MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Deployed 0db0f8c with MkDocs version: 1.4.3

gh-pages
Alexandre Dulaunoy 2023-11-07 21:26:29 +01:00
parent 93683e55dc
commit d660d13f9c
10 changed files with 205 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
contribute/index.html
View File

@ -833,47 +833,47 @@
</code></pre></div>
<p>The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.</p>
<p>Based on this information, a query can be built in a JSON format and saved as body.json:</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;hostname&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;www.foo.be&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;module&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;dns&quot;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;hostname&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;www.foo.be&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;module&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;dns&quot;</span>
<span class="p">}</span>
</code></pre></div>
<p>Then you can POST this JSON format query towards the MISP object server:</p>
<div class="highlight"><pre><span></span><code>curl -s http://127.0.0.1:6666/query -H <span class="s2">&quot;Content-Type: application/json&quot;</span> --data @body.json -X POST
<div class="highlight"><pre><span></span><code>curl<span class="w"> </span>-s<span class="w"> </span>http://127.0.0.1:6666/query<span class="w"> </span>-H<span class="w"> </span><span class="s2">&quot;Content-Type: application/json&quot;</span><span class="w"> </span>--data<span class="w"> </span>@body.json<span class="w"> </span>-X<span class="w"> </span>POST
</code></pre></div>
<p>The module should output the following JSON:</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;results&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;types&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;ip-src&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;ip-dst&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p">],</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;values&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;188.65.217.78&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;results&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;types&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">&quot;ip-src&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s2">&quot;ip-dst&quot;</span>
<span class="w"> </span><span class="p">],</span>
<span class="w"> </span><span class="nt">&quot;values&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">&quot;188.65.217.78&quot;</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p>It is also possible to restrict the category options of the resolved attributes by passing a list of categories along (optional):</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;results&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;types&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;ip-src&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;ip-dst&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p">],</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;values&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;188.65.217.78&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p">],</span><span class="w"></span>
<span class="w"> </span><span class="nt">&quot;categories&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;Network activity&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w"> </span><span class="s2">&quot;Payload delivery&quot;</span><span class="w"></span>
<span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="p">]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;results&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;types&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">&quot;ip-src&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s2">&quot;ip-dst&quot;</span>
<span class="w"> </span><span class="p">],</span>
<span class="w"> </span><span class="nt">&quot;values&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">&quot;188.65.217.78&quot;</span>
<span class="w"> </span><span class="p">],</span>
<span class="w"> </span><span class="nt">&quot;categories&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">&quot;Network activity&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s2">&quot;Payload delivery&quot;</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p>For both the type and the category lists, the first item in the list will be the default setting on the interface.</p>
<h3 id="enable-your-module-in-the-web-interface">Enable your module in the web interface<a class="headerlink" href="#enable-your-module-in-the-web-interface" title="Permanent link">&para;</a></h3>
@ -917,12 +917,12 @@ Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr
<li>SSH into the machine (Login info on training page)</li>
<li>Go into the misp-modules directory</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> /usr/local/src/misp-modules
<div class="highlight"><pre><span></span><code><span class="nb">cd</span><span class="w"> </span>/usr/local/src/misp-modules
</code></pre></div>
<p>Set the git repo to your fork and checkout your development branch. If you SSH'ed in as the misp user you will have to use sudo.</p>
<div class="highlight"><pre><span></span><code>sudo git remote set-url origin https://github.com/YourRepo/misp-modules.git
sudo git pull
sudo git checkout MyModBranch
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>git<span class="w"> </span>remote<span class="w"> </span>set-url<span class="w"> </span>origin<span class="w"> </span>https://github.com/YourRepo/misp-modules.git
sudo<span class="w"> </span>git<span class="w"> </span>pull
sudo<span class="w"> </span>git<span class="w"> </span>checkout<span class="w"> </span>MyModBranch
</code></pre></div>
<p>Remove the contents of the build directory and re-install misp-modules.</p>
<div class="highlight"><pre><span></span><code><span class="n">sudo</span> <span class="n">rm</span> <span class="o">-</span><span class="n">fr</span> <span class="n">build</span><span class="o">/*</span>
@ -933,9 +933,9 @@ sudo git checkout MyModBranch
<span class="n">misp</span><span class="o">-</span><span class="n">modules</span> <span class="o">-</span><span class="n">d</span>
</code></pre></div>
<p>In your original terminal you can now run your tests manually and see any errors that arrive</p>
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> tests/
curl -s http://127.0.0.1:6666/query -H <span class="s2">&quot;Content-Type: application/json&quot;</span> --data @MY_TEST_FILE.json -X POST
<span class="nb">cd</span> ../
<div class="highlight"><pre><span></span><code><span class="nb">cd</span><span class="w"> </span>tests/
curl<span class="w"> </span>-s<span class="w"> </span>http://127.0.0.1:6666/query<span class="w"> </span>-H<span class="w"> </span><span class="s2">&quot;Content-Type: application/json&quot;</span><span class="w"> </span>--data<span class="w"> </span>@MY_TEST_FILE.json<span class="w"> </span>-X<span class="w"> </span>POST
<span class="nb">cd</span><span class="w"> </span>../
</code></pre></div>

