MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
516 Commits
6 Branches
54 Tags
18 MiB
Commit Graph

237 Commits (04032d110c2803ba22d81c4950c574632f2cf09c)

Author SHA1 Message Date
chrisr3d 43e9010858
Added report expected information fields 2018-02-13 16:39:19 +01:00
chrisr3d d4538382d0
Simplified ObjectReference dictionary reading 2018-02-13 13:41:22 +01:00
chrisr3d b7098d1cff Merge branch 'master' of github.com:MISP/misp-modules 2018-02-13 11:58:56 +01:00
chrisr3d a97eeb44fe
Added some report information 
Also changed the ObjectReference parser to replace
all the if conditions by a dictionary reading
 2018-02-13 11:51:34 +01:00
Dennis Rand 43db92dbe6 Added Yara syntax validation expansion module 2018-02-12 19:11:54 +00:00
chrisr3d 8569c3d702
Suporting the recent objects added to misp-objects 
- Matching the aml documents structure
- Some parts of the document still need to be added
 2018-02-12 13:40:49 +01:00
chrisr3d 8983ebc4b2
wip: added location & signatory information 2018-02-05 15:51:03 +01:00
chrisr3d 54ebb8a96f Merge branch 'master' of github.com:MISP/misp-modules into test 2018-02-04 17:16:25 +01:00
Thomas Gardner 69d733bb35 added csvimport to __init__.py 2018-02-01 10:22:28 -07:00
chrisr3d 8dce7935ae
Outputting xml format 
Also mapping MISP and GoAML types
 2018-02-01 14:55:48 +01:00
chrisr3d 48869335ee
first tests for the GoAML export module 2018-01-31 18:09:45 +01:00
chrisr3d 71c00954d0
fix: Solved reading problems for some files 2018-01-30 11:20:28 +01:00
chrisr3d b2ec186ccb
Updated delimiter finder method 2018-01-29 17:04:32 +01:00
chrisr3d 529d22cca8
fix: skipping empty lines 2018-01-29 09:19:58 +01:00
chrisr3d 56cbd72b65
Fixed data treatment & other updates 2018-01-28 18:12:40 +01:00
chrisr3d 4d846f968f
Updated delimiter parsing & data reading functions 2018-01-26 17:11:01 +01:00
chrisr3d b9d72bb043
First version of csv import module 
- If more than 1 misp type is recognized, for each one an
  attribute is created

- Needs to have header set by user as parameters of the module atm

- Review needed to see the feasibility with fields that can create
  confusion and be interpreted both as misp type or attribute field
  (for instance comment is a misp type and an attribute field)
 2018-01-25 15:44:08 +01:00
Christophe Vandeplas 8a1a860cda added CrowdStrike Falcon Intel Indicators expansion module 2018-01-19 14:42:25 +01:00
chrisr3d d045cf7d5f
chg: Modified output format 2018-01-16 19:46:52 +01:00
chrisr3d dcab9aa150 Merge github.com:MISP/misp-modules 2018-01-16 17:15:36 +01:00
Alexandre Dulaunoy c3823b74cf
Merge pull request #149 from cvandeplas/master 
Added ThreatAnalyzer sandbox import
 2018-01-16 17:11:38 +01:00
chrisr3d 18523c4ada
Check an IPv4 address against known RBLs 2018-01-16 17:08:44 +01:00
Christophe Vandeplas 0be1886444
fix farsight_passivedns - rdata 404 not found 2018-01-16 15:13:17 +01:00
Christophe Vandeplas 46975f4f16 Added ThreatAnalyzer sandbox import 
Experimental module - some parts should be migrated to
 2018-01-16 11:05:26 +01:00
Alexandre Dulaunoy 5c4df3075e
Fix the __init__ import 2018-01-08 20:31:26 +01:00
Robert Nixon 85f1a9bd91
Update threatStream_misp_export.py 2018-01-08 12:09:23 -05:00
Robert Nixon 1d2f3d9c3c
Updated __init__.py 
Added reference to new ThreatStream export module
 2018-01-08 11:03:42 -05:00
Robert Nixon 49d5520fa3
Added threatStream_misp_export.py 2018-01-08 11:01:16 -05:00
Christophe Vandeplas 4cdb143733 fixes missing init file in dnsdb library folder 2017-12-06 09:23:44 +01:00
Christophe Vandeplas 0ec8339d7a New Farsight DNSDB Passive DNS expansion module 2017-12-05 16:41:41 +01:00
Raphaël Vinot 02253e5a87 Merge branch 'master' of github.com:MISP/misp-modules 2017-11-20 14:57:18 +01:00
Jericho 32958324ca
minor touch-ups on error messages for user friendliness 2017-11-16 23:04:41 -07:00
Koen Van Impe 74e660d61b VulnDB Queries 
Search on CVE at https://vulndb.cyberriskanalytics.com/
    https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
 2017-11-06 14:23:03 +01:00
Raphaël Vinot 37d9b3831c Add quick and dirty pdf export 2017-10-26 16:54:20 -04:00
Raphaël Vinot c09135d251 Merge pull request #139 from Rafiot/master 
fix: OpenIOC importer
 2017-10-25 11:41:46 -04:00
Raphaël Vinot 951a0f974b fix: OpenIOC importer 2017-10-25 11:27:59 -04:00
Alexandre Dulaunoy 03baa0b84d
fix: #137 when a CVE is not found, a return message is given 2017-10-21 19:52:19 +02:00
Viktor von Drakk 113ac21a5d added default parameter for new -m flag 2017-09-01 07:44:53 -07:00
Viktor von Drakk 76a733fa66 Added code to allow 3rd party modules 
The new '-m pip.module.name' feature allows a pip-installed module to be specified on the command line and then loaded into the available modules without having to copy-paste files into the appropriate directories of this package.
 2017-08-25 05:45:57 -07:00
Thomas Gardner 72c52da7ed added threat_connect_export to export_mod.__init__ 2017-08-06 08:15:17 -06:00
Thomas Gardner 529719d9d8 added threat_connect_export.py 2017-08-03 16:21:26 -06:00
Raphaël Vinot 4c2cda9903 Merge pull request #129 from seamustuohy/utf_hate 
Added support for malformed internationalized email headers
 2017-07-18 10:06:08 +02:00
Chris Doman c4fe78b39d Add AlienVault OTX and ThreatCrowd Expansions 2017-07-11 18:16:45 +01:00
seamus tuohy 40c71af637 Added support for malformed internationalized email headers 
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93)

