Christian Studer
64d3a3e5a4
fix: [crowdsec] Typo
2023-05-23 13:34:52 +02:00
Christian Studer
6eea5f61d4
fix: [crowdsec] Fixed the `reverse_dns` field parsing & added the `background-noise` attribute
2023-05-23 13:20:52 +02:00
Christian Studer
ddd8b8513e
add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__`
2023-05-16 16:09:04 +02:00
Christian Studer
196939d205
chg: [crowdsec] Updated the module to support the recently added `crowdsec-ip-context` object template
2023-05-12 12:16:22 +02:00
Christian Studer
51cf8524ad
fix: [crowdsec] Fixed the module input handling
...
- Made the module an expansion module as it is the
standard type, and `hover` usually is the option
- Better input handling, checking now for the
`attribute` field as the information of the full
attribute is passed in misp standard format and
not only its type and value
- As for now only `v2` is supported as API version
we removed the parameter to avoid confusion. It
can be added back later when multiple versions
are supported
2023-05-11 16:12:07 +02:00
Alexandre Dulaunoy
98b766cbdc
fix: [crowdsec] more need to be fully supporting MISP standard format
2023-05-11 15:25:34 +02:00
Alexandre Dulaunoy
337dcf7acb
fix: [crowdsec] version 2
2023-05-11 15:21:31 +02:00
Alexandre Dulaunoy
fe778dd576
fix: [crowdsec] set default version and expansion added
2023-05-11 15:18:26 +02:00
Alexandre Dulaunoy
113a112001
fix: [dbl_spamhaus] if you want to run local test, the dns module
...
expansion is taking over from the original dnspython3 library.
The trick is just to get rid of the syspath to exclude the local
directory until the proper library is loaded.
2023-04-02 10:11:24 +02:00
Christian Studer
9892c8db88
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2023-03-27 17:46:42 +02:00
Brad Chiappetta
b3865b33b7
refactor for sdk and expansion
2023-03-10 12:56:26 -05:00
Christian Studer
69deb8d10b
add: [ipinfo] First version of a new module to query ipinfo.io
...
- First version addressing the request from #600
- Straight forward parsing of the `geolocation`,
`domain-ip` and `asn` information returned by
the standard API endpoint (ipinfo.io/{ip_address})
2023-02-21 13:04:24 +01:00
Shivam Sandbhor
2c9b953f23
Set user agent of crowdsec misp module to crowdsec-misp/v1.0.0
...
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2023-02-20 10:11:38 +05:30
Alexandre Dulaunoy
b7bd679b1c
fix: [url_import/url] added in __init__
2022-11-08 06:23:40 +01:00
Christian Studer
cb8f55425c
fix: [crowdsec] Fixed the __init__ files
2022-11-07 23:44:40 +01:00
Sami Mokaddem
9bf7e15053
new: [expansion] Added extract_url_components module to create an object from an URL attribute
2022-11-06 17:28:00 +01:00
Shivam Sandbhor
382d8036d9
Add crowdsec module
...
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2022-10-28 12:19:35 +05:30
Christian Studer
e18ac776bb
fix: [variodbs] Fixed indentation issue
...
- if `exploit_results` is empty, we should not go
any further in the query for next values exploit
results
2022-10-27 09:50:24 +02:00
Christian Studer
5526c2c195
add: [variotdbs] Updated the exploit object mapping to support the object attributes recently added to the `exploit` template
2022-10-26 11:35:59 +02:00
Christian Studer
8e97bf9938
chg: [cve_advanced] Updated the module to use cvepremium & a few improvements
2022-10-25 22:20:30 +02:00
Christian Studer
38a6dc810e
fix: [variodbs] Properly handling the exploit results when there is more that 10 results
...
- We keep querying the VARIoT db API with the link
of the next content until there is no next result
2022-10-24 16:18:22 +02:00
Christian Studer
b964b5e2a6
fix: [variodbs] Fixed the empty vulnerability results case handling, to avoid the module to stop before looking for related exploits
2022-10-24 15:43:04 +02:00
Christian Studer
153ca8d3d4
add: [variotdbs] Added the exploit information parsing
...