80
expansion/index.html
View File

@ -361,6 +361,13 @@
circl_passivessl
</a>
</li>
<li class="md-nav__item">
<a href="#cluster25_expand" class="md-nav__link">
cluster25_expand
</a>
</li>
<li class="md-nav__item">
@ -781,6 +788,13 @@
sigma_syntax_validator
</a>
</li>
<li class="md-nav__item">
<a href="#sigmf-expand" class="md-nav__link">
sigmf-expand
</a>
</li>
<li class="md-nav__item">
@ -1171,6 +1185,13 @@
circl_passivessl
</a>
</li>
<li class="md-nav__item">
<a href="#cluster25_expand" class="md-nav__link">
cluster25_expand
</a>
</li>
<li class="md-nav__item">
@ -1591,6 +1612,13 @@
sigma_syntax_validator
</a>
</li>
<li class="md-nav__item">
<a href="#sigmf-expand" class="md-nav__link">
sigmf-expand
</a>
</li>
<li class="md-nav__item">
@ -1960,6 +1988,41 @@ x509 certificate objects seen by the IP address(es).
- A CIRCL passive SSL account with username &amp; password</p>
</blockquote>
<hr />
<h4 id="cluster25_expand"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cluster25_expand.py">cluster25_expand</a><a class="headerlink" href="#cluster25_expand" title="Permanent link">&para;</a></h4>
<p><img src=../logos/cluster25.png height=60></p>
<p>Module to query Cluster25 CTI.
- <strong>features</strong>:</p>
<blockquote>
<p>This module takes a MISP attribute value as input to query the Cluster25CTI API. The result is then mapped into compatible MISP Objects and relative attributes.</p>
<ul>
<li><strong>input</strong>:
An Indicator value of type included in the following list:</li>
<li>domain</li>
<li>email-src</li>
<li>email-dst</li>
<li>filename</li>
<li>md5</li>
<li>sha1</li>
<li>sha256</li>
<li>ip-src</li>
<li>ip-dst</li>
<li>url</li>
<li>vulnerability</li>
<li>btc</li>
<li>xmr
ja3-fingerprint-md5</li>
<li><strong>output</strong>:
A series of c25 MISP Objects with colletion of attributes mapped from Cluster25 CTI query result.</li>
<li>
<p><strong>references</strong>:</p>
</li>
<li>
<p><strong>requirements</strong>:
A Cluster25 API access (API id &amp; key)</p>
</li>
</ul>
</blockquote>
<hr />
<h4 id="countrycode"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/countrycode.py">countrycode</a><a class="headerlink" href="#countrycode" title="Permanent link">&para;</a></h4>
<p>Module to expand country codes.
- <strong>features</strong>:</p>
@ -3099,6 +3162,23 @@ Text describing the validity of the Sigma rule.
- Yaml python library</p>
</blockquote>
<hr />
<h4 id="sigmf-expand"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigmf-expand.py">sigmf-expand</a><a class="headerlink" href="#sigmf-expand" title="Permanent link">&para;</a></h4>
<p>Enrichs a SigMF Recording or extracts a SigMF Archive into a SigMF Recording.
- <strong>features</strong>:</p>
<blockquote>
<p>This module can be used to expand a SigMF Recording object into a SigMF Expanded Recording object with a waterfall plot or to extract a SigMF Archive object into a SigMF Recording objet.
- <strong>input</strong>:
Object of sigmf-archive or sigmf-recording template.
- <strong>output</strong>:
Object of sigmf-expanded-recording or sigmf-recording template.
- <strong>references</strong>:
<a href="https://github.com/sigmf/SigMF">https://github.com/sigmf/SigMF</a>
- <strong>requirements</strong>:
- matplotlib: For plotting the waterfall plot of the recording.
- numpy: For the waterfall plot of the recording.
- sigmf: For validating SigMF files.</p>
</blockquote>
<hr />
<h4 id="socialscan"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/socialscan.py">socialscan</a><a class="headerlink" href="#socialscan" title="Permanent link">&para;</a></h4>
<p>A hover module to get information on the availability of an email address or username on some online platforms.
- <strong>features</strong>:</p>

