chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer
38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
...
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
chrisr3d
3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
...
- The module no longer returns freetext, since the
result returned to the freetext import as text
only allowed MISP to parse the same AS number as
the input attribute.
- The new result returned with the updated module
is an asn object describing more precisely the
AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d
ae1016946b
fix: Making pep8 happy
2020-08-28 17:30:23 +02:00
chrisr3d
1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
...
- As expected with the misp_standard modules, the
input is a full attribute and the module is able
to return attributes and objects
- There was a lot of data that was parsed as regkey
attributes by the freetext import, the module now
parses properly the different field of the result
of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh
8087c9a6a1
Add proxy support and User-Agent header
2020-08-24 11:19:15 +02:00
David André
b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py
2020-08-24 10:11:08 +02:00
Jakub Onderka
bd7f7fa1f3
fix: [virustotal] Resolve key error when user enrich hostname
2020-08-17 17:34:21 +02:00
Jesse Hedden
10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update
2020-08-10 08:08:06 -07:00
Jesse Hedden
a3c01fa318
added comments
2020-08-10 07:53:24 -07:00
Jesse Hedden
91417d390b
added comments
2020-08-09 20:41:52 -07:00
Jesse Hedden
0b576faa68
added comments
2020-08-09 20:36:47 -07:00
Jesse Hedden
2d464adfd6
added error checking
2020-08-09 20:29:37 -07:00
johannesh
85d319e85e
Fix typo error introduced in commit: 3b7a5c4dc2
2020-08-07 10:36:40 +02:00
Jesse Hedden
ee21a88127
updating to include metadata and alter type of trustar link generated
2020-08-06 21:59:13 -07:00
chrisr3d
f1dac0c8df
fix: Fixed pep8
2020-07-28 15:23:24 +02:00
chrisr3d
d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits
2020-07-28 15:06:25 +02:00
chrisr3d
3ab67b23b6
fix: Avoid issues with the attribute value field name
...
- The module setup allows 'value1' as attribute
value field name, but we want to make sure that
users passing standard misp format with 'value'
instead, will not have issues, as well as
keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d
3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
...
- Checking if the input format is respected and
displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d
8180ecbfa8
chg: Making use of the Greynoise v2 API
2020-07-27 17:20:36 +02:00
johannesh
c91a61110a
Add Recorded Future expansion module
2020-07-23 12:28:56 +02:00
chrisr3d
a4e9fe456e
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-07-03 10:24:45 +02:00
chrisr3d
8e4c688dce
fix: Fixed list of sigma backends
2020-07-03 10:10:24 +02:00
Jakub Onderka
cda5feedaa
fix: [virustotal] Subdomains is optional in VT response
2020-07-01 16:13:40 +02:00
chrisr3d
26b0357ac7
fix: Making pep8 happy
2020-06-30 23:10:35 +02:00
chrisr3d
3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp
2020-06-30 18:07:14 +02:00
chrisr3d
cadcc8947c
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-06-30 17:14:38 +02:00
Jesse Hedden
a91d50b507
corrected variable name
2020-06-27 17:29:01 -07:00
Jesse Hedden
9e1bc5681b
fixed indent
2020-06-25 15:22:54 -07:00
Jesse Hedden
2d31b4e037
fixed incorrect attribute name
2020-06-25 13:10:50 -07:00
Jesse Hedden
61fbb30e1c
fixed metatag; convert summaries generator to list for error handling
2020-06-25 10:54:34 -07:00
Jesse Hedden
b188d2da4e
added strip to remove potential whitespace
2020-06-24 17:47:41 -07:00
Jesse Hedden
b60d142d32
removed extra parameter
2020-06-22 15:06:39 -07:00
Jesse Hedden
b9d191686f
added try/except for TruSTAR API errors and additional comments
2020-06-22 14:54:37 -07:00
Jesse Hedden
f13233d04c
added comments and increased page size to max for get_indicator_summaries
2020-06-22 13:47:25 -07:00
Jesse Hedden
f3b27ca9c0
updated client metatag and version
2020-06-22 12:58:10 -07:00
Jesse Hedden
68b4fbba09
added client metatag to trustar client
2020-06-22 12:15:28 -07:00
Jesse Hedden
341a569de5
ready for code review
2020-06-21 19:52:17 -07:00
Jakub Onderka
fe1ea90b25
fix: [circl_passivessl] Return proper error for IPv6 addresses
2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy
ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
...