To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.

This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
 2017-07-02 18:03:14 -04:00
Raphaël Vinot c42c8a800e Update travis, fix open ioc import 2017-05-24 07:39:18 +02:00
Tristan METAYER 75c02058e6 replace tab by space 2017-05-11 09:56:43 +02:00
Tristan METAYER ba1d715ad1 Add a field for user to add tag for this import 2017-05-11 09:54:25 +02:00
Tristan METAYER 96f9cb4699 typo correction 2017-05-02 15:07:33 +02:00
Tristan METAYER 4ef7261168 Add user config to not add file as attachement in a box 2017-05-02 15:04:40 +02:00
Tristan METAYER 79f48eccfe If filename add iocfilename as attachment 2017-05-02 14:41:22 +02:00
Alexandre Dulaunoy 3cb12d6962 Merge pull request #118 from truckydev/master 
Add indent field for export
 2017-04-23 12:21:16 +02:00
Tristan METAYER 24c51a6e21 Add indent field for export 2017-04-21 15:53:48 +02:00
Hannah Ward 648c6414c3
fix: Use the proper formatting method and not the horrible % one 2017-03-08 16:35:03 +00:00
kx499 aa3a11cd5f bug fixes 2017-03-08 04:08:23 +01:00
kx499 31a8fb0fe4 threatminer initial commit 2017-03-06 21:36:00 -05:00
Raphaël Vinot 44867b2adc Cosmetic changes 2017-03-05 18:59:36 +01:00
Raphaël Vinot ad49fd3819 Merge pull request #111 from kx499/master 
Handful of changes to VirusTotal module
 2017-03-05 18:31:50 +01:00
kx499 3ecd095d1e bug fixes, tweaks, and python3 learning curve :) 2017-03-04 03:10:45 +01:00
kx499 01fdf3e52b Initial commit of IPRep module 2017-03-03 15:55:52 -05:00
kx499 bc1eab3520 fixed spacing, addressed error handling for public api, added subdomains, and added context comment 2017-02-28 22:04:24 -05:00
Raphaël Vinot c508e60f65 Add OpenIOC import module 2017-02-27 13:32:31 +01:00
Tristan METAYER 20cb534203 Exclude internal reference 2017-02-21 17:12:17 +01:00
Tristan METAYER dd2646a0f4 Add lite Export module 2017-02-21 16:48:09 +01:00
rmarsollier b5b7e09ef4 Some improvements of virustotal plugin 2017-02-10 14:16:39 +01:00
Joerg Stephan de3495ea6c passed local run check 2017-02-01 14:05:29 +01:00
Joerg Stephan 68250094ff v1 2017-01-31 16:57:16 +01:00
Joerg Stephan dad73feaa4 python3 changes 2017-01-31 16:34:41 +01:00
Joerg Stephan 3590504821 XForce Exchange v1 (alpha) 2017-01-21 23:31:19 +01:00
Richard van den Berg 3a4c540a81 Updated description to reflect merging use case 2017-01-11 10:08:35 +01:00
Richard van den Berg 50bae1f549 Simple import module to import MISP JSON format 2017-01-11 10:08:35 +01:00
seamus tuohy 83a9d695ea Email import no longer unzips major compressed text document formats. 
Let this commit serve as a warning about the perils of duck typing.
Word documents (docx,odt,etc) were being uncompressed when they were
attached to emails. The email importer now checks a list of well known
extensions and will not attempt to unzip them.

