MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
2,566 Commits
7 Branches
55 Tags
20 MiB
Commit Graph

1337 Commits (main)

Author SHA1 Message Date
Christophe Vandeplas 1bdb24c9bc
fix: fixes issues added in latest commit 2024-08-12 11:34:13 +02:00
Christophe Vandeplas 842f91a4db
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00
Christophe Vandeplas 79442c2cd3
fix: [modules] many modules not loaded as python module 2024-08-10 08:06:14 +02:00
Christophe Vandeplas 9e95c0e81d
fix: [cisco_firesight_manager_ACL_rule_export] include in __init__ 2024-08-10 07:46:01 +02:00
Christophe Vandeplas 33824e04ad
fix: [yara_export] add new module to __init__ 2024-08-10 07:39:53 +02:00
Christophe Vandeplas 01b07975a4
Merge branch 'main' of https://github.com/MISP/misp-modules 2024-08-09 15:54:10 +02:00
Christophe Vandeplas 20ec7c8a18
new: [yara_export] new export module 2024-08-09 15:53:27 +02:00
Germán Esteban 7a3ab8e413
Merge branch 'MISP:main' into main 2024-08-09 10:54:45 +02:00
Christophe Vandeplas dd3ac91afd
fix: [cve] fix CVE module to new vulnerability.circl.lu url 2024-08-09 09:53:14 +02:00
Germán Esteban 5daf7c6628
Merge branch 'MISP:main' into main 2024-08-09 07:54:35 +02:00
Daniel Pascual d720c38b0f WIP 2024-08-08 16:58:17 +02:00
german-esteban 50b96c0524 Update expansion/vysion.py 2024-08-08 15:40:25 +02:00
Daniel Pascual f6305f4041 WIP 2024-08-08 14:13:07 +02:00
Daniel Pascual 3b69446185 WIP 2024-08-07 17:10:28 +02:00
german-esteban 321879e165 Added cryptocurrencies types #2 2024-08-07 15:53:15 +02:00
german-esteban 572a97d1ee Added cryptocurrencies types 2024-08-07 15:45:55 +02:00
Daniel Pascual 798f05a117 Add more attributes to the GTI enrichment 2024-08-07 11:16:57 +02:00
german-esteban ba9798cf87 Update expansion module + Vysion client update version 2024-08-05 12:58:19 +02:00
Koen Van Impe 672640083b Fix 'Object' object has no attribute 'url' in virustotal 
Fix

File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/__init__.py", line 210, in run_request
    response = module.handler(q=json_payload)
  File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 248, in handler
    parser.query_api(attribute)
  File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 46, in query_api
    self.input_types_mapping[self.attribute.type](self.attribute.value)
  File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 143, in parse_hash
    related_file_object = self.create_misp_object(related_file)
  File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 83, in create_misp_object
    misp_object.add_attribute('Url', type='url', value=report.url)
  File "/var/www/MISP/venv/lib/python3.8/site-packages/vt/object.py", line 160, in __getattribute__
    value = super().__getattribute__(attr)
AttributeError: 'Object' object has no attribute 'url'
 2024-08-02 11:24:26 +02:00
Stefano Ortolani a52da45eff Update pandas and pandas_ods_reader and patch ods_enrich 2024-07-19 11:02:36 +01:00
Stefano Ortolani 308c5fb3ce Improve compatibility and upgrade python to 3.12 
Changes:
* Remove vysion (not compatible with python 3.12 and no public repository)
* Remove stiximport (requires archaic version of pymisp)
* Update Python to 3.12
* Pin Numpy to 1.X
* Add missing dependencies
* Commit lock file
* Update requirements file
 2024-07-12 17:09:19 +01:00
Alexandre Dulaunoy d49d8ececf
Merge pull request #669 from VirusTotal/update_doc_references 
chore: Update virustotal documentation references
 2024-07-11 08:19:13 +01:00
silviacuenca 64b7ef1340 Update doc references 2024-07-10 17:04:48 +02:00
Christian Studer 2423bc7ade
fix: [vulnerability_lookup] Avoiding issues with `Iterator` in python3.8 2024-07-08 11:52:26 +02:00
Christian Studer 7d7dc1e633
fix: [vulnerability_lookup] Avoiding KeyError exceptions on some fields 2024-07-02 11:09:26 +02:00
Christian Studer 42fb1bcf14
new: [vulnerability_lookup] New module to query Vulnerability Lookup 
- Reusing the `variotdbs` code to parse the
  vulnerability description from VariotDB
 2024-07-01 23:25:37 +02:00
Alexandre Dulaunoy cd435c0565
fix: [ipasn] add support for `ip` type 2024-06-06 09:54:20 +02:00
Daniel Pascual a9dda347bb Add web doc and fix logo for the Google Threat Intelligence module 2024-05-14 12:47:20 +02:00
Daniel Pascual 636dc3cdfa merge 2024-05-13 20:28:41 +02:00
Daniel Pascual 3af14a7f6e Logo and desc 2024-05-13 20:00:14 +02:00
Daniel Pascual da072cc38a Remove debug traces 2024-05-13 19:50:46 +02:00
Daniel Pascual bb42e5d9c1 Google Threat Intelligence MISP module 2024-05-13 10:59:21 +02:00
Alexandre Dulaunoy b5579e5e42
chg: [virustotal] support ip-src/ip-dst|port attribute type 
Fix #632
 2024-05-09 17:43:24 +02:00
Alexandre Dulaunoy 8b25af853f
fix: [virustotal] fix the typo for the VT link 
Fix #644
Fix #595
 2024-05-09 17:32:29 +02:00
Alexandre Dulaunoy e4d93173a7
fix: [core] the default buffer size in Tornado HTTP server is not enough 
for large MISP event.

