Commit Graph

917 Commits (fix-poetry)

Author SHA1 Message Date
Christian Studer 64d3a3e5a4
fix: [crowdsec] Typo 2023-05-23 13:34:52 +02:00
Christian Studer 6eea5f61d4
fix: [crowdsec] Fixed the `reverse_dns` field parsing & added the `background-noise` attribute 2023-05-23 13:20:52 +02:00
Christian Studer ddd8b8513e
add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__` 2023-05-16 16:09:04 +02:00
Christian Studer 196939d205
chg: [crowdsec] Updated the module to support the recently added `crowdsec-ip-context` object template 2023-05-12 12:16:22 +02:00
Christian Studer 51cf8524ad
fix: [crowdsec] Fixed the module input handling
- Made the module an expansion module as it is the
  standard type, and `hover` usually is the option
- Better input handling, checking now for the
  `attribute` field as the information of the full
  attribute is passed in misp standard format and
  not only its type and value
- As for now only `v2` is supported as API version
  we removed the parameter to avoid confusion. It
  can be added back later when multiple versions
  are supported
2023-05-11 16:12:07 +02:00
Alexandre Dulaunoy 98b766cbdc
fix: [crowdsec] more need to be fully supporting MISP standard format 2023-05-11 15:25:34 +02:00
Alexandre Dulaunoy 337dcf7acb
fix: [crowdsec] version 2 2023-05-11 15:21:31 +02:00
Alexandre Dulaunoy fe778dd576
fix: [crowdsec] set default version and expansion added 2023-05-11 15:18:26 +02:00
Alexandre Dulaunoy 113a112001
fix: [dbl_spamhaus] if you want to run local test, the dns module
expansion is taking over from the original dnspython3 library.

The trick is just to get rid of the syspath to exclude the local
directory until the proper library is loaded.
2023-04-02 10:11:24 +02:00
Christian Studer 9892c8db88 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2023-03-27 17:46:42 +02:00
Brad Chiappetta b3865b33b7 refactor for sdk and expansion 2023-03-10 12:56:26 -05:00
Christian Studer 69deb8d10b
add: [ipinfo] First version of a new module to query ipinfo.io
- First version addressing the request from #600
- Straight forward parsing of the `geolocation`,
  `domain-ip` and `asn` information returned by
  the standard API endpoint (ipinfo.io/{ip_address})
2023-02-21 13:04:24 +01:00
Shivam Sandbhor 2c9b953f23 Set user agent of crowdsec misp module to crowdsec-misp/v1.0.0
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2023-02-20 10:11:38 +05:30
Alexandre Dulaunoy b7bd679b1c
fix: [url_import/url] added in __init__ 2022-11-08 06:23:40 +01:00
Christian Studer cb8f55425c
fix: [crowdsec] Fixed the __init__ files 2022-11-07 23:44:40 +01:00
Sami Mokaddem 9bf7e15053
new: [expansion] Added extract_url_components module to create an object from an URL attribute 2022-11-06 17:28:00 +01:00
Shivam Sandbhor 382d8036d9 Add crowdsec module
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2022-10-28 12:19:35 +05:30
Christian Studer e18ac776bb
fix: [variodbs] Fixed indentation issue
- if `exploit_results` is empty, we should not go
  any further in the query for next values exploit
  results
2022-10-27 09:50:24 +02:00
Christian Studer 5526c2c195
add: [variotdbs] Updated the exploit object mapping to support the object attributes recently added to the `exploit` template 2022-10-26 11:35:59 +02:00
Christian Studer 8e97bf9938
chg: [cve_advanced] Updated the module to use cvepremium & a few improvements 2022-10-25 22:20:30 +02:00
Christian Studer 38a6dc810e
fix: [variodbs] Properly handling the exploit results when there is more that 10 results
- We keep querying the VARIoT db API with the link