It is stuck using a list of extensions instead of using file magic because
many of these formats produce an application/zip mimetype when scanned.
 2017-01-10 09:55:33 -05:00
Raphaël Vinot 1051e2210b Keep zip content as binary 2017-01-07 19:30:00 -05:00
Raphaël Vinot 9f84db3659 Fix tests, cleanup 2017-01-07 18:36:08 -05:00
Raphaël Vinot 2db845c45c Improve support of email attachments 
Related to #90
 2017-01-07 14:39:52 -05:00
Hannah Ward 727f302dd1 Standardised key checking 2017-01-07 10:38:28 -05:00
Hannah Ward 20fd05a231 Fixed checking for submission_names in VT JSON 2017-01-07 10:37:57 -05:00
CheYenBzh d7b33532eb Update virustotal.py 2017-01-07 10:37:47 -05:00
Raphaël Vinot b51806ac9f Improve support of email importer if headers are missing 
Fix #88
 2017-01-07 10:25:38 -05:00
Raphaël Vinot 02f5e95a98 Fix python 3.6 support 2017-01-06 20:36:09 -05:00
Raphaël Vinot 329586768b Make PEP8 happy 2017-01-06 20:10:44 -05:00
Raphaël Vinot 7a9774bff7 Add email_import in the modules loaded by default 2017-01-06 19:23:23 -05:00
Raphaël Vinot 93a49c3c1d Make PEP8 happy 2017-01-06 19:01:19 -05:00
Raphaël Vinot 3f83357a2d Fix failing test (bug in the mail parser?) 2017-01-06 18:56:29 -05:00
seamus tuohy 1a7973bc06 Add additional email parsing and tests 
Added additional attribute parsing and corresponding unit-tests.
E-mail attachment and url extraction added in this commit. This includes
unpacking zipfiles and simple password cracking of encrypted zipfiles.
 2017-01-04 10:21:36 -08:00
seamus tuohy 0ff270a3be Fixed basic errors 2016-12-26 14:33:10 -08:00
seamus tuohy 08261366b7 Merged with current master 2016-12-26 14:17:20 -08:00
seamus tuohy 86ae72c444 Added attachment and url support 2016-12-26 13:55:54 -08:00
Raphaël Vinot 9bf1c936cf Do not crash if the dat file is not available 2016-12-16 15:22:16 +01:00
Raphaël Vinot 064c3e3649 Fix path to config file 2016-12-16 15:14:48 +01:00
Raphaël Vinot 29bedc7faa Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master 2016-12-16 15:05:45 +01:00
Raphaël Vinot 60d3e0a1ac Better error reporting 2016-12-16 12:02:28 +01:00
Raphaël Vinot ffc0a97126 Catch exception 2016-12-16 11:52:51 +01:00
Raphaël Vinot 467e50327d Add reverse lookup 2016-12-16 11:22:22 +01:00
Raphaël Vinot 4a8ccb54fb Refactoring of domaintools expansion module 2016-12-15 16:49:56 +01:00
Ubuntu b76f59edcb Added cuckooimport.py 2016-12-07 16:36:31 +00:00
Andreas Muehlemann cc58b05d6e added empty line to end of config file 2016-12-07 17:28:16 +01:00
Andreas Muehlemann 98a27ac3ff removed DEFAULT section from configfile 2016-12-07 16:36:02 +01:00
Andreas Muehlemann 6853d67a43 fixed more typos 2016-12-07 16:13:46 +01:00
Andreas Muehlemann 6dcc77ba5d fixed typo 2016-12-07 15:48:08 +01:00
Andreas Muehlemann a95af26424 changed configparser from python2 to python3 2016-12-07 15:30:49 +01:00