Merge branch 'master' of

Steve Clement 5 years ago
commit f97359de6a
  1. 9
  2. 1
  3. 2
  4. 35
  5. 3

@ -30,15 +30,22 @@ For more information: [Extending MISP with Python modules](
* [GeoIP](misp_modules/modules/expansion/ - a hover and expansion module to get GeoIP information from geolite/maxmind.
* [hashdd](misp_modules/modules/expansion/ - a hover module to check file hashes against []( including NSLR dataset.
* [IPASN](misp_modules/modules/expansion/ - a hover and expansion to get the BGP ASN of an IP address.
* [iprep](misp-modules/modules/expansion/ - an expansion module to get IP reputation from
* [iprep](misp_modules/modules/expansion/ - an expansion module to get IP reputation from
* [onyphe](misp_modules/modules/expansion/ - a modules to process queries on Onyphe.
* [onyphe_full](misp_modules/modules/expansion/ - a modules to process full queries on Onyphe.
* [OTX](misp_modules/modules/expansion/ - an expansion module for [OTX](
* [passivetotal](misp_modules/modules/expansion/ - a [passivetotal]( module that queries a number of different PassiveTotal datasets.
* [rbl](misp_modules/modules/expansion/ - a module to get RBL (Real-Time Blackhost List) values from an attribute.
* [reversedns](misp_modules/modules/expansion/ - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.
* [shodan](misp_modules/modules/expansion/ - a minimal [shodan]( expansion module.
* [Sigma syntax validator](misp_modules/modules/expansion/ - Sigma syntax validator.
* [sourcecache](misp_modules/modules/expansion/ - a module to cache a specific link from a MISP instance.
* [ThreatCrowd](misp_modules/modules/expansion/ - an expansion module for [ThreatCrowd](
* [threatminer](misp_modules/modules/expansion/ - an expansion module to expand from [ThreatMiner](
* [virustotal](misp_modules/modules/expansion/ - an expansion module to pull known resolutions and malware samples related with an IP/Domain from virusTotal (this modules require a VirusTotal private API key)
* [VMray](misp_modules/modules/expansion/ - a module to submit a sample to VMray.
* [VulnDB](misp_modules/modules/expansion/ - a module to query [VulnDB](
* [whois](misp_modules/modules/expansion) - a module to query a local instance of [uwhois](
* [wikidata](misp_modules/modules/expansion/ - a [wikidata]( expansion module.
* [xforce](misp_modules/modules/expansion/ - an IBM X-Force Exchange expansion module.
* [YARA syntax validator](misp_modules/modules/expansion/ - YARA syntax validator.

@ -21,3 +21,4 @@ pygeoip

@ -1,3 +1,3 @@
from . import _vmray
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd']
__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', 'xforceexchange', 'sigma_syntax_validator']

@ -0,0 +1,35 @@
import json
import yaml
from sigma.parser import SigmaParser
from sigma.config import SigmaConfiguration
except ModuleNotFoundError:
print("sigma or yaml is missing, use 'pip3 install sigmatools' to install it.")
misperrors = {'error': 'Error'}
mispattributes = {'input': ['sigma'], 'output': ['text']}
moduleinfo = {'version': '0.1', 'author': 'Christian Studer', 'module-type': ['expansion', 'hover'],
'description': 'An expansion hover module to perform a syntax check on sigma rules'}
moduleconfig = []
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if not request.get('sigma'):
misperrors['error'] = 'Sigma rule missing'
return misperrors
config = SigmaConfiguration()
parser = SigmaParser(yaml.load(request.get('sigma')), config)
result = ("Syntax valid: {}".format(parser.values))
except Exception as e:
result = ("Syntax error: {}".format(str(e)))
return {'results': [{'types': mispattributes['output'], 'values': result}]}
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo

@ -1,4 +1,3 @@
from . import _vmray
__all__ = ['vmray_import', 'testimport', 'ocr', 'stiximport', 'cuckooimport', 'goamlimport',
'email_import', 'mispjson', 'openiocimport', 'threatanalyzer_import', 'csvimport']
__all__ = ['vmray_import', 'testimport', 'ocr', 'cuckooimport', 'goamlimport', 'email_import', 'mispjson', 'openiocimport', 'threatanalyzer_import', 'csvimport']