Silvian I
950a76a3ad
Upgrade censys_enrich module to new api version - fix test error
2022-01-07 19:26:02 +01:00
Silvian I
ef543a3fa8
Upgrade censys_enrich module to new api version - fix test error
2022-01-07 19:05:05 +01:00
Silvian I
b9d9df4dd0
Upgrade censys_enrich module to new api version
2022-01-07 14:46:10 +01:00
Derek LaHousse
6c4e788110
It seems alright to leave the field empty, just have to check that it is empty
2021-12-30 09:25:44 -05:00
Koen Van Impe
b9fb2f3ca7
Update mwdb.py
2021-12-26 23:59:16 +01:00
Koen Van Impe
c42723d42d
Module to push malware samples to a MWDB instance
...
- Upload of attachment or malware sample to MWDB
- Tags of events and/or attributes are added to MWDB.
- Comment of the MISP attribute is added to MWDB.
- A link back to the MISP event is added to MWDB via the MWDB attribute.
- A link to the MWDB attribute is added as an enriched attribute to the MISP event.
2021-12-26 23:34:00 +01:00
Jakub Onderka
907ac1e935
fix: [ods_enrich] Try to fix reading bytesio
2021-12-24 16:48:24 +01:00
Jakub Onderka
3fe7072bfb
fix: [ods_enrich] Better exception logging
2021-12-24 16:48:24 +01:00
Alexandre Dulaunoy
268bb312c9
fix: [hashlookup] typo fixed
2021-12-18 17:11:06 +01:00
Alexandre Dulaunoy
2d98885231
chg: [hashlookup] support for sha256 and bug fix for non-exising MD5
2021-12-18 09:22:32 +01:00
Calvin Krzywiec
dc0660acd0
feature: add qintel qsentry expansion module
2021-11-22 15:46:46 -05:00
Jean-Louis Huynen
84ecc19206
Merge branch 'MISP:main' into main
2021-10-26 15:12:12 +02:00
Jean-Louis Huynen
7967542be6
add: [passive-ssh] initial commit
2021-10-26 15:11:20 +02:00
rderkach
4fd3323220
Update Recorded future expansion module with the new data
...
In this release, we added new data that we have called Links.
It represents better and more filtered related data.
Also did some code formatting.
2021-10-25 18:01:05 +03:00
chrisr3d
be5635b0a4
fix: [yara_query] Fixed module input parsing
...
- The module used to work properly when called
from a single attribute enrichment, but was
broken when called from the hover enrichment
feature, because of the additional `persistent`
field used to define which type of hover
enrichment is queried
2021-10-15 17:18:29 +02:00
Alexandre Dulaunoy
4162ccb528
chg: [hashlookup] KnownMalicious field added
2021-09-24 15:35:14 +02:00
Alexandre Dulaunoy
b6e0c4ce53
chg: [hashlookup] add new fields such as source, SSDEEP and TLSH
2021-09-24 15:29:23 +02:00
Alexandre Dulaunoy
9783113a1e
fix: [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record
2021-09-24 15:09:07 +02:00
Andras Iklody
4115b7607e
fix: added note about the Domaintools module being deprecated
...
- as requested by Domaintools, including a link to their own, up to date module
2021-09-09 13:57:29 +02:00
chrisr3d
82e0628fe7
chg: [hashlookup] Using the actual attribute types for FileName & FileSize
...
- Following the recent changes on the obejct template
to use `filename` as attribute type for the FileName
object relation instead of `text`
d2b93f5aa6
2021-08-26 15:19:36 +02:00
chrisr3d
1d7f0ee1f0
fix: [hashlookup] Fixed the errors handling
...
- Since the modules system is waiting for a dict,
we return `misperrors` instead of the actual
value of the 'error' key, and the module will
no longer fail when there is no result to parse
2021-08-26 15:02:32 +02:00
Alexandre Dulaunoy
73e78463d0
new: [hashlookup] new hashlookup module added
...
https://www.circl.lu/services/hashlookup/
2021-08-25 18:42:16 +02:00
Alexandre Dulaunoy
7b675f7857
Merge branch 'main' of github.com:MISP/misp-modules into main
2021-08-25 18:41:31 +02:00
Alexandre Dulaunoy
f40fc7ebc4
new: [hashlookup] new hashlookup module added
2021-08-25 18:38:09 +02:00
Martin Ohl
d2ed09d081
Create mcafee_insights_enrich.py
...