- Following a recent change on the variotdbs API
allowing requests to get exploits information
base on a CVE number
2022-10-24 15:01:54 +02:00
Christian Studer
98031beeae
fix: [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process
2022-10-24 14:53:00 +02:00
Christian Studer
f5cb8d0f57
fix: [variotdbs] Added the reference between the resulting vulnerability object and the initial vulnerability attribute
2022-10-21 14:18:47 +02:00
Christian Studer
81375e1628
add: [variotdbs] Added module to query the variotdbs API with a vulnerabliity, to get additional info about it
2022-10-19 00:06:04 +02:00
Rambatla Venkat Rao
d00fee3ba0
Update hyasinsight.py
2022-10-11 08:26:12 +05:30
Rambatla Venkat Rao
66eb82cf1a
Added few more endpoints
2022-10-11 08:24:53 +05:30
Jeroen Pinoy
340b9c0954
fix: [expansion:apivoid] add missing email attribute input types
2022-09-20 06:05:06 -07:00
szopin
e10826aafc
Fix for hashdd
...
Endpoint has changed, now only accepts md5 and the format of the reply is also different
2022-09-15 10:09:21 +02:00
Rambatla Venkat Rao
03af649d06
fixed lgtm issues
2022-09-06 17:05:22 +05:30
Rambatla Venkat Rao
f3b2ea7c41
Added HYAS Insight Module
2022-09-06 16:07:52 +05:30
Rambatla Venkat Rao
3afcd825b9
Added Hyas Insight Module
2022-09-06 15:54:35 +05:30
Sami Mokaddem
a6930be862
new: [expansion:jinja_template_rendering] Added new module to rendre a jinja template based on the provided data
2022-08-25 10:57:17 +02:00
Christian Studer
71d8745b91
fix: [shodan] The input attribute is actually already added to the event at the beginning
2022-08-10 16:17:08 +02:00
chrisr3d
90a1644c8c
fix: [shodan] Fixed wrong asset used to add attribute to
...
- This caused the input `ip-src` or `ip-dst` input
attribute to be added to the `ip-api-addres`
which does not have these attributes in their
template, where they should be added to the
Event instead
2022-08-10 14:07:00 +02:00
Raphaël Vinot
81ec6fe415
fix: fix vulnerable_configuration object ref, rely on template.
...
Related #853
2022-07-28 14:41:36 +02:00
Daniel Pascual
d08bb5c365
Add more relations and attributes to VT modules
2022-04-18 10:20:33 +02:00
Alexandre Dulaunoy
8f3cc42082
Merge branch 'main' of github.com:MISP/misp-modules into main
2022-04-15 08:27:53 +02:00
Alexandre Dulaunoy
c384c3a2a5
fix: [expansion] clamav module was missing from the __init__
2022-04-15 08:27:19 +02:00
Dermott, Scott
f73b961330
* Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable`
2022-04-07 14:44:22 +01:00
Daniel Pascual
ac704c8c99
VirusTotal modules migration to API v3
2022-03-16 18:05:13 +01:00
chrisr3d
c5b6d218bb
chg: [joesandbox_query] Changed the `import_pe` param to `import_executable`
2022-03-07 23:01:49 +01:00
Jakub Onderka
79de89657c
fix: [wiki] Change User-Agent to avoid 403 error
2022-03-04 10:07:53 +01:00
Alexandre Dulaunoy
c33a1fea22
Merge pull request #556 from Wachizungu/chg-add-edit-mmdb-lookup-documentation
...
chg:[doc] update mmdb_lookup documentation
2022-02-23 06:43:28 +01:00
Jeroen Pinoy
c5a9a97354
chg:[doc] update mmdb_lookup documentation
2022-02-23 00:54:13 +01:00
Jeroen Pinoy
a1e468f7bf
fix: Allow email-src and email-dst as input for apivoid module
2022-02-22 23:33:55 +01:00
Alexandre Dulaunoy
beb463bdab
Merge branch 'main' into main
2022-02-15 15:16:13 +01:00
Rambatla Venkat Rao
4a19d35da0
updated to add the latest modules
2022-02-15 19:19:51 +05:30
Rambatla Venkat Rao
82eee0074b
Update __init__.py
2022-02-15 19:11:36 +05:30
Rambatla Venkat Rao
9b4b1a1c4f
Update __init__.py
2022-02-15 19:01:13 +05:30
Rambatla Venkat Rao
2f1d35774d
Update ipqs_fraud_and_risk_scoring.py
2022-02-15 18:52:14 +05:30
Rambatla Venkat Rao
3856f9fe1d
Update ipqs_fraud_and_risk_scoring.py
2022-02-12 10:38:48 +05:30
Rambatla Venkat Rao
430a838332
Update ipqs_fraud_and_risk_scoring.py
2022-02-12 10:20:48 +05:30
Rambatla Venkat Rao
fedf731e07
added ipqs_fraud_and_risk_scoring to modules list
2022-02-09 10:22:16 +05:30
Rambatla Venkat Rao
85bd1b69ad
Initial Commit for IPQualityScore Expansion Module
2022-02-09 10:21:40 +05:30
Rambatla Venkat Rao
47dde7943b
delete
2022-02-09 10:20:42 +05:30
Jeroen Pinoy
0072a45aab
chg:[apivoid] Add handling with email verify API
2022-02-07 17:41:15 +01:00
Jeroen Pinoy
4408f24714
chg: [mmdb_lookup] Add handling of ASN details.