BIN
expansion/logos/cluster25.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
export_mod/logos/cluster25.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
import_mod/logos/cluster25.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

150
install/index.html
View File

@ -563,88 +563,88 @@
<h2 id="how-to-install-and-start-misp-modules-in-a-python-virtualenv">How to install and start MISP modules (in a Python virtualenv)?<a class="headerlink" href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="Permanent link">&para;</a></h2>
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u www-data&quot;</span>
sudo apt-get install -y <span class="se">\</span>
git <span class="se">\</span>
libpq5 <span class="se">\</span>
libjpeg-dev <span class="se">\</span>
tesseract-ocr <span class="se">\</span>
libpoppler-cpp-dev <span class="se">\</span>
imagemagick virtualenv <span class="se">\</span>
libopencv-dev <span class="se">\</span>
zbar-tools <span class="se">\</span>
libzbar0 <span class="se">\</span>
libzbar-dev <span class="se">\</span>
libfuzzy-dev <span class="se">\</span>
libcaca-dev
sudo<span class="w"> </span>apt-get<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>git<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libpq5<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libjpeg-dev<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>tesseract-ocr<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libpoppler-cpp-dev<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>imagemagick<span class="w"> </span>virtualenv<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libopencv-dev<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>zbar-tools<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libzbar0<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libzbar-dev<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libfuzzy-dev<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>libcaca-dev
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> virtualenv -p python3 /var/www/MISP/venv
<span class="nv">$SUDO_WWW</span><span class="w"> </span>virtualenv<span class="w"> </span>-p<span class="w"> </span>python3<span class="w"> </span>/var/www/MISP/venv
<span class="c1"># END with virtualenv</span>
<span class="nb">cd</span> /usr/local/src/
<span class="nb">cd</span><span class="w"> </span>/usr/local/src/
<span class="c1"># Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp</span>
sudo adduser misp staff
sudo chmod <span class="m">2775</span> /usr/local/src
sudo chown root:staff /usr/local/src
git clone https://github.com/MISP/misp-modules.git
git clone git://github.com/stricaud/faup.git faup
git clone git://github.com/stricaud/gtcaca.git gtcaca
sudo<span class="w"> </span>adduser<span class="w"> </span>misp<span class="w"> </span>staff
sudo<span class="w"> </span>chmod<span class="w"> </span><span class="m">2775</span><span class="w"> </span>/usr/local/src
sudo<span class="w"> </span>chown<span class="w"> </span>root:staff<span class="w"> </span>/usr/local/src
git<span class="w"> </span>clone<span class="w"> </span>https://github.com/MISP/misp-modules.git
git<span class="w"> </span>clone<span class="w"> </span>git://github.com/stricaud/faup.git<span class="w"> </span>faup
git<span class="w"> </span>clone<span class="w"> </span>git://github.com/stricaud/gtcaca.git<span class="w"> </span>gtcaca
<span class="c1"># Install gtcaca/faup</span>
<span class="nb">cd</span> gtcaca
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
sudo make install
<span class="nb">cd</span> ../../faup
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
sudo make install
sudo ldconfig
<span class="nb">cd</span><span class="w"> </span>gtcaca
mkdir<span class="w"> </span>-p<span class="w"> </span>build
<span class="nb">cd</span><span class="w"> </span>build
cmake<span class="w"> </span>..<span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span>make
sudo<span class="w"> </span>make<span class="w"> </span>install
<span class="nb">cd</span><span class="w"> </span>../../faup
mkdir<span class="w"> </span>-p<span class="w"> </span>build
<span class="nb">cd</span><span class="w"> </span>build
cmake<span class="w"> </span>..<span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span>make
sudo<span class="w"> </span>make<span class="w"> </span>install
sudo<span class="w"> </span>ldconfig
<span class="nb">cd</span> ../../misp-modules
<span class="nb">cd</span><span class="w"> </span>../../misp-modules
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install .
<span class="nv">$SUDO_WWW</span><span class="w"> </span>/var/www/MISP/venv/bin/pip<span class="w"> </span>install<span class="w"> </span>-I<span class="w"> </span>-r<span class="w"> </span>REQUIREMENTS
