mirror of https://github.com/MISP/misp-modules
Added vysion expansion and documentation
parent
9a1140c671
commit
cd0f1654c5
|
@ -95,6 +95,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
|
||||||
* [VMware NSX](misp_modules/modules/expansion/vmware_nsx.py) - a module to enrich a file or URL with VMware NSX Defender.
|
* [VMware NSX](misp_modules/modules/expansion/vmware_nsx.py) - a module to enrich a file or URL with VMware NSX Defender.
|
||||||
* [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
* [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
||||||
* [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
* [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
||||||
|
* [Vysion](misp-modules/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
|
||||||
* [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
* [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
||||||
* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
* [whoisfreaks](misp_modules/modules/expansion/whoisfreaks.py) - An expansion module for [whoisfreaks](https://whoisfreaks.com/) that will provide an enriched analysis of the provided domain, including WHOIS and DNS information.
|
||||||
* [wikidata](misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
* [wikidata](misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
||||||
|
|
|
@ -177,6 +177,7 @@ validators==0.14.0
|
||||||
vt-graph-api==2.2.0
|
vt-graph-api==2.2.0
|
||||||
vt-py==0.17.5
|
vt-py==0.17.5
|
||||||
vulners==2.0.10
|
vulners==2.0.10
|
||||||
|
vysion=1.0.8 ; python_version >= '3.7'
|
||||||
wand==0.6.11
|
wand==0.6.11
|
||||||
websocket-client==1.5.1 ; python_version >= '3.7'
|
websocket-client==1.5.1 ; python_version >= '3.7'
|
||||||
websockets==11.0.3 ; python_version >= '3.7'
|
websockets==11.0.3 ; python_version >= '3.7'
|
||||||
|
|
|
@ -75,6 +75,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
|
||||||
* [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
|
* [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
|
||||||
* [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
* [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
|
||||||
* [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
* [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
|
||||||
|
* [Vysion](misp-modules/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
|
||||||
* [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
* [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
|
||||||
* [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
* [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
|
||||||
* [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
|
* [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 191 KiB |
|
@ -1904,6 +1904,26 @@ An expansion hover module to expand information about CVE id using Vulners API.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
|
||||||
|
|
||||||
|
<img src=logos/vysion.png height=60>
|
||||||
|
|
||||||
|
Module to enrich the information by making use of the Vysion API.
|
||||||
|
- **features**:
|
||||||
|
>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
|
||||||
|
>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
|
||||||
|
- **input**:
|
||||||
|
>MISP Attribute which include: company(target-org), country, info.
|
||||||
|
- **output**:
|
||||||
|
>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
|
||||||
|
- **references**:
|
||||||
|
>https://vysion.ai/
|
||||||
|
- **requirements**:
|
||||||
|
> Vysion python library
|
||||||
|
> Vysion API Key
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
|
#### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
|
||||||
|
|
||||||
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 191 KiB |
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
"description": "Module to enrich the information by making use of the Vysion API.",
|
||||||
|
"logo": "vysion.png",
|
||||||
|
"requirements": [
|
||||||
|
"Vysion python library",
|
||||||
|
"Vysion API Key"
|
||||||
|
],
|
||||||
|
"input": "MISP Attribute which include: company(target-org), country, info.",
|
||||||
|
"output": "MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.",
|
||||||
|
"references": [
|
||||||
|
"https://vysion.ai/",
|
||||||
|
"https://developers.vysion.ai/",
|
||||||
|
"https://github.com/ByronLabs/vysion-cti/tree/main"
|
||||||
|
],
|
||||||
|
"features": "This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack."
|
||||||
|
}
|
|
@ -20,7 +20,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
|
||||||
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
|
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
|
||||||
'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
|
'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
|
||||||
'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',
|
'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',
|
||||||
'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio']
|
'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio', 'vysion']
|
||||||
|
|
||||||
|
|
||||||
minimum_required_fields = ('type', 'uuid', 'value')
|
minimum_required_fields = ('type', 'uuid', 'value')
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
"description": "Module to enrich the information by making use of the Vysion API.",
|
||||||
|
"logo": "vysion.png",
|
||||||
|
"requirements": [
|
||||||
|
"Vysion python library",
|
||||||
|
"Vysion API Key"
|
||||||
|
],
|
||||||
|
"input": "MISP Attribute which include: company(target-org), country, info.",
|
||||||
|
"output": "MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.",
|
||||||
|
"references": [
|
||||||
|
"https://vysion.ai/",
|
||||||
|
"https://developers.vysion.ai/",
|
||||||
|
"https://github.com/ByronLabs/vysion-cti/tree/main"
|
||||||
|
],
|
||||||
|
"features": "This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack."
|
||||||
|
}
|
Loading…
Reference in New Issue