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka
b053e1c01b
fix: [circl_passivessl] Return not found error
...
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka
6e21893be4
fix: [circl_passivedns] Return not found error
...
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka
31d15056f9
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 11:12:47 +02:00
Jesse Hedden
8a95a000ee
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client
2020-05-29 17:21:20 -07:00
chrisr3d
1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2020-05-05 11:53:09 +02:00
Steve Clement
3fd6633c01
fix: [pep] Comply to PEP E261
2020-05-01 12:12:33 +09:00
Matthias Meidinger
ebf71a371b
Update vmray_submit
...
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark
fd3c62c460
Fix variable issue in the loop
2020-04-08 01:07:46 -07:00
Golbark
500f0301a9
Adding support for more input types, including multi-types
2020-04-07 06:53:42 -07:00
Golbark
b79636ccfa
new: usr: Censys Expansion module
2020-04-03 03:15:03 -07:00
chrisr3d
48b381d704
fix: Making pep8 happy
2020-03-18 18:58:11 +01:00
chrisr3d
0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute
2020-03-18 18:05:57 +01:00
chrisr3d
824c0031b3
fix: Catching errors in the reponse of the query to URLhaus
2020-03-18 17:57:55 +01:00
chrisr3d
422f654988
fix: Making pep8 happy with indentation
2020-03-18 10:24:06 +01:00
Koen Van Impe
2713d3c655
Update __init__
2020-03-10 19:50:00 +01:00
Koen Van Impe
c86f4a4180
Make Travis (a little bit) happy
2020-03-10 18:48:25 +01:00
Koen Van Impe
e023f0b470
Cytomic Orion MISP Module
...
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
2020-03-10 18:25:30 +01:00
chrisr3d
0b4d6738de
fix: Making pep8 happy
2020-03-10 11:15:16 +01:00
bennyv
6c00f02e42
Removed Unused Import
2020-03-04 11:54:55 +11:00
bennyv
0a8a829ac1
Fixed handler error handling for missing config
2020-03-04 11:30:44 +11:00
bennyv
a32685df8a
Initial Build of SOPHOSLabs Intelix Product
2020-03-04 09:52:55 +11:00
chrisr3d
cda5004a0d
fix: Removed unused import
2020-02-26 14:18:09 +01:00
chrisr3d
c9c6f69bd4
fix: Making pep8 happy
2020-02-26 11:59:14 +01:00
Christian Studer
fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
...
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d
dea42d3929
chg: Catching missing config issue
2020-02-25 15:22:06 +01:00
Sean Whalen
f5af7faace
Create __init__.py
2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt
df3a6986ea
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls
2020-02-21 12:05:41 +01:00
chrisr3d
27717c0400
fix: Making the module config available so the module works
2020-02-13 11:40:22 +01:00
GlennHD
0ed0ceab9d
Update geoip_asn.py
2020-02-12 23:48:38 -06:00
GlennHD
bdb4185a0a
Update geoip_city.py
2020-02-12 23:48:20 -06:00
GlennHD
46f0f410e7
Added geoip_asn and geoip_city to load
2020-02-12 21:31:41 -06:00
GlennHD
0b9b6c4f41
Added GeoIP_ASN Enrichment module
2020-02-12 21:29:40 -06:00
GlennHD
7a3f9a422d
Added GeoIP_City Enrichment module
2020-02-12 21:28:41 -06:00
Jakub Onderka
acdc4b9d03
fix: [VT] Disable SHA512 query for VT
2020-02-07 12:20:12 +01:00
Hendrik
8f9940200b
Lastline verify_ssl option
...