  of the next content until there is no next result
2022-10-24 16:18:22 +02:00
Christian Studer b964b5e2a6
fix: [variodbs] Fixed the empty vulnerability results case handling, to avoid the module to stop before looking for related exploits 2022-10-24 15:43:04 +02:00
Christian Studer 153ca8d3d4
add: [variotdbs] Added the exploit information parsing
- Following a recent change on the variotdbs API
  allowing requests to get exploits information
  base on a CVE number
2022-10-24 15:01:54 +02:00
Christian Studer 98031beeae
fix: [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process 2022-10-24 14:53:00 +02:00
Christian Studer f5cb8d0f57
fix: [variotdbs] Added the reference between the resulting vulnerability object and the initial vulnerability attribute 2022-10-21 14:18:47 +02:00
Christian Studer 81375e1628 add: [variotdbs] Added module to query the variotdbs API with a vulnerabliity, to get additional info about it 2022-10-19 00:06:04 +02:00
Rambatla Venkat Rao d00fee3ba0
Update hyasinsight.py 2022-10-11 08:26:12 +05:30
Rambatla Venkat Rao 66eb82cf1a
Added few more endpoints 2022-10-11 08:24:53 +05:30
Jeroen Pinoy 340b9c0954
fix: [expansion:apivoid] add missing email attribute input types 2022-09-20 06:05:06 -07:00
szopin e10826aafc
Fix for hashdd
Endpoint has changed, now only accepts md5 and the format of the reply is also different
2022-09-15 10:09:21 +02:00
Rambatla Venkat Rao 03af649d06
fixed lgtm issues 2022-09-06 17:05:22 +05:30
Rambatla Venkat Rao f3b2ea7c41
Added HYAS Insight Module 2022-09-06 16:07:52 +05:30
Rambatla Venkat Rao 3afcd825b9
Added Hyas Insight Module 2022-09-06 15:54:35 +05:30
Sami Mokaddem a6930be862
new: [expansion:jinja_template_rendering] Added new module to rendre a jinja template based on the provided data 2022-08-25 10:57:17 +02:00
Christian Studer 71d8745b91
fix: [shodan] The input attribute is actually already added to the event at the beginning 2022-08-10 16:17:08 +02:00
chrisr3d 90a1644c8c
fix: [shodan] Fixed wrong asset used to add attribute to
- This caused the input `ip-src` or `ip-dst` input
  attribute to be added to the `ip-api-addres`
  which does not have these attributes in their
  template, where they should be added to the
  Event instead
2022-08-10 14:07:00 +02:00
Raphaël Vinot 81ec6fe415 fix: fix vulnerable_configuration object ref, rely on template.
Related #853
2022-07-28 14:41:36 +02:00
Daniel Pascual d08bb5c365 Add more relations and attributes to VT modules 2022-04-18 10:20:33 +02:00
Alexandre Dulaunoy 8f3cc42082
Merge branch 'main' of github.com:MISP/misp-modules into main 2022-04-15 08:27:53 +02:00
Alexandre Dulaunoy c384c3a2a5
fix: [expansion] clamav module was missing from the __init__ 2022-04-15 08:27:19 +02:00
Dermott, Scott f73b961330 * Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable` 2022-04-07 14:44:22 +01:00
Daniel Pascual ac704c8c99 VirusTotal modules migration to API v3 2022-03-16 18:05:13 +01:00
chrisr3d c5b6d218bb
chg: [joesandbox_query] Changed the `import_pe` param to `import_executable` 2022-03-07 23:01:49 +01:00
Jakub Onderka 79de89657c fix: [wiki] Change User-Agent to avoid 403 error 2022-03-04 10:07:53 +01:00
Alexandre Dulaunoy c33a1fea22
Merge pull request #556 from Wachizungu/chg-add-edit-mmdb-lookup-documentation
chg:[doc] update mmdb_lookup documentation
2022-02-23 06:43:28 +01:00
Jeroen Pinoy c5a9a97354
chg:[doc] update mmdb_lookup documentation 2022-02-23 00:54:13 +01:00
Jeroen Pinoy a1e468f7bf
fix: Allow email-src and email-dst as input for apivoid module 2022-02-22 23:33:55 +01:00