<span class="nv">$SUDO_WWW</span><span class="w"> </span>/var/www/MISP/venv/bin/pip<span class="w"> </span>install<span class="w"> </span>.
<span class="c1"># END with virtualenv</span>
<span class="c1"># BEGIN without virtualenv: </span>
sudo pip install -I -r REQUIREMENTS
sudo pip install .
sudo<span class="w"> </span>pip<span class="w"> </span>install<span class="w"> </span>-I<span class="w"> </span>-r<span class="w"> </span>REQUIREMENTS
sudo<span class="w"> </span>pip<span class="w"> </span>install<span class="w"> </span>.
<span class="c1"># END without virtualenv</span>
<span class="c1"># Start misp-modules as a service</span>
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl <span class="nb">enable</span> --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l <span class="m">127</span>.0.0.1 -s <span class="p">&amp;</span> <span class="c1">#to start the modules</span>
sudo<span class="w"> </span>cp<span class="w"> </span>etc/systemd/system/misp-modules.service<span class="w"> </span>/etc/systemd/system/
sudo<span class="w"> </span>systemctl<span class="w"> </span>daemon-reload
sudo<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>misp-modules
/var/www/MISP/venv/bin/misp-modules<span class="w"> </span>-l<span class="w"> </span><span class="m">127</span>.0.0.1<span class="w"> </span>-s<span class="w"> </span><span class="p">&amp;</span><span class="w"> </span><span class="c1">#to start the modules</span>
</code></pre></div>
<h2 id="how-to-install-and-start-misp-modules-on-rhel-based-distributions">How to install and start MISP modules on RHEL-based distributions ?<a class="headerlink" href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="Permanent link">&para;</a></h2>
<p>As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.</p>
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u apache&quot;</span>
sudo yum install <span class="se">\</span>
rh-ruby22 <span class="se">\</span>
openjpeg-devel <span class="se">\</span>
rubygem-rouge <span class="se">\</span>
rubygem-asciidoctor <span class="se">\</span>
zbar-devel <span class="se">\</span>
opencv-devel <span class="se">\</span>
gcc-c++ <span class="se">\</span>
pkgconfig <span class="se">\</span>
poppler-cpp-devel <span class="se">\</span>
python-devel <span class="se">\</span>
redhat-rpm-config
<span class="nb">cd</span> /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
<span class="nb">cd</span> misp-modules
<span class="nv">$SUDO_WWW</span> /usr/bin/scl <span class="nb">enable</span> rh-python36 <span class="s2">&quot;virtualenv -p python3 /var/www/MISP/venv&quot;</span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U .
sudo<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>rh-ruby22<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>openjpeg-devel<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>rubygem-rouge<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>rubygem-asciidoctor<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>zbar-devel<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>opencv-devel<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>gcc-c++<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>pkgconfig<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>poppler-cpp-devel<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>python-devel<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>redhat-rpm-config
<span class="nb">cd</span><span class="w"> </span>/usr/local/src/
sudo<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://github.com/MISP/misp-modules.git
<span class="nb">cd</span><span class="w"> </span>misp-modules
<span class="nv">$SUDO_WWW</span><span class="w"> </span>/usr/bin/scl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>rh-python36<span class="w"> </span><span class="s2">&quot;virtualenv -p python3 /var/www/MISP/venv&quot;</span>
<span class="nv">$SUDO_WWW</span><span class="w"> </span>/var/www/MISP/venv/bin/pip<span class="w"> </span>install<span class="w"> </span>-U<span class="w"> </span>-I<span class="w"> </span>-r<span class="w"> </span>REQUIREMENTS
<span class="nv">$SUDO_WWW</span><span class="w"> </span>/var/www/MISP/venv/bin/pip<span class="w"> </span>install<span class="w"> </span>-U<span class="w"> </span>.
</code></pre></div>
<p>Create the service file /etc/systemd/system/misp-modules.service :</p>
<div class="highlight"><pre><span></span><code><span class="nb">echo</span> <span class="s2">&quot;[Unit]</span>
<div class="highlight"><pre><span></span><code><span class="nb">echo</span><span class="w"> </span><span class="s2">&quot;[Unit]</span>
<span class="s2">Description=MISP&#39;s modules</span>
<span class="s2">After=misp-workers.service</span>
@ -657,30 +657,30 @@ sudo git clone https://github.com/MISP/misp-modules.git
<span class="s2">RestartSec=10</span>
<span class="s2">[Install]</span>