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy
09cdc7277c
Merge pull request #365 from ostefano/analysis
...
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
Koen Van Impe
036933ea14
2nd fix for VT Public module
2020-01-17 11:26:35 +01:00
Koen Van Impe
610c99ce7b
Fix error message in Public VT module
2020-01-17 10:58:31 +01:00
chrisr3d
31a74a10c1
fix: Fixed ipasn test input format + module version updated
2020-01-10 15:37:54 +01:00
chrisr3d
b3bc533bc3
chg: Making ipasn module return asn object(s)
...
- Latest changes on the returned value as string
broke the freetext parser, because no asn number
could be parsed when we return the full json
blob as a freetext attribute
- Now returning asn object(s) with a reference to
the initial attribute
2020-01-10 15:02:59 +01:00
Erick Cheng
bfcba18e3c
Update ipasn.py
2020-01-07 18:58:40 +01:00
chrisr3d
7945d060ff
new: Enrichment module for querying APIVoid with domain attributes
2019-12-18 17:11:13 +01:00
chrisr3d
2fc0b44b90
fix: Making pep8 happy with whitespace after ':'
2019-12-18 16:16:47 +01:00
chrisr3d
3007761a55
fix: Making pep8 happy by having spaces around '+' operators
2019-12-17 16:31:53 +01:00
chrisr3d
5f90ae776f
fix: Making pep8 happy
2019-12-17 14:29:29 +01:00
chrisr3d
b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects
2019-12-17 11:18:21 +01:00
chrisr3d
9c9f01b6ff
fix: Quick variable name fix
2019-12-17 11:17:56 +01:00
chrisr3d
6849daebfa
chg: Made circl_passivessl module able to return MISP objects
2019-12-17 10:26:43 +01:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
Raphaël Vinot
5d7a829583
chg: Use MISPObject in ransomcoindb
2019-11-26 13:27:02 +01:00
aaronkaplan
06025e63d0
oops , use relative import
2019-11-26 01:52:31 +01:00
aaronkaplan
d73a9b601a
use a helpful user-agent string
2019-11-26 01:08:28 +01:00
aaronkaplan
777483838b
Revert "fix url"
...
This reverts commit 44130e2bf9
.
2019-11-25 22:24:57 +01:00
aaronkaplan
44130e2bf9
fix url
2019-11-25 20:51:20 +01:00
aaronkaplan
24ec4a0e23
remove pprint
2019-11-25 18:56:12 +01:00
aaronkaplan
5350003e3a
initial version of the ransomcoindb expansion module
2019-11-25 18:52:39 +01:00
chrisr3d
ccf12a225c
fix: Making pep8 happy
2019-11-21 17:50:49 -05:00
chrisr3d
96712da5e0
add: Module to query AssemblyLine and parse the results
...
- Takes an AssemblyLine submission link to query
the API and get the full submission report
- Parses the potentially malicious files and the
IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d
de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine
2019-11-20 17:35:37 -05:00
chrisr3d
dc9ea98d2c
fix: Making pep8 happy
2019-11-20 10:13:51 -05:00
chrisr3d
58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine
2019-11-19 15:41:35 -05:00
chrisr3d
f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain
2019-11-17 19:11:26 -05:00
chrisr3d
4990bcebd8
fix: Avoiding KeyError exception when no result is found
2019-11-17 18:00:19 -05:00
chrisr3d
0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
...
- Now able to return MISP objects
- Support of the xforce exchange authentication
with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d
852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list
2019-11-04 16:52:26 +01:00
chrisr3d
bfe227d555
fix: More clarity on the exception raised on the securitytrails module
2019-10-31 17:19:42 +01:00
chrisr3d
69e81b47d7
fix: Better exceptions handling on the passivetotal module
2019-10-31 17:18:23 +01:00
chrisr3d
4411166b43
fix: Fixed config parsing and the associated error message
2019-10-31 11:52:34 +01:00
chrisr3d
4f70011edf
fix: Fixed config parsing + results parsing
...