2022-02-06 15:51:54 +01:00
Jeroen Pinoy
267824a6df
new: Add mmdb lookup expansion module
2022-02-05 20:23:28 +01:00
Rambatla Venkat Rao
17541e2938
Added ipqualityscore to All list
2022-02-05 11:33:43 +05:30
Rambatla Venkat Rao
cf7b8318a4
Initial Commit for IPQualityScore Expansion Module
2022-02-05 11:32:46 +05:30
Jeroen Pinoy
ed2d14c956
Add hashlookup to expansion init.py
2022-02-03 10:44:13 +01:00
Raphaël Vinot
2874c41f7f
fix: required parameters for Recorded Future object
2022-01-14 10:23:08 +01:00
Silvian I
23ff0348ed
[crowdstrike_falcon] fix imports warning
2022-01-11 15:25:39 +01:00
Silvian I
13cb1f472d
[crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module to new api version & add attribute creation on enrichment functionality
2022-01-11 13:59:59 +01:00
Silvian I
950a76a3ad
Upgrade censys_enrich module to new api version - fix test error
2022-01-07 19:26:02 +01:00
Silvian I
ef543a3fa8
Upgrade censys_enrich module to new api version - fix test error
2022-01-07 19:05:05 +01:00
Silvian I
b9d9df4dd0
Upgrade censys_enrich module to new api version
2022-01-07 14:46:10 +01:00
Koen Van Impe
b9fb2f3ca7
Update mwdb.py
2021-12-26 23:59:16 +01:00
Koen Van Impe
c42723d42d
Module to push malware samples to a MWDB instance
...
- Upload of attachment or malware sample to MWDB
- Tags of events and/or attributes are added to MWDB.
- Comment of the MISP attribute is added to MWDB.
- A link back to the MISP event is added to MWDB via the MWDB attribute.
- A link to the MWDB attribute is added as an enriched attribute to the MISP event.
2021-12-26 23:34:00 +01:00
Jakub Onderka
907ac1e935
fix: [ods_enrich] Try to fix reading bytesio
2021-12-24 16:48:24 +01:00
Jakub Onderka
3fe7072bfb
fix: [ods_enrich] Better exception logging
2021-12-24 16:48:24 +01:00
Alexandre Dulaunoy
268bb312c9
fix: [hashlookup] typo fixed
2021-12-18 17:11:06 +01:00
Alexandre Dulaunoy
2d98885231
chg: [hashlookup] support for sha256 and bug fix for non-exising MD5
2021-12-18 09:22:32 +01:00
Calvin Krzywiec
dc0660acd0
feature: add qintel qsentry expansion module
2021-11-22 15:46:46 -05:00
Jean-Louis Huynen
84ecc19206
Merge branch 'MISP:main' into main
2021-10-26 15:12:12 +02:00
Jean-Louis Huynen
7967542be6
add: [passive-ssh] initial commit
2021-10-26 15:11:20 +02:00
rderkach
4fd3323220
Update Recorded future expansion module with the new data
...
In this release, we added new data that we have called Links.
It represents better and more filtered related data.
Also did some code formatting.
2021-10-25 18:01:05 +03:00
chrisr3d
be5635b0a4
fix: [yara_query] Fixed module input parsing
...
