MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Added documentation and description in readme for the AssemblyLine submit module

pull/352/head
chrisr3d 2019-11-20 09:48:27 -05:00
parent fb129106ab
commit ef6542c629
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
4 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -18,6 +18,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
### Expansion modules ### Expansion modules
* [apiosintDS](misp_modules/modules/expansion/apiosintds.py) - a hover and expansion module to query the OSINT.digitalside.it API. * [apiosintDS](misp_modules/modules/expansion/apiosintds.py) - a hover and expansion module to query the OSINT.digitalside.it API.
* [AssemblyLine submit](misp_modules/modules/expansion/assemblyline_submit.py) - an expansion module to submit samples and urls to AssemblyLine.
* [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations.
* [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.
* [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused.

22
doc/README.md
View File

@ -22,6 +22,26 @@ On demand query API for OSINT.digitalside.it project.
----- -----
#### [assemblyline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py)
<img src=logos/assemblyline.png height=60>
A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.
- **features**:
>The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.
>
>If the sample or url is correctly submitted, you get then the link of the submission.
- **input**:
>Sample, url (or domain) to submit to AssemblyLine.
- **output**:
>Link of the report generated in AssemblyLine.
- **references**:
>https://www.cyber.gc.ca/en/assemblyline
- **requirements**:
>assemblyline_client: Python library to query the AssemblyLine rest API.
-----
#### [backscatter_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py) #### [backscatter_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py)
<img src=logos/backscatter_io.png height=60> <img src=logos/backscatter_io.png height=60>
@ -536,7 +556,7 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
- **input**: - **input**:
>Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis. >Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.
- **output**: - **output**:
>Link of the data in input submitted to Joe Sandbox. >Link of the report generated in Joe Sandbox.
- **references**: - **references**:
>https://www.joesecurity.org, https://www.joesandbox.com/ >https://www.joesecurity.org, https://www.joesandbox.com/
- **requirements**: - **requirements**:

9
doc/expansion/assemblyline_submit.json Normal file
View File

@ -0,0 +1,9 @@
{
"description": "A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.",
"logo": "logos/assemblyline.png",
"requirements": ["assemblyline_client: Python library to query the AssemblyLine rest API."],
"input": "Sample, url (or domain) to submit to AssemblyLine.",
"output": "Link of the report generated in AssemblyLine.",
"references": ["https://www.cyber.gc.ca/en/assemblyline"],
"features": "The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission."
}

2
doc/expansion/joesandbox_submit.json
View File

@ -3,7 +3,7 @@
"logo": "logos/joesandbox.png", "logo": "logos/joesandbox.png",
"requirements": ["jbxapi: Joe Sandbox API python3 library"], "requirements": ["jbxapi: Joe Sandbox API python3 library"],
"input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.", "input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.",
"output": "Link of the data in input submitted to Joe Sandbox.", "output": "Link of the report generated in Joe Sandbox.",
"references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"], "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
"features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link." "features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link."
} }