- Avoiding errors with config field when it is
empty or the apikey is not set
- Parsing all the results instead of only the
first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy
c3c6f1a6ea
Merge pull request #346 from blaverick62/master
...
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick
717be2b859
Removed extraneous comments and unused imports
2019-10-30 15:44:47 +00:00
chrisr3d
b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
...
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d
d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
...
- Avoiding securitytrails to fail with an unavailable
feature for free accounts
- Avoiding urlhaus to fail with input attribute
fields that are not critical for the query and
results
- Avoiding VT modules to fail when a certain
resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d
393b33d02d
fix: Fixed config field parsing for various modules
...
- Same as previous commit
2019-10-30 16:31:57 +01:00
chrisr3d
d0ddfb3355
fix: [expansion] Better config field handling for various modules
...
- Testing if config is present before trying to
look whithin the config field
- The config field should be there when the module
is called form MISP, but it is not always the
case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick
c1ca936910
Fixed syntax error
2019-10-29 20:14:07 +00:00
Braden Laverick
c06ceedfb8
Changed to single attribute EQL
2019-10-29 20:11:35 +00:00
Braden Laverick
a426ad249d
Added EQL enrichment module
2019-10-29 19:42:47 +00:00
chrisr3d
dc7463a67e
fix: Avoid issues when some config fields are not set
2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy
dec2494a0a
chg: [apiosintds] make flake8 happy
2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy
fdbb0717e0
Merge pull request #344 from davidonzo/master
...
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d
204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules
2019-10-28 16:45:50 +01:00
chrisr3d
7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management
2019-10-28 16:39:08 +01:00
milkmix
bdc5282e09
updated to geoip2 to support mmdb format
2019-10-25 18:09:44 +02:00
Davide
56e16dbaf5
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-24 12:49:29 +02:00
chrisr3d
e1602fdca9
fix: Updates following the latest CVE-search version
...
- Support of the new vulnerable configuration
field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d
63dba29c52
fix: Fixed module names with - to avoid errors with python paths
2019-10-18 11:09:10 +02:00
chrisr3d
d740abe74b
fix: Making pep8 happy
2019-10-17 10:45:51 +02:00
chrisr3d
a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError
2019-10-17 10:42:34 +02:00
chrisr3d
5f7b127713
chg: Avoids returning empty values + easier results parsing
2019-10-15 23:30:39 +02:00
chrisr3d
8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration
2019-10-15 11:25:30 +02:00
chrisr3d
6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true
2019-10-13 20:23:02 +02:00
chrisr3d
b560347d5d
fix: Considering the case of empty results
2019-10-08 15:49:09 +02:00
chrisr3d
8bcb630340
fix: Catching results exceptions properly
2019-10-08 15:48:26 +02:00
chrisr3d
2850d6f690
fix: Catching exceptions and results properly depending on the cases
2019-10-08 15:45:06 +02:00
chrisr3d
5d4a0bff98
fix: Handling cases where there is no result from the query
2019-10-08 13:28:23 +02:00
chrisr3d
662e58da88
fix: Fixed pattern parsing + made the module hover only
2019-10-07 16:46:32 +02:00
chrisr3d
b9b78d1606
fix: Travis tests should be happy now
2019-10-04 17:22:32 +02:00
chrisr3d
6801289175
fix: Returning results in text format
...
- Makes the hover functionality display the full
result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d
09590ca451
fix: Making pep8 happy
2019-09-17 14:13:05 +02:00
Christian Studer
205342996a
Merge pull request #335 from FafnerKeyZee/patch-2
...
Travis should not be complaining with the tests after the latest update on "test_cve"
2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_]
dc84c9f972
adding custom API
...
