Commit Graph

1117 Commits (14cf39d8b6ce58fbe769137dd8dc9e7065be66e3)

Author SHA1 Message Date
chrisr3d 14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
- Parsing functions updated to support the updated
  format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
  requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d 1fa37ea712
fix: Avoiding issues with non existing sample types 2019-07-22 11:43:35 +02:00
chrisr3d 675e0815ff
add: Parsing communicating samples returned by domain reports 2019-07-22 11:42:52 +02:00
chrisr3d c9c2027a57
fix: Undetected urls are represented in lists 2019-07-22 11:39:46 +02:00
chrisr3d 6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name 2019-07-22 09:53:19 +02:00
chrisr3d 729c86c336
fix: Quick fix on siblings & url parsing 2019-07-22 09:16:04 +02:00
chrisr3d 9aa721bc37
fix: typo 2019-07-19 16:20:24 +02:00
chrisr3d 641dda0103
add: Parsing downloaded samples as well as the referrer ones 2019-07-18 21:38:17 +02:00
chrisr3d 795edb7457
chg: Adding references between a domain and their siblings 2019-07-17 20:40:56 +02:00
chrisr3d 8de350744b
chg: Getting domain siblings attributes uuid for further references 2019-07-16 22:39:35 +02:00
chrisr3d a61d09db8b
fix: Parsing detected & undetected urls 2019-07-15 23:44:25 +02:00
chrisr3d d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on 2019-07-12 10:59:19 +02:00
chrisr3d f862a14ce6
add: Object for VirusTotal public API queries
- Lighter analysis of the report to avoid reaching
  the limit of queries per minute while recursing
  on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d ade4b98588
add: Updated README file with the new module description 2019-07-10 15:30:19 +02:00
chrisr3d 3edc323836
fix: Making pep8 happy 2019-07-10 15:29:31 +02:00
chrisr3d 5703253961
new: First version of an advanced CVE parser module
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d 181e6383a3
fix: Added missing add_attribute function 2019-07-03 11:14:46 +02:00
chrisr3d 6b59963a7f
fix: [documentation] Fixed json file name 2019-06-24 16:34:22 +02:00
chrisr3d aa56248110
fix: [documentation] Fixed some description & logo 2019-06-24 16:26:36 +02:00
chrisr3d d998368dea
add: [documentation] Added some missing documentation for the most recently added modules 2019-06-24 16:24:37 +02:00
chrisr3d 63e5a0342d
chg: [documentation] Making URLhaus visible from the github page
- Because of the white color, the logo was not
  visible at all
2019-06-24 10:50:31 +02:00
chrisr3d cd06221925
add: [documentation] Added documentation for Joe Sandbox & URLhaus 2019-06-24 10:22:30 +02:00
chrisr3d 06d4a30c48 Merge branch 'master' of github.com:MISP/misp-modules 2019-06-21 10:54:24 +02:00
chrisr3d 9a6d484188
add: Added screenshot of the behavior of the analyzed sample 2019-06-21 10:53:12 +02:00
Steve Clement 44ca8da97a
Merge pull request #309 from Kortho/patch-2
changed service pointer
2019-06-19 14:56:21 +10:00
Steve Clement c79a6da57b
Merge pull request #308 from Kortho/patch-1
Fixed missing dependencies for RHEL install
2019-06-19 14:55:30 +10:00
Kortho 15c257e504
changed service pointer
Changed so the service starts the modules in the venv where they are installed
2019-06-18 10:37:40 +02:00
Kortho 7ef8acda0d
Fixed missing dependencies for RHEL install
Added dependencies needed for installing the python library pdftotext
2019-06-18 10:31:14 +02:00
chrisr3d 52dadd2df3 Merge branch 'master' of github.com:MISP/misp-modules 2019-06-18 09:47:09 +02:00
chrisr3d 9e45d302b1
fix: Testing if an object is not empty before adding it the the event 2019-06-18 09:45:59 +02:00
Alexandre Dulaunoy 205665fa82
Merge pull request #307 from ninoseki/fix-missing-links
Fix missing links in README.md
2019-06-17 23:28:15 +02:00
Manabu Niseki a2d58918e4 Fix missing links in README.md 2019-06-17 17:50:26 +01:00
chrisr3d 9fdd6c5e58
fix: Making travis happy 2019-06-15 08:17:29 +02:00
chrisr3d c1abea4759 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-06-15 08:08:33 +02:00
chrisr3d 2f3ce1b615
fix: Support of the latest version of sigmatools 2019-06-15 08:06:47 +02:00
chrisr3d 1ac85a4879
fix: We will display galaxies with tags 2019-06-15 08:05:14 +02:00
Alexandre Dulaunoy be61613da4
Merge pull request #306 from MISP/new_module
New modules able to return MISP objects
2019-06-14 12:28:28 +02:00
chrisr3d f885b6c5e1
add: Added new modules to the list 2019-06-12 16:32:13 +02:00
chrisr3d b7223abe78 Merge branch 'new_module' of github.com:MISP/misp-modules into new_module 2019-06-07 15:30:19 +02:00
chrisr3d de966eac51
fix: Returning tags & galaxies with results
- Tags may exist with the current version of the
  parser
- Galaxies are not yet expected from the parser,
  nevertheless the principle is we want to return
  them as well if ever we have some galaxies from
  parsing a JoeSandbox report. Can be removed if
  we never galaxies at all
2019-06-07 15:22:11 +02:00
chrisr3d b52e17fa8d
fix: Removed duplicate finalize_results function call 2019-06-07 11:38:50 +02:00
Alexandre Dulaunoy 4cec6f50b3
Merge pull request #305 from joesecurity/new_module
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-05 13:26:48 +02:00
Georg Schölly efb0a88eeb joesandbox_query.py: improve behavior in unexpected circumstances 2019-06-04 11:29:40 +02:00
chrisr3d aa3e873845
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 11:33:42 +10:00
chrisr3d 42bc6f8d2b
fix: Fixed variable name typo 2019-06-04 11:32:21 +10:00
chrisr3d ee48d99845
add: New expansion module to query Joe Sandbox API with a report link 2019-06-04 09:48:50 +10:00
chrisr3d 07698e5c72
fix: Fixed references between domaininfo/ipinfo & their targets
- Fixed references when no target id is set
- Fixed domaininfo parsing when no ip is defined
2019-06-03 18:38:58 +10:00
chrisr3d 0d40830a7f
fix: Some quick fixes
- Fixed strptime matching because months are
  expressed in abbreviated format
- Made data loaded while the parsing function is
  called, in case it has to be called multiple
  times at some point
2019-06-03 18:35:58 +10:00
chrisr3d 74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules 2019-05-29 11:26:14 +10:00
chrisr3d f541b1f4ba Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-29 10:50:39 +10:00