Alexandre Dulaunoy beb463bdab
Merge branch 'main' into main 2022-02-15 15:16:13 +01:00
Rambatla Venkat Rao 4a19d35da0
updated to add the latest modules 2022-02-15 19:19:51 +05:30
Rambatla Venkat Rao 82eee0074b
Update __init__.py 2022-02-15 19:11:36 +05:30
Rambatla Venkat Rao 9b4b1a1c4f
Update __init__.py 2022-02-15 19:01:13 +05:30
Rambatla Venkat Rao 2f1d35774d
Update ipqs_fraud_and_risk_scoring.py 2022-02-15 18:52:14 +05:30
Rambatla Venkat Rao 3856f9fe1d
Update ipqs_fraud_and_risk_scoring.py 2022-02-12 10:38:48 +05:30
Rambatla Venkat Rao 430a838332
Update ipqs_fraud_and_risk_scoring.py 2022-02-12 10:20:48 +05:30
Rambatla Venkat Rao fedf731e07
added ipqs_fraud_and_risk_scoring to modules list 2022-02-09 10:22:16 +05:30
Rambatla Venkat Rao 85bd1b69ad
Initial Commit for IPQualityScore Expansion Module 2022-02-09 10:21:40 +05:30
Rambatla Venkat Rao 47dde7943b
delete 2022-02-09 10:20:42 +05:30
Jeroen Pinoy 0072a45aab
chg:[apivoid] Add handling with email verify API 2022-02-07 17:41:15 +01:00
Jeroen Pinoy 4408f24714
chg: [mmdb_lookup] Add handling of ASN details. 2022-02-06 15:51:54 +01:00
Jeroen Pinoy 267824a6df
new: Add mmdb lookup expansion module 2022-02-05 20:23:28 +01:00
Rambatla Venkat Rao 17541e2938
Added ipqualityscore to All list 2022-02-05 11:33:43 +05:30
Rambatla Venkat Rao cf7b8318a4
Initial Commit for IPQualityScore Expansion Module 2022-02-05 11:32:46 +05:30
Jeroen Pinoy ed2d14c956
Add hashlookup to expansion init.py 2022-02-03 10:44:13 +01:00
Raphaël Vinot 2874c41f7f
fix: required parameters for Recorded Future object 2022-01-14 10:23:08 +01:00
Silvian I 23ff0348ed [crowdstrike_falcon] fix imports warning 2022-01-11 15:25:39 +01:00
Silvian I 13cb1f472d [crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module to new api version & add attribute creation on enrichment functionality 2022-01-11 13:59:59 +01:00
Silvian I 950a76a3ad Upgrade censys_enrich module to new api version - fix test error 2022-01-07 19:26:02 +01:00
Silvian I ef543a3fa8 Upgrade censys_enrich module to new api version - fix test error 2022-01-07 19:05:05 +01:00
Silvian I b9d9df4dd0 Upgrade censys_enrich module to new api version 2022-01-07 14:46:10 +01:00
Koen Van Impe b9fb2f3ca7 Update mwdb.py 2021-12-26 23:59:16 +01:00
Koen Van Impe c42723d42d Module to push malware samples to a MWDB instance
- Upload of attachment or malware sample to MWDB
- Tags of events and/or attributes are added to MWDB.
- Comment of the MISP attribute is added to MWDB.
- A link back to the MISP event is added to MWDB via the MWDB attribute.
- A link to the MWDB attribute is added as an enriched attribute to the MISP event.
2021-12-26 23:34:00 +01:00
Jakub Onderka 907ac1e935 fix: [ods_enrich] Try to fix reading bytesio 2021-12-24 16:48:24 +01:00
Jakub Onderka 3fe7072bfb fix: [ods_enrich] Better exception logging 2021-12-24 16:48:24 +01:00
Alexandre Dulaunoy 268bb312c9
fix: [hashlookup] typo fixed 2021-12-18 17:11:06 +01:00
Alexandre Dulaunoy 2d98885231
chg: [hashlookup] support for sha256 and bug fix for non-exising MD5 2021-12-18 09:22:32 +01:00
Calvin Krzywiec dc0660acd0
feature: add qintel qsentry expansion module 2021-11-22 15:46:46 -05:00
Jean-Louis Huynen 84ecc19206
Merge branch 'MISP:main' into main 2021-10-26 15:12:12 +02:00
Jean-Louis Huynen 7967542be6 add: [passive-ssh] initial commit 2021-10-26 15:11:20 +02:00
rderkach 4fd3323220 Update Recorded future expansion module with the new data
In this release, we added new data that we have called Links.
It represents better and more filtered related data.
Also did some code formatting.