Adding the possibility to have our own API server.
2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_]
5c09b66706
Cleaning the error message
...
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d
8d33d6c18c
add: New parameter to specify a custom CVE API to query
...
- Any API specified here must return the same
format as the CIRCL CVE search one in order to
be supported by the parsing functions, and
ideally provide response to the same kind of
requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
chrisr3d
415fa55fff
fix: Avoiding issues when no CWE id is provided
2019-08-06 15:55:50 +02:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
4df528c331
add: Added initial event to reference it from the vulnerability object created out of it
2019-08-02 15:35:33 +02:00
chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
f541b1f4ba
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-29 10:50:39 +10:00
Georg Schölly
1745d33ee4
add expansion for joe sandbox
2019-05-21 21:14:21 +02:00
chrisr3d
d4bc85259d
fix: Removed unused library
2019-05-02 14:15:12 +02:00
chrisr3d
a5ff849950
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-02 13:23:24 +02:00
Steve Clement
553cf44337
fix: [pep8] Fixes
2019-05-02 10:37:48 +09:00
Koen Van Impe
c8a4d8d76f
New VMRay modules
...
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
2019-05-01 22:44:24 +02:00
root
92351e6679
add: Added urlhaus in the expansion modules init list
2019-05-01 22:22:10 +02:00
root
9d3741aeb9
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-30 08:59:05 +02:00
Alexandre Dulaunoy
ec766f571c
chg: [init] cleanup for pep
2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy
63c12f34e6
chg: [pdf-enrich] updated
2019-04-26 13:36:07 +02:00
Sascha Rommelfangen
fc339c888d
removed trailing whitespaces
2019-04-26 12:14:56 +02:00
Sascha Rommelfangen
1d4f8a6989
new modules added
2019-04-26 12:09:16 +02:00
Sascha Rommelfangen
f55d7946df
introduction of new modules
2019-04-26 12:07:55 +02:00
Sascha Rommelfangen
06036b7fe5
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-04-24 15:01:03 +02:00
Sascha Rommelfangen
07f759b07a
renamed file
2019-04-24 14:53:16 +02:00
Sascha Rommelfangen
5104bce451
renamed module
2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy
81b0082ae5
chg: [init] removed trailing whitespace
2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy
614fc1354b
chg: [ocr] re module not used - removed
2019-04-24 14:01:08 +02:00
Sascha Rommelfangen
7171c8ce92
initial version of OCR expansion module
2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy
18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo
...
Expansion module - File/URL submission to Cuckoo Sandbox
2019-04-23 19:36:28 +02:00
Sascha Rommelfangen
2d8aaf09c2
brackets are difficult...
2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy
e55ae11a1e
chg: [qrcode] added to the __init__
2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy
44050ec4da
chg: [qrcode] flake8 needs some drugs
2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy
d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant
2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy
a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module
2019-04-23 14:33:06 +02:00
Sascha Rommelfangen
c85ab8d93c
initial version of QR code reader
...
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
2019-04-23 11:38:56 +02:00
Ricardo van Zutphen
e6326185d5
Use double quotes and provide headers correctly
2019-04-19 16:24:30 +02:00
Ricardo van Zutphen
49acb53745
Update Cuckoo module to support files and URLs
2019-04-19 14:06:35 +02:00
Evert0x
e243edb503
Update __init__.py
2019-04-18 14:25:05 +02:00
Evert0x
eefa35c65d
Create cuckoo_submit.py
2019-04-18 00:23:38 +02:00
Raphaël Vinot
f82933779f
fix: pep8 foobar.
2019-04-02 16:01:36 +02:00
Raphaël Vinot
9cb21f98e1
fix: Add the new module sin the list of modules availables.
2019-04-02 15:46:17 +02:00
Raphaël Vinot
c64f514a6f
fix: Typos in variable names
2019-04-02 15:39:27 +02:00
Raphaël Vinot
b89d068c04
new: Modules for greynoise, haveibeenpwned and macvendors
...