- The module used to work properly when called
from a single attribute enrichment, but was
broken when called from the hover enrichment
feature, because of the additional `persistent`
field used to define which type of hover
enrichment is queried
2021-10-15 17:18:29 +02:00
Alexandre Dulaunoy
4162ccb528
chg: [hashlookup] KnownMalicious field added
2021-09-24 15:35:14 +02:00
Alexandre Dulaunoy
b6e0c4ce53
chg: [hashlookup] add new fields such as source, SSDEEP and TLSH
2021-09-24 15:29:23 +02:00
Alexandre Dulaunoy
9783113a1e
fix: [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record
2021-09-24 15:09:07 +02:00
Andras Iklody
4115b7607e
fix: added note about the Domaintools module being deprecated
...
- as requested by Domaintools, including a link to their own, up to date module
2021-09-09 13:57:29 +02:00
chrisr3d
82e0628fe7
chg: [hashlookup] Using the actual attribute types for FileName & FileSize
...
- Following the recent changes on the obejct template
to use `filename` as attribute type for the FileName
object relation instead of `text`
d2b93f5aa6
2021-08-26 15:19:36 +02:00
chrisr3d
1d7f0ee1f0
fix: [hashlookup] Fixed the errors handling
...
- Since the modules system is waiting for a dict,
we return `misperrors` instead of the actual
value of the 'error' key, and the module will
no longer fail when there is no result to parse
2021-08-26 15:02:32 +02:00
Alexandre Dulaunoy
73e78463d0
new: [hashlookup] new hashlookup module added
...
https://www.circl.lu/services/hashlookup/
2021-08-25 18:42:16 +02:00
Alexandre Dulaunoy
7b675f7857
Merge branch 'main' of github.com:MISP/misp-modules into main
2021-08-25 18:41:31 +02:00
Alexandre Dulaunoy
f40fc7ebc4
new: [hashlookup] new hashlookup module added
2021-08-25 18:38:09 +02:00
Martin Ohl
d2ed09d081
Create mcafee_insights_enrich.py
...
Module to expand IOC information with McAfee MVISION Insights
2021-08-13 14:55:08 +02:00
Jason Zhang
f5fdf343b8
Sanity checks
2021-08-12 11:08:09 +01:00
Brad Chiappetta
b3daa138f1
add cve support and enhance ip lookups
2021-08-09 15:37:37 -04:00
Jason Zhang
83fd44ed13
add vmware_nsx module
2021-07-29 12:13:31 +01:00
Alexandre Dulaunoy
605231e089
chg :[virustotal_public] make flake8 happy
2021-06-11 14:54:07 +02:00
Alexandre Dulaunoy
94795e4993
chg: [virustotal] make flake8 happy
2021-06-11 14:51:30 +02:00
Alex Resnick
c4bc2408ad
add proxy configs for virus total modules
2021-05-28 14:53:35 -05:00
Rambatla Venkat Rao
6a731454f1
Updated Distribution Constant
2021-05-12 21:42:25 +05:30
Rambatla Venkat Rao
f6c0f68263
Default distribution setting to DNSDB Objects
2021-05-12 18:38:55 +05:30
Rambatla Venkat Rao
7aa6b39da8
Added a default distribution setting to Objects
2021-05-12 18:30:54 +05:30
Sebdraven
382025453e
fix bug on loop
2021-05-07 14:38:42 +02:00
Sebdraven
eb48635ce5
remove print and variable unsuable
2021-05-07 14:07:18 +02:00
sebdraven
8491e169e0
Merge pull request #4 from MISP/main
...
merge
2021-05-07 12:34:33 +02:00
Sebdraven
d0c2f94354
add summary ip, domain and hostname
2021-05-07 12:27:11 +02:00
chrisr3d
780590cee3
fix: [farsight_passivedns] Handling exceptions raised from a query error
...
- This can happen with for instance a wrong server URL
2021-05-04 18:36:56 +02:00
chrisr3d
790090eb0b
chg: [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template
2021-05-03 11:25:37 +02:00
Sebdraven
16f9ec9f6d
fix bug
2021-04-30 15:46:59 +02:00
Sebdraven
73ea9620bf
add reference
2021-04-30 15:39:56 +02:00
Sebdraven
86beb488c1
add test to check
2021-04-30 15:25:27 +02:00
Sebdraven
32aeb52efc
fixe typo
2021-04-30 15:22:55 +02:00
Sebdraven
4478440d5b
remove pass
2021-04-30 15:16:47 +02:00
Sebdraven
7f1caaba25
add object certificate
2021-04-30 15:16:22 +02:00
Sebdraven
098616846d
add hostname
2021-04-23 16:19:47 +02:00
Sebdraven
e1c2c779aa
Update onyphe.py
...
