Fafner [_KeyZee_]
5c09b66706
Cleaning the error message
...
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d
5ebd0bd4fc
Merge branch 'master' of github.com:MISP/misp-modules
2019-09-16 14:31:01 +02:00
chrisr3d
8d33d6c18c
add: New parameter to specify a custom CVE API to query
...
- Any API specified here must return the same
format as the CIRCL CVE search one in order to
be supported by the parsing functions, and
ideally provide response to the same kind of
requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
Pierre-Jean Grenier
b2ab727f9b
fix: prevent symlink attacks
2019-08-22 11:23:37 +02:00
Pierre-Jean Grenier
413cc2469f
chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API
2019-08-21 16:35:11 +02:00
Alexandre Dulaunoy
c019e4d997
Merge pull request #322 from zaphodef/cuckooimport
...
Rewrite cuckooimport
2019-08-13 14:32:48 +02:00
Pierre-Jean Grenier
6ba6f8bb1f
new: Rewrite cuckooimport
2019-08-09 15:44:47 +02:00
chrisr3d
415fa55fff
fix: Avoiding issues when no CWE id is provided
2019-08-06 15:55:50 +02:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
4df528c331
add: Added initial event to reference it from the vulnerability object created out of it
2019-08-02 15:35:33 +02:00
chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
3367e47490
fix: Avoid issues when there is no pe field in a windows file sample analysis
...
- For instance: doc file
2019-07-25 17:57:36 +02:00
chrisr3d
3d41104d5b
fix: Avoid adding file object twice if a KeyError exception comes for some unexpected reasons
2019-07-25 17:47:08 +02:00
chrisr3d
ddeb04bd74
add: Parsing linux samples and their elf data
2019-07-25 17:46:21 +02:00
chrisr3d
41bbbeddfb
fix: Testing if file & registry activities fields exist before trying to parse it
2019-07-25 17:44:32 +02:00
chrisr3d
4c8fe9d8ef
fix: Testing if there is some screenshot data before trying to fetch it
2019-07-25 17:43:11 +02:00
chrisr3d
e2a0f27d75
fix: Fixed direction of the relationship between files, PEs and their sections
...
- The file object includes a PE, and the PE
includes sections, not the other way round
2019-07-24 14:58:45 +02:00
chrisr3d
42b95c4210
fix: Fixed variable names
2019-07-24 12:21:58 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
5602cf1759
add: Parsing apk samples and their permissions
2019-07-24 11:59:11 +02:00
chrisr3d
fc8a573ba7
fix: Changed the way references added at the end are saved
...
- Some references are saved until they are added
at the end, to make it easier when needed
- Here we changed the way they are saved, from a
dictionary with some keys to identify each part
to the actual dictionary with the keys the
function add_reference needs, so we can directly
use this dictionary as is when the references are
added to the different objects
2019-07-24 11:14:12 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
181e6383a3
fix: Added missing add_attribute function
2019-07-03 11:14:46 +02:00
chrisr3d
9a6d484188
add: Added screenshot of the behavior of the analyzed sample
2019-06-21 10:53:12 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
chrisr3d
1ac85a4879
fix: We will display galaxies with tags
2019-06-15 08:05:14 +02:00