2021-10-25 18:01:05 +03:00
chrisr3d be5635b0a4
fix: [yara_query] Fixed module input parsing
- The module used to work properly when called
  from a single attribute enrichment, but was
  broken when called from the hover enrichment
  feature, because of the additional `persistent`
  field used to define which type of hover
  enrichment is queried
2021-10-15 17:18:29 +02:00
Alexandre Dulaunoy 4162ccb528
chg: [hashlookup] KnownMalicious field added 2021-09-24 15:35:14 +02:00
Alexandre Dulaunoy b6e0c4ce53
chg: [hashlookup] add new fields such as source, SSDEEP and TLSH 2021-09-24 15:29:23 +02:00
Alexandre Dulaunoy 9783113a1e
fix: [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record 2021-09-24 15:09:07 +02:00
Andras Iklody 4115b7607e
fix: added note about the Domaintools module being deprecated
- as requested by Domaintools, including a link to their own, up to date module
2021-09-09 13:57:29 +02:00
chrisr3d 82e0628fe7
chg: [hashlookup] Using the actual attribute types for FileName & FileSize
- Following the recent changes on the obejct template
  to use `filename` as attribute type for the FileName
  object relation instead of `text`
  d2b93f5aa6
2021-08-26 15:19:36 +02:00
chrisr3d 1d7f0ee1f0
fix: [hashlookup] Fixed the errors handling
- Since the modules system is waiting for a dict,
  we return `misperrors` instead of the actual
  value of the 'error' key, and the module will
  no longer fail when there is no result to parse
2021-08-26 15:02:32 +02:00
Alexandre Dulaunoy 73e78463d0
new: [hashlookup] new hashlookup module added
https://www.circl.lu/services/hashlookup/
2021-08-25 18:42:16 +02:00
Alexandre Dulaunoy 7b675f7857
Merge branch 'main' of github.com:MISP/misp-modules into main 2021-08-25 18:41:31 +02:00
Alexandre Dulaunoy f40fc7ebc4
new: [hashlookup] new hashlookup module added 2021-08-25 18:38:09 +02:00
Martin Ohl d2ed09d081
Create mcafee_insights_enrich.py
Module to expand IOC information with McAfee MVISION Insights
2021-08-13 14:55:08 +02:00
Jason Zhang f5fdf343b8 Sanity checks 2021-08-12 11:08:09 +01:00
Brad Chiappetta b3daa138f1 add cve support and enhance ip lookups 2021-08-09 15:37:37 -04:00
Jason Zhang 83fd44ed13 add vmware_nsx module 2021-07-29 12:13:31 +01:00
Alexandre Dulaunoy 605231e089
chg :[virustotal_public] make flake8 happy 2021-06-11 14:54:07 +02:00
Alexandre Dulaunoy 94795e4993
chg: [virustotal] make flake8 happy 2021-06-11 14:51:30 +02:00
Alex Resnick c4bc2408ad add proxy configs for virus total modules 2021-05-28 14:53:35 -05:00
Rambatla Venkat Rao 6a731454f1
Updated Distribution Constant 2021-05-12 21:42:25 +05:30
Rambatla Venkat Rao f6c0f68263
Default distribution setting to DNSDB Objects 2021-05-12 18:38:55 +05:30
Rambatla Venkat Rao 7aa6b39da8
Added a default distribution setting to Objects 2021-05-12 18:30:54 +05:30
Sebdraven 382025453e fix bug on loop 2021-05-07 14:38:42 +02:00
Sebdraven eb48635ce5 remove print and variable unsuable 2021-05-07 14:07:18 +02:00
sebdraven 8491e169e0
Merge pull request #4 from MISP/main
merge
2021-05-07 12:34:33 +02:00
Sebdraven d0c2f94354 add summary ip, domain and hostname 2021-05-07 12:27:11 +02:00
chrisr3d 780590cee3
fix: [farsight_passivedns] Handling exceptions raised from a query error
- This can happen with for instance a wrong server URL
2021-05-04 18:36:56 +02:00
chrisr3d 790090eb0b
