MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
2,566 Commits
7 Branches
55 Tags
20 MiB
Commit Graph

1337 Commits (main)

Author SHA1 Message Date
Christian Studer 4accbc9823
chg: [vulnerability_lookup] Adding to the vulnerability object the Vulnerability Lookup link to the vulnerability description 2024-12-19 17:10:19 +01:00
Christian Studer 9d492af227
chg: [cve] Updated module to use the Vulnerability Lookup API 
- API available at https://cve.circl.lu
 2024-12-19 17:06:29 +01:00
Christian Studer a2d2682eaf
chg: [vulnerability_lookup] Moving the parsing code to the vulnerability parser script 
- `VulnerabilityLookupParser` can then be reused in other modules if needed
 2024-12-19 17:03:32 +01:00
Christian Studer 863dee1338
add: [vulnerability_lookup] Module info 2024-12-19 16:55:15 +01:00
Christian Studer 9c83fa17ea
Merge branch 'main' of github.com:MISP/misp-modules 2024-12-18 09:29:22 +01:00
Christian Studer 6d29742459
fix: [vulnerability_lookup] Quick fix on a typing and an indentation 
- Typing was correct but failing for some old python versions
 2024-12-18 09:28:16 +01:00
Alexandre Dulaunoy 9f1efde2f9
fix: [reversedns] add the `ip` attribute type 2024-12-17 20:59:17 +01:00
Christian Studer f829c755ce
add: [vulnerability_lookup, variot] Parsing CVSS v2 too 2024-12-16 17:17:51 +01:00
Christian Studer 71e1e11581
add: [vulnerability_lookup] Parsing Tailscale descriptions 2024-12-16 17:15:40 +01:00
Christian Studer 97f6afc604
fix: [vulnerability_lookup] Better reference between vulnerability and weakness objects 2024-12-16 16:43:50 +01:00
Christian Studer 157ac8ca99
add: [vulnerability_lookup] Parsing JVNDB descriptions 2024-12-16 16:42:53 +01:00
Christian Studer 4ff402e117
add: [vulnerability_lookup] Enhanced CSAF format parsing 
- Supporting NCSC-NL CSAF format & the CISA CSAF
    format prefixed with `va`
- Extracting cpe information from `product_tree`
    for all the CSAF formats
 2024-12-16 16:41:01 +01:00
Christian Studer 8b3da50c57
add: [vulnerability_lookup] Handling weakness (CWE) information while parsing OpenSSF vulnerability descriptions 2024-12-16 16:39:46 +01:00
Christian Studer 8acd890605
fix: [vulnerability_lookup] Fixed potentially missing fields in the GSD description of a vulnerability 2024-12-16 13:23:07 +01:00
Christian Studer cd8a2881d4
add: [vulnerability_lookup] Handling weakness (CWE) information while parsing github vulnerabilities 2024-12-16 13:13:21 +01:00
Christian Studer 5488396938
add: [vulnerability_lookup] Added cpe information from CVE lookups 2024-12-16 11:54:57 +01:00
Christian Studer 63cffa2b2f
fix: [vulnerability_lookup] Updated API url 2024-12-16 10:25:21 +01:00
Alexandre Dulaunoy 3033525c93
fix: [yara_query] description fixed 2024-12-13 08:29:18 +01:00
Sami Mokaddem d45dec6273
Merge remote-tracking branch 'origin/main' 2024-11-18 09:57:41 +01:00
Sami Mokaddem e8537592d7
chg: [expansion:convert_markdown_to_pdf] Better support of margins and added installation notes 
- Add to introduce hacky code  as wkhtmltopdf could not correctly parse margins
and other options such as --disable-smart-shrinking when passed by pandoc
 2024-11-18 09:54:12 +01:00
Koen Van Impe c7c3f7f628
Update urlscan.py 
Avoid stopping with "net::ERR_ABORTED", "net::ERR_FAILED", "net::ERR_QUIC_PROTOCOL_ERROR"
Add PTR, TLSIssuer, Server, Page Title
Update comment field to include more detailed description of enrichment.
 2024-11-12 20:21:15 -04:00
Koen Van Impe 27751e9dcd
Update urlscan.py 
Avoid exiting after 'net::ERR_ABORTED' and 'net::ERR_FAILED'; still return the results.