Module to expand IOC information with McAfee MVISION Insights
2021-08-13 14:55:08 +02:00
Jason Zhang
f5fdf343b8
Sanity checks
2021-08-12 11:08:09 +01:00
Brad Chiappetta
b3daa138f1
add cve support and enhance ip lookups
2021-08-09 15:37:37 -04:00
Jason Zhang
83fd44ed13
add vmware_nsx module
2021-07-29 12:13:31 +01:00
Alexandre Dulaunoy
354427d173
Merge pull request #507 from aaronkaplan/cof2misp
...
Cof2misp
2021-06-17 19:40:08 +02:00
Aaron Kaplan
4078119db0
fix the last issues of #493
...
(https://github.com/MISP/misp-modules/issues/493 )
2021-06-17 14:36:27 +00:00
Alexandre Dulaunoy
605231e089
chg :[virustotal_public] make flake8 happy
2021-06-11 14:54:07 +02:00
Alexandre Dulaunoy
94795e4993
chg: [virustotal] make flake8 happy
2021-06-11 14:51:30 +02:00
Alex Resnick
c4bc2408ad
add proxy configs for virus total modules
2021-05-28 14:53:35 -05:00
aaronkaplan
9813f7f7cb
Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp
2021-05-27 01:58:55 +02:00
aaronkaplan
6824b4e991
push version
2021-05-27 01:58:23 +02:00
aaronkaplan
4816844d16
Add a function to validate dnsdbflex output
...
add dnsdbflex parser. It's rather easy
Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:38:56 +02:00
Rambatla Venkat Rao
6a731454f1
Updated Distribution Constant
2021-05-12 21:42:25 +05:30
Rambatla Venkat Rao
f6c0f68263
Default distribution setting to DNSDB Objects
2021-05-12 18:38:55 +05:30
Rambatla Venkat Rao
7aa6b39da8
Added a default distribution setting to Objects
2021-05-12 18:30:54 +05:30
Alexandre Dulaunoy
77035a82e0
chg: [cof2misp] bailiwick is optional
2021-05-11 14:46:16 +02:00
Sebdraven
382025453e
fix bug on loop
2021-05-07 14:38:42 +02:00
Sebdraven
eb48635ce5
remove print and variable unsuable
2021-05-07 14:07:18 +02:00
sebdraven
8491e169e0
Merge pull request #4 from MISP/main
...
merge
2021-05-07 12:34:33 +02:00
Sebdraven
d0c2f94354
add summary ip, domain and hostname
2021-05-07 12:27:11 +02:00
chrisr3d
dc3b892a42
Merge branch 'main' of github.com:MISP/misp-modules into main
2021-05-04 18:39:26 +02:00
chrisr3d
780590cee3
fix: [farsight_passivedns] Handling exceptions raised from a query error
...
- This can happen with for instance a wrong server URL
2021-05-04 18:36:56 +02:00
Alexandre Dulaunoy
bcc05c3337
Merge pull request #497 from aaronkaplan/cof2misp
...
Cof2misp
2021-05-04 18:27:33 +02:00
root
117200f334
oops, there was a minor error. print(..., file=sys.stDerr) . Typo!
2021-05-04 07:48:30 +00:00
aaronkaplan
09f0f3943a
Add license text. No logical changes in this commit
2021-05-04 09:44:47 +02:00
Alexandre Dulaunoy
c6d02cc177
chg: [cof2misp] debugging removed
2021-05-03 12:41:01 +02:00
Alexandre Dulaunoy
10b5295cdd
chg: [cof2misp] remove logging in the misp-modules
2021-05-03 12:27:52 +02:00
chrisr3d
790090eb0b
chg: [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template
2021-05-03 11:25:37 +02:00
aaronkaplan
0c6a12ea60
Make teh special attributes *_ip and _domain not needed.
...
See the discussion in https://github.com/MISP/misp-objects/pull/314
2021-05-02 22:54:41 +00:00
aaronkaplan
763e10af5d
flake8, you suck
2021-05-02 22:01:09 +00:00
aaronkaplan
36904c688c
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:49:40 +00:00
aaronkaplan
85864dad2e
make flake8 happier
2021-05-02 21:39:39 +00:00
aaronkaplan
ff950bc50c
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:11:00 +00:00
aaronkaplan
f1da1dd6fa
Version 0.2 of the cof2misp import module.