chg: [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template 2021-05-03 11:25:37 +02:00
Sebdraven 16f9ec9f6d fix bug 2021-04-30 15:46:59 +02:00
Sebdraven 73ea9620bf add reference 2021-04-30 15:39:56 +02:00
Sebdraven 86beb488c1 add test to check 2021-04-30 15:25:27 +02:00
Sebdraven 32aeb52efc fixe typo 2021-04-30 15:22:55 +02:00
Sebdraven 4478440d5b remove pass 2021-04-30 15:16:47 +02:00
Sebdraven 7f1caaba25 add object certificate 2021-04-30 15:16:22 +02:00
Sebdraven 098616846d add hostname 2021-04-23 16:19:47 +02:00
Sebdraven e1c2c779aa Update onyphe.py
remove typo
2021-04-23 16:16:43 +02:00
Sebdraven f32717c896 check entry in result dico 2021-04-23 16:15:38 +02:00
Sebdraven 436254cd8c add logs 2021-04-23 16:13:32 +02:00
Sebdraven 7813ba4fc3 fix logical test 2021-04-23 16:11:10 +02:00
Sebdraven 9fd23d6fe0 add logs 2021-04-23 16:09:21 +02:00
Sebdraven ff6470d0e2 add logs 2021-04-23 16:07:44 +02:00
Sebdraven 8fbe371eca add logs 2021-04-23 16:06:20 +02:00
Sebdraven 94f6af8882 add summary ip
object domain
2021-04-23 16:02:21 +02:00
Sebdraven 9364859ce9 refactoring of the module 2021-04-22 15:05:29 +02:00
Sebdraven b9407ad85a Merge branch 'main' 2021-04-22 11:27:43 +02:00
Sebdraven 7ab2e099f4 fix typo 2021-04-21 18:15:16 +02:00
Sebdraven 9f5a4be9d7 remove variable unused 2021-04-21 17:54:01 +02:00
Sebdraven abac4cfab7 remove import unused and add package in requirements 2021-04-21 17:51:22 +02:00
Sebdraven 1b9d47dd33 Update yeti.py
pep 8 compliant
2021-04-21 15:41:20 +02:00
Sebdraven a76978d6c6 Update yeti.py
remove tags and entity
2021-04-21 15:40:46 +02:00
Sebdraven a277cbb8bf Update yeti.py
add input
2021-04-21 14:45:07 +02:00
sebdraven f6675a71e4
Merge pull request #2 from MISP/master
Master
2021-04-21 12:42:33 +02:00
Sebdraven 7e5238e8be Update yeti.py
add tests
2021-04-20 14:35:18 +02:00
Sebdraven 8683c9e5ce Update yeti.py
add ns record dst and src link
2021-04-20 14:13:16 +02:00
Sebdraven 26bc02617f Update yeti.py
add test to create result
2021-04-20 14:08:31 +02:00
Sebdraven 3426ad13c5 Update yeti.py
fix edges
2021-04-20 14:05:51 +02:00
Sebdraven fd76e55093 Update yeti.py
fix typo
2021-04-20 13:56:45 +02:00
Sebdraven dfa46b551a Update yeti.py
change params
2021-04-20 13:55:36 +02:00
Sebdraven baaaa81ec3 Update yeti.py
add ns_record object
2021-04-20 13:53:06 +02:00
Sebdraven cec06ed26d Update yeti.py
change loop
2021-04-20 13:38:45 +02:00
Sebdraven bb1cd7c4de Update yeti.py
fix bug
2021-04-20 12:43:43 +02:00
Sebdraven e037c4c767 Update yeti.py
remove tests
2021-04-20 12:42:49 +02:00
Sebdraven e0506ee31e Update yeti.py
filter by id
2021-04-20 12:40:01 +02:00
Sebdraven f701256008 Update yeti.py
add src
2021-04-20 12:33:46 +02:00
Sebdraven a2741e8eb7 Update yeti.py
fix keyerror
2021-04-20 12:30:22 +02:00
Sebdraven 9cb1a83e54 Update yeti.py
fix bug about id
2021-04-20 12:24:34 +02:00
Sebdraven 37867f89ee Update yeti.py
add logs
2021-04-20 12:21:56 +02:00
Sebdraven 507e56228f Update yeti.py
add logs
2021-04-20 12:19:43 +02:00
Sebdraven abba63f32f Update yeti.py
add test of id
2021-04-20 12:17:17 +02:00
Sebdraven 1a67f8ed96 Update yeti.py
add log
2021-04-20 12:08:59 +02:00
Sebdraven 385af28a0a Update yeti.py
add descripton
2021-04-20 12:07:06 +02:00
Sebdraven 8ea3d5c5c7 Update yeti.py
add file to add in attribute
2021-04-20 10:41:44 +02:00
Sebdraven 5d80b79bc4 Update yeti.py
add tags for attribute
2021-04-19 17:55:29 +02:00