 2024-11-12 22:07:50 +01:00
Sami Mokaddem e17aad3aeb
Merge remote-tracking branch 'origin/main' 2024-11-08 09:54:50 +01:00
Sami Mokaddem aa6f4c4bc8
chg: [expansion:convert_markdown_to_pdf] Added support of `margin` configuration 2024-11-08 09:54:34 +01:00
Alexandre Dulaunoy 68d4ad1d34
fix: [mmdb_lookup] moduleinfo new format updated 2024-10-29 06:25:23 +01:00
Koen Van Impe fe2f2acd42 Be more consistent with max_country_qt / max_country_info_qt 2024-10-18 22:04:38 +02:00
Koen Van Impe 4c6a215802 Extend MMDB with max_country_qt 
When querying MMDB there are sometimes multiple country_info objects returned, mostly due to the different db_source. Sometimes customers are not interested in the db_source, and only the geo-info.
This change adds max_country_qt. When
- Set to None or 0, has no effect
- Set to a value higher than 0, the number of country_info entries is limited to max_country_qt
 2024-10-18 22:00:46 +02:00
Sami Mokaddem 73e6ae2f58
fix: [expansion:init] Added new module `convert_markdown_to_pdf` for loading 2024-10-15 13:45:13 +02:00
Sami Mokaddem edad5580dd
Merge remote-tracking branch 'origin/main' 2024-10-15 12:00:11 +02:00
Sami Mokaddem eb55006f15
new: [expansion:convert_markdown_to_pdf] Added module to render a markdown (under GFM) into PDF 2024-10-15 11:58:42 +02:00
Sami Mokaddem 4ea30ae3a8
new: [expansion] Added skeleton module for the misp_standard format 2024-10-02 12:14:07 +02:00
Koen Van Impe 7ee975e57b
Update dns.py 
Get rid of 'jj' in DNS module description field
 2024-10-02 11:31:39 +02:00
Christian Studer 59c994678d
chg: [circl_passivedns] Using `time_first` & `time_last` as `first_seen` and `last_seen` fields on the `passive-dns` objects 
- Should fix #692
 2024-09-26 11:08:22 +02:00
Sami Mokaddem 75576f0016 Merge remote-tracking branch 'origin/main' 2024-09-03 11:14:54 +02:00
Sami Mokaddem 28390ac9ae fix: [expansion:virus_total] Capture `ForbiddenError` from vr.APIError correctly 2024-09-03 11:13:41 +02:00
Alexandre Dulaunoy a01aa157e5
Merge pull request #687 from crowdsecurity/feat/release-2.1.0 
feat(crowdsec): Update module (v2.1.1)
 2024-08-24 07:52:20 +02:00
Julien Loizelet 4dc71af301
feat(crowdsec): Use misp-objects template and check IP 2024-08-23 17:04:07 +09:00
Alexandre Dulaunoy 55a3d8e9f5
chg: [modules] formatting updated 2024-08-22 15:14:11 +02:00
Alexandre Dulaunoy 80f1f6ec1e
chg: [modules] add a loogo in the moduleinfo 2024-08-22 15:10:55 +02:00
Alexandre Dulaunoy 318318726b
Merge remote-tracking branch 'karen/main' into karenyousefi-main 2024-08-22 15:05:54 +02:00
Julien Loizelet 8c1d7b2c20
feat(crowdsec): Add missing moduleinfo fields 2024-08-22 14:48:30 +09:00
Julien Loizelet 57a1965b52
feat(crowdsec): Update module (v2.1.0) 2024-08-22 11:23:30 +09:00
Karen Yousefi dea91594ae
Update __init__.py 2024-08-19 23:25:44 -07:00
Karen Yousefi 2247e90e42
Update __init__.py 
fix bug pr #682
 2024-08-20 03:20:27 +03:30
Alexandre Dulaunoy feeeaddeb1
fix: [expansion] whois module added back 2024-08-19 11:23:45 +02:00
Alexandre Dulaunoy fd45532501
new: [whois] added back the whois module based on Raphael changes 2024-08-19 11:21:46 +02:00
Stefano Ortolani b89a33b74f Migrate to poetry and optimize dependencies 2024-08-17 15:54:37 +01:00
Karen Yousefi f7a4545727
Add Triage Submit 
Module to submit samples to tria.ge
 2024-08-16 18:52:01 -07:00
Karen Yousefi 1d5d0336c6
MalShare Upload 
Module to push malware samples to MalShare
 2024-08-16 18:50:33 -07:00
Karen Yousefi e3472136f0
VirusTotal Upload 
Module to push malware samples to VirusTotal
 2024-08-16 18:49:35 -07:00