remove typo
2021-04-23 16:16:43 +02:00
Sebdraven
f32717c896
check entry in result dico
2021-04-23 16:15:38 +02:00
Sebdraven
436254cd8c
add logs
2021-04-23 16:13:32 +02:00
Sebdraven
7813ba4fc3
fix logical test
2021-04-23 16:11:10 +02:00
Sebdraven
9fd23d6fe0
add logs
2021-04-23 16:09:21 +02:00
Sebdraven
ff6470d0e2
add logs
2021-04-23 16:07:44 +02:00
Sebdraven
8fbe371eca
add logs
2021-04-23 16:06:20 +02:00
Sebdraven
94f6af8882
add summary ip
...
object domain
2021-04-23 16:02:21 +02:00
Sebdraven
9364859ce9
refactoring of the module
2021-04-22 15:05:29 +02:00
Sebdraven
b9407ad85a
Merge branch 'main'
2021-04-22 11:27:43 +02:00
Sebdraven
7ab2e099f4
fix typo
2021-04-21 18:15:16 +02:00
Sebdraven
9f5a4be9d7
remove variable unused
2021-04-21 17:54:01 +02:00
Sebdraven
abac4cfab7
remove import unused and add package in requirements
2021-04-21 17:51:22 +02:00
Sebdraven
1b9d47dd33
Update yeti.py
...
pep 8 compliant
2021-04-21 15:41:20 +02:00
Sebdraven
a76978d6c6
Update yeti.py
...
remove tags and entity
2021-04-21 15:40:46 +02:00
Sebdraven
a277cbb8bf
Update yeti.py
...
add input
2021-04-21 14:45:07 +02:00
sebdraven
f6675a71e4
Merge pull request #2 from MISP/master
...
Master
2021-04-21 12:42:33 +02:00
Sebdraven
7e5238e8be
Update yeti.py
...
add tests
2021-04-20 14:35:18 +02:00
Sebdraven
8683c9e5ce
Update yeti.py
...
add ns record dst and src link
2021-04-20 14:13:16 +02:00
Sebdraven
26bc02617f
Update yeti.py
...
add test to create result
2021-04-20 14:08:31 +02:00
Sebdraven
3426ad13c5
Update yeti.py
...
fix edges
2021-04-20 14:05:51 +02:00
Sebdraven
fd76e55093
Update yeti.py
...
fix typo
2021-04-20 13:56:45 +02:00
Sebdraven
dfa46b551a
Update yeti.py
...
change params
2021-04-20 13:55:36 +02:00
Sebdraven
baaaa81ec3
Update yeti.py
...
add ns_record object
2021-04-20 13:53:06 +02:00
Sebdraven
cec06ed26d
Update yeti.py
...
change loop
2021-04-20 13:38:45 +02:00
Sebdraven
bb1cd7c4de
Update yeti.py
...
fix bug
2021-04-20 12:43:43 +02:00
Sebdraven
e037c4c767
Update yeti.py
...
remove tests
2021-04-20 12:42:49 +02:00
Sebdraven
e0506ee31e
Update yeti.py
...
filter by id
2021-04-20 12:40:01 +02:00
Sebdraven
f701256008
Update yeti.py
...
add src
2021-04-20 12:33:46 +02:00
Sebdraven
a2741e8eb7
Update yeti.py
...
fix keyerror
2021-04-20 12:30:22 +02:00
Sebdraven
9cb1a83e54
Update yeti.py
...
fix bug about id
2021-04-20 12:24:34 +02:00
Sebdraven
37867f89ee
Update yeti.py
...
add logs
2021-04-20 12:21:56 +02:00
Sebdraven
507e56228f
Update yeti.py
...
add logs
2021-04-20 12:19:43 +02:00
Sebdraven
abba63f32f
Update yeti.py
...
add test of id
2021-04-20 12:17:17 +02:00
Sebdraven
1a67f8ed96
Update yeti.py
...
add log
2021-04-20 12:08:59 +02:00
Sebdraven
385af28a0a
Update yeti.py
...
add descripton
2021-04-20 12:07:06 +02:00
Sebdraven
8ea3d5c5c7
Update yeti.py
...
add file to add in attribute
2021-04-20 10:41:44 +02:00
Sebdraven
5d80b79bc4
Update yeti.py
...
add tags for attribute
2021-04-19 17:55:29 +02:00