "This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack."
+}