Fix #662
 2024-05-09 17:15:27 +02:00
Alexandre Dulaunoy 55d7fc95dc
fix: [dns] add the exception in the error message 
As there are still distribution installing old version of dnspython,
it's easier to debug if we receive the exception directly in misp-module.
 2024-05-09 17:03:18 +02:00
goodlandsecurity 80a5bd1e77
add slack action module 2024-05-09 08:57:25 -05:00
goodlandsecurity f5ff7d37d8
add stairwell expansion module and update misp-objects to a193e03 2024-05-08 10:47:35 -05:00
Sami Mokaddem 28a9381216
chg: [action:mattermost] Added support of jinja_supported config 2024-02-19 15:45:19 +01:00
Jakub Onderka 8663db0152 chg: [server] Cache module list JSON 2024-01-09 12:43:42 +01:00
Jakub Onderka 5b57b8b296 fix: [server] Serializing PyMISP objects 2024-01-09 12:19:48 +01:00
Jakub Onderka 9446fd2ac6 chg: [server] Fail if server could not be started 2024-01-09 12:19:23 +01:00
Jakub Onderka 80eae92093 new: [log] Enable access log 2024-01-08 22:07:51 +01:00
Jakub Onderka 938e30007b chg: [internal] Resolve deprecation warning in btc_spam_check 2024-01-08 21:36:34 +01:00
Jakub Onderka 19d5f367a3 chg: [internal] Resolve deprecation warning in dbl_spamhaus 2024-01-08 21:36:14 +01:00
Jakub Onderka 13e48821c6 chg: [internal] Resolve deprecation warning in dns 2024-01-08 21:35:55 +01:00
Jakub Onderka bfe7fddf72 chg: [internal] Resolve deprecation warning in reversedns 2024-01-08 21:35:37 +01:00
Jakub Onderka fa744c72e5 chg: [internal] Resolve deprecation warning in qrcode 2024-01-08 21:35:18 +01:00
Jakub Onderka 658ae11941 chg: [internal] Optimise email_import 2024-01-06 23:30:21 +01:00
Jakub Onderka 4596d76887 chg: [internal] Optimise csvimport 2024-01-06 22:27:36 +01:00
Jakub Onderka 193d7fd0bc new: [internal] Avoid double JSON decoding 2024-01-06 19:13:36 +01:00
Jakub Onderka 92d7076243 fix: [internal] Code style 2024-01-06 14:20:10 +01:00
Jakub Onderka 479ac05bdf fix: [log] Disable duplicate logging to stderr and stdout, keep stderr only 2024-01-06 14:12:48 +01:00
Jakub Onderka 1764b24647 fix: [apiosintds] Try to fix tests 2024-01-06 13:40:39 +01:00
Jakub Onderka c65c65621f new: [internal] Add /healthcheck endpoint 2024-01-06 13:37:23 +01:00
Jakub Onderka 57e04d6b6c chg: [internal] Optimise clamav to avoid JSON decoding/encoding 2024-01-06 13:37:23 +01:00
Jakub Onderka cbaa2f85a2 chg: [internal] Add support for orjson 2024-01-06 13:37:23 +01:00
Jakub Onderka ea2697c5ce chg: [internal] Code style 2024-01-06 11:59:22 +01:00
Alexandre Dulaunoy 89d1691592
chg: [misp-objects] updated 2023-12-22 13:48:55 +01:00
Germán Esteban López 0a654f6394 Fix vysion.py return error 2023-12-20 16:11:56 +01:00
Germán Esteban López 21c6bcbb2c Added vysion.py 2023-12-15 10:45:16 +01:00
Germán Esteban López cd0f1654c5 Added vysion expansion and documentation 2023-12-13 12:06:40 +01:00
ip2location 59116b4769 Removed ip2locationio from joe_parser lib. 2023-12-11 10:14:33 +08:00
ip2location f0b610907d Update ip2locationiopy and add documentations 2023-12-08 10:01:14 +08:00
ip2location 58265dc925 Add IP2Location.io module 2023-12-07 10:40:04 +08:00
Milo Volpicelli 52f53f81d0 cluster25_expand: handles related items and more 2023-11-07 15:23:33 +00:00
Milo Volpicelli a4bcc15db0 enriches with c25 MISP objects 2023-10-26 15:47:22 +00:00
Milo Volpicelli ce7d1175e7 remove addition of cluster25 import module 2023-10-26 15:33:16 +00:00
Milo Volpicelli 0b167df5b0 actual expand implementation 2023-10-20 13:22:26 +00:00