2021-05-02 20:51:07 +00:00
aaronkaplan
c06b8ff604
Version 0.2 of the cof2misp import module.
2021-05-02 16:45:55 +00:00
Sebdraven
16f9ec9f6d
fix bug
2021-04-30 15:46:59 +02:00
Sebdraven
73ea9620bf
add reference
2021-04-30 15:39:56 +02:00
Sebdraven
86beb488c1
add test to check
2021-04-30 15:25:27 +02:00
Sebdraven
32aeb52efc
fixe typo
2021-04-30 15:22:55 +02:00
Sebdraven
4478440d5b
remove pass
2021-04-30 15:16:47 +02:00
Sebdraven
7f1caaba25
add object certificate
2021-04-30 15:16:22 +02:00
Sebdraven
098616846d
add hostname
2021-04-23 16:19:47 +02:00
Sebdraven
e1c2c779aa
Update onyphe.py
...
remove typo
2021-04-23 16:16:43 +02:00
Sebdraven
f32717c896
check entry in result dico
2021-04-23 16:15:38 +02:00
Sebdraven
436254cd8c
add logs
2021-04-23 16:13:32 +02:00
Sebdraven
7813ba4fc3
fix logical test
2021-04-23 16:11:10 +02:00
Sebdraven
9fd23d6fe0
add logs
2021-04-23 16:09:21 +02:00
Sebdraven
ff6470d0e2
add logs
2021-04-23 16:07:44 +02:00
Sebdraven
8fbe371eca
add logs
2021-04-23 16:06:20 +02:00
Sebdraven
94f6af8882
add summary ip
...
object domain
2021-04-23 16:02:21 +02:00
Sebdraven
9364859ce9
refactoring of the module
2021-04-22 15:05:29 +02:00
Sebdraven
b9407ad85a
Merge branch 'main'
2021-04-22 11:27:43 +02:00
Sebdraven
7ab2e099f4
fix typo
2021-04-21 18:15:16 +02:00
Sebdraven
9f5a4be9d7
remove variable unused
2021-04-21 17:54:01 +02:00
Sebdraven
abac4cfab7
remove import unused and add package in requirements
2021-04-21 17:51:22 +02:00
Sebdraven
1b9d47dd33
Update yeti.py
...
pep 8 compliant
2021-04-21 15:41:20 +02:00
Sebdraven
a76978d6c6
Update yeti.py
...
remove tags and entity
2021-04-21 15:40:46 +02:00
Sebdraven
a277cbb8bf
Update yeti.py
...
add input
2021-04-21 14:45:07 +02:00
sebdraven
f6675a71e4
Merge pull request #2 from MISP/master
...
Master
2021-04-21 12:42:33 +02:00
Sebdraven
7e5238e8be
Update yeti.py
...
add tests
2021-04-20 14:35:18 +02:00
Sebdraven
8683c9e5ce
Update yeti.py
...
add ns record dst and src link
2021-04-20 14:13:16 +02:00
Sebdraven
26bc02617f
Update yeti.py
...
add test to create result
2021-04-20 14:08:31 +02:00
Sebdraven
3426ad13c5
Update yeti.py
...
fix edges
2021-04-20 14:05:51 +02:00
Sebdraven
fd76e55093
Update yeti.py
...
fix typo
2021-04-20 13:56:45 +02:00
Sebdraven
dfa46b551a
Update yeti.py
...
change params
2021-04-20 13:55:36 +02:00
Sebdraven
baaaa81ec3
Update yeti.py
...
add ns_record object
2021-04-20 13:53:06 +02:00
Sebdraven
cec06ed26d
Update yeti.py
...
change loop
2021-04-20 13:38:45 +02:00
Sebdraven
bb1cd7c4de
Update yeti.py
...
fix bug
2021-04-20 12:43:43 +02:00
Sebdraven
e037c4c767
Update yeti.py
...
remove tests
2021-04-20 12:42:49 +02:00
Sebdraven
e0506ee31e
Update yeti.py
...
filter by id
2021-04-20 12:40:01 +02:00
Sebdraven
f701256008
Update yeti.py
...
add src
2021-04-20 12:33:46 +02:00
Sebdraven
a2741e8eb7
Update yeti.py
...
fix keyerror
2021-04-20 12:30:22 +02:00
Sebdraven
9cb1a83e54
Update yeti.py
...
