mirror of https://github.com/MISP/misp-modules
Update ip2locationiopy and add documentations
parent
58265dc925
commit
f0b610907d
|
@ -49,6 +49,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
|
||||||
* [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter
|
* [html_to_markdown](misp_modules/modules/expansion/html_to_markdown.py) - Simple HTML to markdown converter
|
||||||
* [HYAS Insight](misp_modules/modules/expansion/hyasinsight.py) - a hover and expansion module to get information from [HYAS Insight](https://www.hyas.com/hyas-insight).
|
* [HYAS Insight](misp_modules/modules/expansion/hyasinsight.py) - a hover and expansion module to get information from [HYAS Insight](https://www.hyas.com/hyas-insight).
|
||||||
* [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
* [intel471](misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
||||||
|
* [IP2Location.io](misp_modules/modules/expansion/ip2locationio.py) - an expansion module to get additional information on an IP address using the IP2Location.io API
|
||||||
* [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
* [IPASN](misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
||||||
* [ipinfo.io](misp_modules/modules/expansion/ipinfo.py) - an expansion module to get additional information on an IP address using the ipinfo.io API
|
* [ipinfo.io](misp_modules/modules/expansion/ipinfo.py) - an expansion module to get additional information on an IP address using the ipinfo.io API
|
||||||
* [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
* [iprep](misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
||||||
|
|
|
@ -42,6 +42,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
|
||||||
* [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
|
* [hashdd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
|
||||||
* [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
|
* [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned?
|
||||||
* [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
* [intel471](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com).
|
||||||
|
* [IP2Location.io](misp_modules/modules/expansion/ip2locationio.py) - an expansion module to get additional information on an IP address using the IP2Location.io API
|
||||||
* [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
* [IPASN](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address.
|
||||||
* [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
* [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net.
|
||||||
* [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox.
|
* [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox.
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 7.0 KiB |
Binary file not shown.
After Width: | Height: | Size: 7.0 KiB |
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"description": "An expansion module to query IP2Location.io to gather more information on a given IP address.",
|
||||||
|
"logo": "ip2locationio.png",
|
||||||
|
"requirements": [
|
||||||
|
"An IP2Location.io token"
|
||||||
|
],
|
||||||
|
"input": "IP address attribute.",
|
||||||
|
"output": "Additional information on the IP address, such as geolocation, proxy and so on. Refer to the Response Format section in https://www.ip2location.io/ip2location-documentation to find out the full format of the data returned.",
|
||||||
|
"references": [
|
||||||
|
"https://www.ip2location.io/ip2location-documentation"
|
||||||
|
],
|
||||||
|
"features": "The module takes an IP address attribute as input and queries the IP2Location.io API. \nFree plan user will get the basic geolocation informaiton, and different subsription plan will get more information on the IP address. \n Refer to [pricing page](https://www.ip2location.io/pricing) for more information on data available for each plan. \n\nMore information on the responses content is available in the [documentation](https://www.ip2location.io/ip2location-documentation)."
|
||||||
|
}
|
|
@ -497,6 +497,14 @@ class JoeParser():
|
||||||
self.misp_event.add_attribute(**attribute)
|
self.misp_event.add_attribute(**attribute)
|
||||||
reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts')
|
reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts')
|
||||||
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
|
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
|
||||||
|
ip2locationio = self.data['ip2locationio']
|
||||||
|
if ip2locationio:
|
||||||
|
for ip in ip2locationio['ip']:
|
||||||
|
attribute = MISPAttribute()
|
||||||
|
attribute.from_dict(**{'type': 'ip-dst', 'value': ip['@ip'], 'to_ids': False})
|
||||||
|
self.misp_event.add_attribute(**attribute)
|
||||||
|
reference = dict(referenced_uuid=attribute.uuid, relationship_type='contacts')
|
||||||
|
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
|
||||||
urlinfo = self.data['urlinfo']
|
urlinfo = self.data['urlinfo']
|
||||||
if urlinfo:
|
if urlinfo:
|
||||||
for url in urlinfo['url']:
|
for url in urlinfo['url']:
|
||||||
|
|
|
@ -17,8 +17,8 @@ moduleconfig = ['key']
|
||||||
|
|
||||||
_GEOLOCATION_OBJECT_MAPPING = {
|
_GEOLOCATION_OBJECT_MAPPING = {
|
||||||
'country_code': 'countrycode',
|
'country_code': 'countrycode',
|
||||||
'country_name': 'country name',
|
'country_name': 'country',
|
||||||
'region_name': 'region name',
|
'region_name': 'region',
|
||||||
'city_name': 'city',
|
'city_name': 'city',
|
||||||
'zip_code': 'zipcode',
|
'zip_code': 'zipcode',
|
||||||
'latitude': 'latitude',
|
'latitude': 'latitude',
|
||||||
|
@ -43,7 +43,7 @@ def handler(q=False):
|
||||||
|
|
||||||
# Query ip2location.io
|
# Query ip2location.io
|
||||||
query = requests.get(
|
query = requests.get(
|
||||||
f"https://api.ip2location.io/json?key={request['config']['key']&ip={attribute['value']}"
|
f"https://api.ip2location.io/json?key={request['config']['key']}&ip={attribute['value']}"
|
||||||
)
|
)
|
||||||
if query.status_code != 200:
|
if query.status_code != 200:
|
||||||
return {'error': f'Error while querying ip2location.io - {query.status_code}: {query.reason}'}
|
return {'error': f'Error while querying ip2location.io - {query.status_code}: {query.reason}'}
|
||||||
|
@ -67,18 +67,6 @@ def handler(q=False):
|
||||||
geolocation.add_reference(input_attribute.uuid, 'locates')
|
geolocation.add_reference(input_attribute.uuid, 'locates')
|
||||||
misp_event.add_object(geolocation)
|
misp_event.add_object(geolocation)
|
||||||
|
|
||||||
# Parse proxy information
|
|
||||||
proxy = MISPObject('proxy')
|
|
||||||
proxy.add_reference(input_attribute.uuid, 'related-to')
|
|
||||||
if iplio_result.get('proxy') is not None:
|
|
||||||
proxy_info = iplio_result['proxy']
|
|
||||||
proxy.add_attribute('proxy_type', proxy_info['proxy_type'])
|
|
||||||
proxy.add_attribute('threat', proxy_info['threat'])
|
|
||||||
proxy.add_attribute('provider', proxy_info['provider'])
|
|
||||||
proxy.add_attribute('last_seen', proxy_info['last_seen'])
|
|
||||||
misp_event.add_object(proxy)
|
|
||||||
|
|
||||||
|
|
||||||
# Return the results in MISP format
|
# Return the results in MISP format
|
||||||
event = json.loads(misp_event.to_json())
|
event = json.loads(misp_event.to_json())
|
||||||
return {
|
return {
|
||||||
|
|
Loading…
Reference in New Issue