<span class="s2">WantedBy=multi-user.target&quot;</span> <span class="p">|</span> sudo tee /etc/systemd/system/misp-modules.service
<span class="s2">WantedBy=multi-user.target&quot;</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>sudo<span class="w"> </span>tee<span class="w"> </span>/etc/systemd/system/misp-modules.service
</code></pre></div>
<p>The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:</p>
<div class="highlight"><pre><span></span><code>systemctl daemon-reload
systemctl <span class="nb">enable</span> --now misp-modules
<div class="highlight"><pre><span></span><code>systemctl<span class="w"> </span>daemon-reload
systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>misp-modules
</code></pre></div>
<h2 id="how-to-use-an-misp-modules-docker-container">How to use an MISP modules Docker container<a class="headerlink" href="#how-to-use-an-misp-modules-docker-container" title="Permanent link">&para;</a></h2>
<h3 id="docker-build">Docker build<a class="headerlink" href="#docker-build" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>docker build -t misp-modules <span class="se">\</span>
--build-arg <span class="nv">BUILD_DATE</span><span class="o">=</span><span class="k">$(</span>date -u +<span class="s2">&quot;%Y-%m-%d&quot;</span><span class="k">)</span> <span class="se">\</span>
docker/
<div class="highlight"><pre><span></span><code>docker<span class="w"> </span>build<span class="w"> </span>-t<span class="w"> </span>misp-modules<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--build-arg<span class="w"> </span><span class="nv">BUILD_DATE</span><span class="o">=</span><span class="k">$(</span>date<span class="w"> </span>-u<span class="w"> </span>+<span class="s2">&quot;%Y-%m-%d&quot;</span><span class="k">)</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>docker/
</code></pre></div>
<h3 id="docker-run">Docker run<a class="headerlink" href="#docker-run" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><span class="c1"># Start Redis</span>
docker run --rm -d --name<span class="o">=</span>misp-redis redis:alpine
docker<span class="w"> </span>run<span class="w"> </span>--rm<span class="w"> </span>-d<span class="w"> </span>--name<span class="o">=</span>misp-redis<span class="w"> </span>redis:alpine
<span class="c1"># Start MISP-modules</span>
docker run <span class="se">\</span>
--rm -d --name<span class="o">=</span>misp-modules <span class="se">\</span>
-e <span class="nv">REDIS_BACKEND</span><span class="o">=</span>misp-redis <span class="se">\</span>
-e <span class="nv">REDIS_PORT</span><span class="o">=</span><span class="s2">&quot;6379&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_PW</span><span class="o">=</span><span class="s2">&quot;&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_DATABASE</span><span class="o">=</span><span class="s2">&quot;245&quot;</span> <span class="se">\</span>
-e <span class="nv">MISP_MODULES_DEBUG</span><span class="o">=</span><span class="s2">&quot;false&quot;</span> <span class="se">\</span>
dcso/misp-dockerized-misp-modules
docker<span class="w"> </span>run<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--rm<span class="w"> </span>-d<span class="w"> </span>--name<span class="o">=</span>misp-modules<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="nv">REDIS_BACKEND</span><span class="o">=</span>misp-redis<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="nv">REDIS_PORT</span><span class="o">=</span><span class="s2">&quot;6379&quot;</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="nv">REDIS_PW</span><span class="o">=</span><span class="s2">&quot;&quot;</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="nv">REDIS_DATABASE</span><span class="o">=</span><span class="s2">&quot;245&quot;</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="nv">MISP_MODULES_DEBUG</span><span class="o">=</span><span class="s2">&quot;false&quot;</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>dcso/misp-dockerized-misp-modules
</code></pre></div>
<h3 id="docker-compose">Docker-compose<a class="headerlink" href="#docker-compose" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>services:

BIN
logos/cluster25.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

14
sitemap.xml
View File

@ -2,37 +2,37 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://www.misp-project.org/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/contribute/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/expansion/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/export_mod/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/import_mod/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/install/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/license/</loc>
<lastmod>2023-06-16</lastmod>
<lastmod>2023-11-07</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.