fix bug about id
2021-04-20 12:24:34 +02:00
Sebdraven
37867f89ee
Update yeti.py
...
add logs
2021-04-20 12:21:56 +02:00
Sebdraven
507e56228f
Update yeti.py
...
add logs
2021-04-20 12:19:43 +02:00
Sebdraven
abba63f32f
Update yeti.py
...
add test of id
2021-04-20 12:17:17 +02:00
Sebdraven
1a67f8ed96
Update yeti.py
...
add log
2021-04-20 12:08:59 +02:00
Sebdraven
385af28a0a
Update yeti.py
...
add descripton
2021-04-20 12:07:06 +02:00
Sebdraven
8ea3d5c5c7
Update yeti.py
...
add file to add in attribute
2021-04-20 10:41:44 +02:00
Sebdraven
5d80b79bc4
Update yeti.py
...
add tags for attribute
2021-04-19 17:55:29 +02:00
Sebdraven
43672ee9a9
Update yeti.py
...
remove tag
2021-04-19 17:20:13 +02:00
Sebdraven
f7ca8bf140
Update yeti.py
...
test tags
2021-04-19 17:19:23 +02:00
Sebdraven
ee7c065795
Update yeti.py
...
change tags method
2021-04-19 17:16:59 +02:00
Sebdraven
21b52dda15
Update yeti.py
...
add related observable and AS
2021-04-19 17:10:47 +02:00
Sebdraven
5e6aec4162
Update yeti.py
...
remove print debug
2021-04-19 13:49:02 +02:00
Sebdraven
b46a3a8885
Update yeti.py
...
fix bugs key error
2021-04-19 13:47:45 +02:00
Sebdraven
0da40b34ee
Update yeti.py
...
add param
2021-04-19 13:45:29 +02:00
Sebdraven
1e98f1d575
Update yeti.py
...
try typo
2021-04-19 12:20:25 +02:00
Sebdraven
53cc15adcd
Update yeti.py
...
remove print
2021-04-19 12:12:32 +02:00
Sebdraven
ef6596637d
Update yeti.py
...
remove tests
2021-04-19 11:49:24 +02:00
Sebdraven
e3fc3a3f38
Update yeti.py
...
test
2021-04-19 11:47:06 +02:00
Sebdraven
8a24ed7fd6
Update yeti.py
...
add logs
2021-04-19 11:27:33 +02:00
Sebdraven
559533ea78
Update yeti.py
...
try test
2021-04-19 11:25:50 +02:00
Sebdraven
a29779eff6
Update yeti.py
...
add check
2021-04-19 11:24:01 +02:00
Sebdraven
4634567b23
Update yeti.py
...
correct bug
2021-04-19 11:09:38 +02:00
Sebdraven
be212097a7
Update yeti.py
...
add log
2021-04-19 11:08:21 +02:00
Sebdraven
af01db860a
Update yeti.py
...
add log
2021-04-19 11:05:16 +02:00
Sebdraven
07f54c1b86
Update yeti.py
...
correct typo
2021-04-19 11:03:39 +02:00
Sebdraven
69a5584dfe
Update yeti.py
...
add relation
2021-04-19 11:00:55 +02:00
Sebdraven
6cd99c03e4
Update yeti.py
...
refactoring and add Url neighboors
2021-04-19 10:46:07 +02:00
chrisr3d
dbff9b3aa8
chg: [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed
2021-04-16 22:00:27 +02:00
chrisr3d
576dcca671
chg: [rbl] Small changes on the rbl list and the results handling
2021-04-16 16:45:38 +02:00
chrisr3d
300cdc7a4c
fix: [ocr_enrich] Making Pep8 happy
2021-04-15 16:41:15 +02:00
chrisr3d
611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
...
- It looks like the `image_to_string` method now
assumes RGB format and the `imdecode` method
seems to give BGR format, so we convert the
image array before
2021-04-15 16:12:00 +02:00
chrisr3d
729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions
2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy
577d0de500
chg: [farsight] make PEP happy
2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy
0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other
2021-04-08 19:14:13 +02:00
chrisr3d
a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
...
- The object_relation `time_first` is added as the
`first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d
505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
...
- With last_seen set we can easily get results
included in a certain time frame (between first
seen and last seen), but we do not get the
latest results. In order to get those ones, we
skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d
5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
...
- We get the datetime format instead of the raw
timestamp
2021-03-30 03:47:34 +02:00
chrisr3d
327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
...