Source: https://github.com/src7/misp-modules
2019-04-02 15:30:11 +02:00
root
38fc479d12
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-01 16:29:10 +02:00
root
2439d5f75d
fix: Fixed object_id variable name typo
2019-04-01 16:28:19 +02:00
Raphaël Vinot
1c0984eaec
fix: Remove unused import
2019-03-15 11:06:11 +01:00
chrisr3d
d87a67c6f3
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-03-14 19:04:32 +01:00
chrisr3d
0b92fd5a53
fix: Making json_decode even happier with full json format
...
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
2019-03-14 18:48:13 +01:00
Sascha Rommelfangen
5af667edff
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-03-14 14:41:24 +01:00
Sascha Rommelfangen
eb2dcca12b
fixed a bug when checking malformed BTC addresses
2019-03-14 14:39:58 +01:00
chrisr3d
62bc45e03a
fix: Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part
2019-03-14 14:31:38 +01:00
chrisr3d
9c8ee1f3d7
new: Expansion module to query urlhaus API
...
- Using the next version of modules, taking a
MISP attribute as input and able to return
attributes and objects
- Work still in process in the core part
2019-03-13 09:57:28 +01:00
Alexandre Dulaunoy
0bf27c1b69
chg: [btc_scam_check] fix spacing for making flake 8 happy
2019-02-11 14:23:18 +01:00
chrisr3d
74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-02-11 09:28:49 +01:00
Alexandre Dulaunoy
f0ccfd2027
chg: [backscatter.io] blind fix regarding undefined value
2019-02-10 16:56:01 +01:00
Alexandre Dulaunoy
7b1a837b10
chg: [backscatter.io] remove blank line at the end of the file
2019-02-10 16:40:06 +01:00
Alexandre Dulaunoy
acc35e3a02
chg: [backscatter.io] Exception handler fixed for recent version of Python
2019-02-10 16:33:09 +01:00
9b
c8b410161a
Use the write var on return
2019-02-08 12:29:43 -05:00
9b
e4c1468968
Stubbed module
2019-02-08 12:27:20 -05:00
chrisr3d
08fe0cbe09
fix: Description fixed
2019-02-05 14:54:22 +01:00
chrisr3d
d1000d82c4
add: New module to check if a bitcoin address has been abused
...
- Also related update of documentation
2019-02-05 14:46:42 +01:00
Raphaël Vinot
454c9e0f43
fix: Pep8 related fixes.
2019-02-04 11:05:51 +01:00
Raphaël Vinot
3d47eb7420
fix: make flake8 happy
2019-01-25 10:45:07 +01:00
Sascha Rommelfangen
c52b95cdbe
sometimes server doesn't return expected values. fixed.
2019-01-24 09:51:46 +01:00
Raphaël Vinot
0189a117a3
fix: Change in the imports in other sigma module
2019-01-21 14:14:19 +01:00
Raphaël Vinot
b791b177c3
fix: Change in the imports
2019-01-21 14:06:38 +01:00
Raphaël Vinot
d5ec09fe4a
fix: Change module name
2019-01-21 13:57:45 +01:00
Raphaël Vinot
55f05e0524
chg: Use pipenv, update bgpranking/ipasn modules
2019-01-21 13:31:52 +01:00
Raphaël Vinot
8fc5b1fd1f
fix: Make pep8 happy
2018-12-11 15:29:09 +01:00
Raphaël Vinot
d0aec62f1a
new: Intel471 module
2018-12-11 13:30:52 +01:00
Sascha Rommelfangen
d5eb34270a
Merge branch 'master' of https://github.com/MISP/misp-modules
2018-11-26 15:56:33 +01:00
Sascha Rommelfangen
96570caece
cosmetic output change
2018-11-26 15:56:11 +01:00
chrisr3d
e30a5d2502
fix: Removed not valid input type
2018-11-22 12:30:12 +01:00
chrisr3d
7cfc7a730b
fix: Cleaned up not used variables
2018-11-22 12:27:45 +01:00
chrisr3d
627420ca43
fix: Updated rbl module result format
...
