chrisr3d
9a6d484188
add: Added screenshot of the behavior of the analyzed sample
2019-06-21 10:53:12 +02:00
Steve Clement
44ca8da97a
Merge pull request #309 from Kortho/patch-2
...
changed service pointer
2019-06-19 14:56:21 +10:00
Steve Clement
c79a6da57b
Merge pull request #308 from Kortho/patch-1
...
Fixed missing dependencies for RHEL install
2019-06-19 14:55:30 +10:00
Kortho
15c257e504
changed service pointer
...
Changed so the service starts the modules in the venv where they are installed
2019-06-18 10:37:40 +02:00
Kortho
7ef8acda0d
Fixed missing dependencies for RHEL install
...
Added dependencies needed for installing the python library pdftotext
2019-06-18 10:31:14 +02:00
chrisr3d
52dadd2df3
Merge branch 'master' of github.com:MISP/misp-modules
2019-06-18 09:47:09 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
Alexandre Dulaunoy
205665fa82
Merge pull request #307 from ninoseki/fix-missing-links
...
Fix missing links in README.md
2019-06-17 23:28:15 +02:00
Manabu Niseki
a2d58918e4
Fix missing links in README.md
2019-06-17 17:50:26 +01:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
c1abea4759
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-06-15 08:08:33 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
chrisr3d
1ac85a4879
fix: We will display galaxies with tags
2019-06-15 08:05:14 +02:00
Alexandre Dulaunoy
be61613da4
Merge pull request #306 from MISP/new_module
...
New modules able to return MISP objects
2019-06-14 12:28:28 +02:00
chrisr3d
f885b6c5e1
add: Added new modules to the list
2019-06-12 16:32:13 +02:00
chrisr3d
b7223abe78
Merge branch 'new_module' of github.com:MISP/misp-modules into new_module
2019-06-07 15:30:19 +02:00
chrisr3d
de966eac51
fix: Returning tags & galaxies with results
...
- Tags may exist with the current version of the
parser
- Galaxies are not yet expected from the parser,
nevertheless the principle is we want to return
them as well if ever we have some galaxies from
parsing a JoeSandbox report. Can be removed if
we never galaxies at all
2019-06-07 15:22:11 +02:00
chrisr3d
b52e17fa8d
fix: Removed duplicate finalize_results function call
2019-06-07 11:38:50 +02:00
Max H
fa410e314d
Merge pull request #1 from fossabot/master
...
Add license scan report and status
2019-06-07 08:07:53 +02:00
Alexandre Dulaunoy
4cec6f50b3
Merge pull request #305 from joesecurity/new_module
...
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-05 13:26:48 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
07698e5c72
fix: Fixed references between domaininfo/ipinfo & their targets
...
- Fixed references when no target id is set
- Fixed domaininfo parsing when no ip is defined
2019-06-03 18:38:58 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00
chrisr3d
74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules
2019-05-29 11:26:14 +10:00
chrisr3d
f541b1f4ba
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-29 10:50:39 +10:00
Alexandre Dulaunoy
a49385a353
Merge pull request #304 from joesecurity/new_module
...
add support for url analyses
2019-05-28 22:43:49 +02:00
Georg Schölly
9377a892f4
support url analyses
2019-05-28 16:19:35 +02:00
Georg Schölly
380b8d46ba
improve forwards-compatibility
2019-05-28 16:14:59 +02:00
Alexandre Dulaunoy
2060d02f18
new: [doc] Joe Sandbox added in the list
2019-05-25 09:37:23 +02:00
Alexandre Dulaunoy
bb10212047
Merge branch 'joesecurity-joesandbox_submit'
2019-05-25 09:30:12 +02:00
Alexandre Dulaunoy
15df4d0706
Merge branch 'joesandbox_submit' of https://github.com/joesecurity/misp-modules into joesecurity-joesandbox_submit
2019-05-25 09:29:58 +02:00
Alexandre Dulaunoy
feeca02625
chg: [install] REQUIREMENTS file updated
2019-05-25 09:21:59 +02:00
Alexandre Dulaunoy
74f1de15e3
chg: [install] Pipfile.lock updated
2019-05-25 09:20:54 +02:00
Alexandre Dulaunoy
2cd11ba497
chg: [requirements] Python API wrapper for the Joe Sandbox API added
2019-05-25 09:00:23 +02:00
chrisr3d
8ac651562e
fix: Making pep8 & travis happy
2019-05-23 16:13:49 +02:00
chrisr3d
be05de62c0
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report
2019-05-23 15:59:52 +02:00
chrisr3d
e608107a09
add: Parsing domains, urls & ips contacted by processes
2019-05-22 17:12:49 +02:00
chrisr3d
cfec9a6b1c
fix: Added references between processes and the files they drop
2019-05-22 15:27:04 +02:00
chrisr3d
191034d311
add: Starting parsing dropped files
2019-05-21 23:37:53 +02:00
Georg Schölly
1745d33ee4
add expansion for joe sandbox
2019-05-21 21:14:21 +02:00
chrisr3d
417c306ace
fix: Avoiding network connection object duplicates
2019-05-20 15:59:18 +02:00
chrisr3d
72e5f0099d
fix: Avoid creating a signer info object when the pe is not signed
2019-05-20 10:52:34 +02:00
chrisr3d
54f5fa6fa9
fix: Avoiding dictionary indexes issues
...
- Using tuples as a dictionary indexes is better
than using generators...
2019-05-20 09:19:38 +02:00
chrisr3d
0d5f867825
add: Starting parsing network behavior fields
2019-05-17 22:18:11 +02:00
chrisr3d
f9515c14d0
fix: Avoiding attribute & reference duplicates
2019-05-16 16:14:25 +02:00
chrisr3d
2246fc0d02
add: Parsing registry activities under processes
2019-05-16 16:11:43 +02:00
chrisr3d
067b229224
fix: Handling case of multiple processes in behavior field
...
- Also starting parsing file activities
2019-05-15 22:06:55 +02:00