- Getting generator as a list as it is already the
case for all the other results, so it avoids
issues to read the results by accidently looping
through the generator before it is actually
needed, which would lose the content of the
generator
- Also removed print that was accidently introduced
with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d
8935c4adc5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-29 20:10:28 +02:00
chrisr3d
25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields
2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy
521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
...
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta
5e20ea0dc0
update community api to released ver
2021-03-26 11:19:40 -04:00
Brad Chiappetta
714eb425c6
fix ver info
2021-03-23 13:41:05 -04:00
Brad Chiappetta
2855f7ff5f
updates for greynoise community api
2021-03-23 13:39:36 -04:00
Sebdraven
b42da0435b
Update yeti.py
...
add key results
2021-03-19 15:55:18 +01:00
Sebdraven
240d043f91
Update yeti.py
...
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven
ef2bf29621
Update yeti.py
...
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven
76133ace8b
Update yeti.py
...
change logs
2021-03-19 15:37:49 +01:00
Sebdraven
6b35a7ee4d
Update yeti.py
...
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven
ed3e0d56fd
Update yeti.py
...
change logs
2021-03-19 15:29:21 +01:00
Sebdraven
1be2c27131
Update yeti.py
...
add logs
2021-03-19 15:26:45 +01:00
Sebdraven
83c4b2f4b0
Update yeti.py
...
add relation
2021-03-19 15:22:53 +01:00
Sebdraven
cd97186776
Update yeti.py
...
remove add
2021-03-19 15:20:58 +01:00
Sebdraven
624f423264
Update yeti.py
...
add logs
2021-03-19 15:19:37 +01:00
Sebdraven
5176a36acf
Update yeti.py
...
change relations
2021-03-19 15:16:00 +01:00
Sebdraven
86275d7610
Update yeti.py
...
change modification
2021-03-19 14:38:34 +01:00
Sebdraven
0a364cf815
Update yeti.py
...
update relation
2021-03-19 14:32:00 +01:00
Sebdraven
9eb41f4022
Update yeti.py
...
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven
0d035c0292
Update yeti.py
...
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven
b9ce6d689c
Update yeti.py
...
add ref
2021-03-19 13:56:02 +01:00
Sebdraven
28b554d975
Update yeti.py
...
add test
2021-03-19 12:24:15 +01:00
Sebdraven
bc1bea0ec4
Update yeti.py
...
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven
7255a1eddc
Update yeti.py
...
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven
65d8bb6b07
Update yeti.py
...
log json
2021-03-19 11:51:55 +01:00
Sebdraven
633f5efd56
Update yeti.py
...
log object
2021-03-19 11:48:55 +01:00
Sebdraven
bd5c1b0b53
Update yeti.py
...
add logs
2021-03-19 11:40:23 +01:00
Sebdraven
1dfdb5a2a2
Update yeti.py
...
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven
347d12c78c
Update yeti.py
...
add logs
2021-03-19 11:27:23 +01:00
Sebdraven
d868373c5a
Update yeti.py
...
add logs
2021-03-19 11:24:10 +01:00
Sebdraven
bd4a4b87fc
Update yeti.py
...
add logs
2021-03-19 11:18:01 +01:00
Sebdraven
c9bc97c9f9
Update yeti.py
...
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven
0618e288d3
Update yeti.py
...
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven
48f56b0690
Update yeti.py
...
add object
2021-03-19 10:52:48 +01:00
chrisr3d
9f80d69e64
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 19:34:18 +01:00
chrisr3d
458e432bb7
fix: Making pep8 happy
2021-03-18 19:22:26 +01:00
chrisr3d
aea7e247a5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 18:45:41 +01:00
chrisr3d
c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
...
- Since flex queries input may be email addresses,
we nake sure we replace '@' by '.' in the flex
queries input.
- We also run the flex queries with the input as
is first, before runnning them as second time
with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy
bd38fabba5
Merge pull request #481 from cocaman/main
...
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d
f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
...
- Standard types still supported as before
- Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel
a13184b078
adding additional tags
2021-03-13 20:59:54 +01:00
Corsin Camichel
d14d3d585f
first version of ThreatFox enrichment module
2021-03-13 20:36:49 +01:00
Corsin Camichel
d913ae4b36
updating "hibp" for API version 3
2021-03-13 17:44:27 +01:00
Jürgen Löhel
9e8d01b6c8
fix: google.py module
...