- More readable as str than dumped json
2018-11-22 12:27:16 +01:00
chrisr3d
547985b8ce
fix: Added Macaddress.io module in the init list
2018-11-22 12:26:27 +01:00
chrisr3d
be3063f3c6
fix: Typo on input type
2018-11-22 12:24:47 +01:00
chrisr3d
22173c249e
add: Update to support sha1 & sha256 attributes
2018-11-22 12:23:40 +01:00
chrisr3d
b778dd5e67
fix: Fixed type of the result in case of exception
...
- Set as str since some exception types are not
jsonable
2018-11-21 16:06:22 +01:00
chrisr3d
1b44668094
fix: Added hostname attribute support as it is intended
2018-11-21 16:05:38 +01:00
chrisr3d
651f69126d
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-13 16:05:24 +01:00
chrisr3d
299e97d1ce
add: Added imphash to input attribute types
2018-11-13 15:40:47 +01:00
Sascha Rommelfangen
3e25428978
debug removed
2018-11-13 15:34:33 +01:00
Sascha Rommelfangen
8285ff324f
API changes reflected
2018-11-13 15:30:06 +01:00
chrisr3d
58b3a069bf
fix: Updated yara import error message
...
- Better to 'pip install -I -r REQUIREMENTS' to
have the correct yara-python version working
for all the modules, than having another one
failing with yara hash & pe modules
2018-11-12 16:22:14 +01:00
chrisr3d
ad1ccdb9d0
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-12 12:48:58 +01:00
Alexandre Dulaunoy
5d1583d88b
chg: [onyphe] fix #252
2018-11-11 15:49:14 +01:00
Sascha Rommelfangen
463d7ae874
bug fix regarding leftovers between runs
2018-11-07 14:57:19 +01:00
Steve Clement
91f922b5c4
chg: [btc] Removed simple PoC for btc expansion.
2018-11-07 22:53:21 +09:00
Sascha Rommelfangen
00b1b3214b
added btc_steroids to the list
2018-11-07 14:28:28 +01:00
Sascha Rommelfangen
b01cb28323
initial version of a Bitcoin module
2018-11-07 14:14:39 +01:00
Steve Clement
7bafa939b0
new: [btc] Very simple BTC expansion
...
chg: [req] yara-python is preferred
2018-11-06 00:48:36 +09:00
chrisr3d
d1308f9924
chg: Validating yara rules after their creation
2018-11-02 21:35:02 +01:00
chrisr3d
1c10fd5e50
fix: Making yara query an expansion module for single attributes atm
2018-10-31 10:21:21 +01:00
chrisr3d
1d530a7fa6
new: First version of a yara rule creation expansion module
2018-10-18 14:44:57 +02:00
chrisr3d
e2cebd6c3e
fix: Catching errors while parsing additional info in requests
2018-09-25 17:10:19 +02:00
Codelinefi-admin
c19989e217
Fixed a bug with wrong dates conversion
2018-09-19 21:50:56 +03:00
isox
f1325f4316
Fixed getting of the Vulners AI score.
2018-09-18 18:36:12 +03:00
Igor Ivanov
3e9589d0f4
code cleanup and formatting
2018-09-18 14:38:49 +02:00
Igor Ivanov
8d7d377464
added exploit information
2018-09-18 12:11:47 +02:00
Igor Ivanov
5dc05bfafc
initial Vulners module PoC
2018-09-18 11:18:55 +02:00
Codelinefi-admin
db7dbd6ed5
macaddress.io hover module added
2018-09-13 17:02:49 +03:00
chrisr3d
5c718c5379
fix: Making python 3.5 happy with the exception type ImportError
2018-09-08 02:53:15 +02:00