Milo Volpicelli a4893d997d adds cluster25 import module 2023-10-20 12:36:22 +00:00
Milo Volpicelli 4c7637237f renamed cluster25.py to cluster25_expand.py, module implementation 2023-10-20 08:37:21 +00:00
Milo Volpicelli f77baec63b adds cluster25.py expansion module and entry in expansion/__init__.py 2023-10-18 14:18:29 +00:00
Sid Odgers 0f5532b2a1 Rename `files_iterator` and related variables to avoid overwriting `file_object` in virustotal enrichments 2023-10-13 15:59:47 +11:00
Daniel Pascual e7e173eb86 Fix export url in VirusTotal Collection module 2023-09-12 14:49:30 +02:00
Alexandre Dulaunoy 4003691a2e
Merge pull request #630 from jthom-vmray/fix-optional-field-access 
fix optional field access
 2023-08-22 11:16:36 +02:00
Luciano Righetti 1bbe16eabc fix: remove unused import 2023-08-03 11:57:53 +02:00
Luciano Righetti 10c333cd1c
Merge pull request #628 from righel/add-sigmf-expand-module 
new: add sigmf module to expand a sigmf recording object template
 2023-08-03 09:37:50 +02:00
Luciano Righetti 23069a7c5d add: support extracting sigmf archives into sigmf recordings 2023-08-03 09:25:46 +02:00
Jens Thom 5f77a68ee3 fix optional field access 2023-07-19 12:54:27 +02:00
Sami Mokaddem 296c7fb16a
Merge branch 'main' of github.com:MISP/misp-modules into main 2023-07-13 10:15:14 -04:00
Sami Mokaddem fb86bb0510
chg: [expansion:extract_url_components] Better support in case attributes are not defined 2023-07-13 10:14:04 -04:00
Sami Mokaddem b01dc1d22b
chg: [action:mattermost] Improved support of hostname/url 2023-07-13 10:13:01 -04:00
Sami Mokaddem fa9854e6cd
Merge pull request #629 from TinyHouseHippos/abuseipdb_googlesafebrowsing 
Added the new attribute and tags for AbuseIPDB and added the google s…
 2023-07-13 10:08:00 -04:00
Steph S 43e1eb07d0 Added the new attribute and tags for AbuseIPDB and added the google safe browsing expansion module 2023-07-13 09:33:59 -04:00
Luciano Righetti df2183ce54 fix: properly read samples in different datatypes 2023-07-13 11:06:25 +02:00
Luciano Righetti e26bfef477 fix: remove debug 2023-07-12 15:51:50 +02:00
Luciano Righetti 3f0fa14545 new: add waterfall plot to the expanded object 2023-07-12 15:34:44 +02:00
Luciano Righetti 5e2957b13f new: add sigmf module to expand a sigmf recording object template 2023-07-11 16:42:33 +02:00
Alexandre Dulaunoy 93bae11e33
Merge pull request #627 from hyasinfosec/main 
Added User Agent
 2023-07-11 06:35:41 +02:00
Alexandre Dulaunoy 8401470359
Merge pull request #626 from GeekWeekSteph/abuseipdb2 
Fixed object reference issue for the AbuseIPDB expansion module
 2023-07-11 06:35:05 +02:00
Rambatla Venkat Rao 7d006566cf
Added User Agent 2023-07-11 08:26:16 +05:30
Steph S 513d292994 Fixed object reference issue for the AbuseIPDB expansion module 2023-07-10 17:14:15 -04:00
Alexandre Dulaunoy ea0c6f9ac2
Merge pull request #625 from GeekWeekSteph/abuseipdb 
Added AbuseIPDB expansion module
 2023-07-10 21:56:50 +02:00
Steph S 53b7a76824 Added AbuseIPDB expansion module 2023-07-10 15:08:47 -04:00
Davide 702158ab16 Bug fix 2023-07-09 13:37:19 +02:00
Davide 4e00e60951 Bug fix 2023-07-09 13:35:47 +02:00
Davide 80dba63a8b Module updated to apiosintDSv2.0 2023-07-09 12:42:59 +02:00
maikwuerth b074801b00
add ip-src and ip-dst to types_to_use 2023-07-07 10:40:54 +02:00
maikwuerth a6db0b163f
add period to query and changed query for url and domain hunts 2023-07-06 16:18:46 +02:00
Koen Van Impe 436ed0cea9 Small bug fix for vulners - vulners_ai_score 2023-07-04 16:17:05 +02:00