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel
c1700cc955
fix: google.py module
...
Corrects import for gh.com/abenassi/Google-Search-API.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven
6fc3b2a860
Update yeti.py
...
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven
294bdee51a
Update yeti.py
...
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven
33bba708bf
Update yeti.py
...
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven
bf617807df
Update yeti.py
...
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven
9de5dd89ee
Update yeti.py
...
add logs
2021-03-05 15:14:25 +01:00
Sebdraven
7e1bf41d47
Update yeti.py
...
add logs
2021-03-05 15:08:32 +01:00
Sebdraven
cb008124c3
Update yeti.py
...
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven
e3f23793e0
Update yeti.py
...
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven
6aff43cf99
Update yeti.py
...
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven
800020d6a2
Update yeti.py
...
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven
e2a1ade14a
Update yeti.py
...
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven
3fdce84ff7
Update yeti.py
...
add log
2021-03-05 11:24:43 +01:00
Sebdraven
e7cb15a0c4
Update yeti.py
...
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven
0f31893fdb
Update yeti.py
...
add logs
2021-03-05 11:06:12 +01:00
Sebdraven
1209cd3a75
yeti pluggin
...
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Jakub Onderka
38457f0a7b
fix: Consider mail body as UTF-8 encoded
2021-03-02 15:03:15 +01:00
Sebdraven
1def6e3f06
Update yeti.py
...
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven
b29b3ded28
Update yeti.py
...
add method version
2021-02-05 11:47:27 +01:00
Sebdraven
619d648084
Update yeti.py
...
correct import
2021-02-05 11:37:34 +01:00
Sebdraven
66fc121dbe
Update yeti.py
...
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven
7781a0cae7
add new module
...
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh
2832466f7f
Update assemblyline_submit.py
2021-02-02 22:56:02 +10:30
adammchugh
6f5c77ef08
Update assemblyline_query.py
2021-02-02 22:55:09 +10:30
adammchugh
07b8968b7d
Update assemblyline_submit.py
2021-02-02 22:52:27 +10:30
Cory Kennedy
774b2f37a6
Corrected VMray rest API import
...
When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy
ff9ac60bbd
Merge pull request #457 from trustar/main
...
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden
bad538653d
added more explicit error messages for indicators that return no enrichment data
2020-12-04 11:59:57 -08:00
Jens Thom
0e4e432dc4
fix imports and unused variables
2020-11-30 12:48:01 +01:00
Jens Thom
a404202d1d
Merge remote-tracking branch 'upstream/main' into main
2020-11-30 12:23:11 +01:00
Jens Thom
2a870f2d97
* add parser for report version v1 and v2
...
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix
2544218899
fixed error reported by LGTM analysis
2020-11-23 16:28:23 +01:00
milkmix
47980ef2eb
added missing quotes
2020-11-21 08:52:18 +01:00
milkmix
30d9ae6032
added URL support
2020-11-20 18:56:28 +01:00
milkmix
71d2aeaacd
typo in python src name
2020-11-20 16:31:48 +01:00
milkmix
451531326d
initial work on Defender for Endpoint export module
2020-11-20 16:29:08 +01:00
chrisr3d
575bed0da8
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-18 11:52:53 +01:00
chrisr3d
2464172e1a
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-11-18 11:34:33 +01:00
chrisr3d
c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue
2020-11-15 20:15:06 +01:00
chrisr3d
d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name
2020-11-15 20:11:08 +01:00
chrisr3d
dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
...
- The rrset and rdata queries remain the same but
with the parameter `flex_queries`, users can
also get the results of the flex rrnames & flex
rdata regex queries about their domain, hostname
or ip address
- Results can thus include passive-dns objects
containing the `raw_rdata` object_relation added
with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d
993a614a20
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-13 16:47:07 +01:00
chrisr3d
32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields
2020-11-13 15:49:58 +01:00
chrisr3d
bd3fa3ea07
chg: [cpe] Added default limit to the results
...
- Results returned by CVE-search are sorted by
cvss score and limited in number to avoid
potential massive amount of data retuned back
to MISP.
- Users can overwrite the default limit with the
configuration already present as optional, and
can also set the limit to 0 to get the full list
of results
2020-11-13 15:46:41 +01:00
chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00