chrisr3d
dea42d3929
chg: Catching missing config issue
2020-02-25 15:22:06 +01:00
Sean Whalen
f5af7faace
Create __init__.py
2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt
df3a6986ea
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls
2020-02-21 12:05:41 +01:00
chrisr3d
27717c0400
fix: Making the module config available so the module works
2020-02-13 11:40:22 +01:00
GlennHD
0ed0ceab9d
Update geoip_asn.py
2020-02-12 23:48:38 -06:00
GlennHD
bdb4185a0a
Update geoip_city.py
2020-02-12 23:48:20 -06:00
GlennHD
46f0f410e7
Added geoip_asn and geoip_city to load
2020-02-12 21:31:41 -06:00
GlennHD
0b9b6c4f41
Added GeoIP_ASN Enrichment module
2020-02-12 21:29:40 -06:00
GlennHD
7a3f9a422d
Added GeoIP_City Enrichment module
2020-02-12 21:28:41 -06:00
Jakub Onderka
acdc4b9d03
fix: [VT] Disable SHA512 query for VT
2020-02-07 12:20:12 +01:00
Hendrik
8f9940200b
Lastline verify_ssl option
...
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
chrisr3d
b2c8f79220
fix: Making pep8 happy
2020-01-24 15:17:35 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy
09cdc7277c
Merge pull request #365 from ostefano/analysis
...
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
Koen Van Impe
036933ea14
2nd fix for VT Public module
2020-01-17 11:26:35 +01:00
Koen Van Impe
610c99ce7b
Fix error message in Public VT module
2020-01-17 10:58:31 +01:00
chrisr3d
31a74a10c1
fix: Fixed ipasn test input format + module version updated
2020-01-10 15:37:54 +01:00
chrisr3d
b3bc533bc3
chg: Making ipasn module return asn object(s)
...
- Latest changes on the returned value as string
broke the freetext parser, because no asn number
could be parsed when we return the full json
blob as a freetext attribute
- Now returning asn object(s) with a reference to
the initial attribute
2020-01-10 15:02:59 +01:00
chrisr3d
35c438e6ee
fix: typo
2020-01-10 10:38:12 +01:00
chrisr3d
f5452055f6
fix: Fixed vt_graph imports
2020-01-10 10:31:52 +01:00
chrisr3d
70b3079aa3
fix: Fixed pep8 in the new module and related libraries
2020-01-09 16:01:18 +01:00
chrisr3d
7722e2cb93
fix: Fixed typo on function import
2020-01-09 15:28:33 +01:00
Christian Studer
7c2b001df3
Merge pull request #361 from VirusTotal/master
...
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia
10b4e78704
add vt_graph export module
2020-01-09 09:57:46 +00:00
Erick Cheng
bfcba18e3c
Update ipasn.py
2020-01-07 18:58:40 +01:00
chrisr3d
cf5ad29f27
chg: Checking attributes category
...
- We check the category before adding the
attribute to the event
- Checking if the category is correct and if not,
doing a case insensitive check
- If the category is not correct after the 2 first
tests, we simply delete it from the attribute
and pymisp will give the attribute a default
category value based on the atttribute type, at
the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d
7945d060ff
new: Enrichment module for querying APIVoid with domain attributes
2019-12-18 17:11:13 +01:00
chrisr3d
2fc0b44b90
fix: Making pep8 happy with whitespace after ':'
2019-12-18 16:16:47 +01:00
chrisr3d
3007761a55
fix: Making pep8 happy by having spaces around '+' operators
2019-12-17 16:31:53 +01:00
chrisr3d
5f90ae776f
fix: Making pep8 happy
2019-12-17 14:29:29 +01:00
chrisr3d
b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects
2019-12-17 11:18:21 +01:00
chrisr3d
9c9f01b6ff
fix: Quick variable name fix
2019-12-17 11:17:56 +01:00
chrisr3d
6849daebfa
chg: Made circl_passivessl module able to return MISP objects
2019-12-17 10:26:43 +01:00
Raphaël Vinot
b70c32af7b
fix: Somewhat broken emails needed some love
2019-12-05 19:11:07 +01:00
Raphaël Vinot
6f95445143
chg: Update email import module, support objects
2019-12-04 15:25:01 +01:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
Raphaël Vinot
5d7a829583
chg: Use MISPObject in ransomcoindb
2019-11-26 13:27:02 +01:00
aaronkaplan
06025e63d0
oops , use relative import
2019-11-26 01:52:31 +01:00
aaronkaplan
d73a9b601a
use a helpful user-agent string
2019-11-26 01:08:28 +01:00
aaronkaplan
777483838b
Revert "fix url"
...
This reverts commit 44130e2bf9
.
2019-11-25 22:24:57 +01:00
aaronkaplan
44130e2bf9
fix url
2019-11-25 20:51:20 +01:00
aaronkaplan
24ec4a0e23
remove pprint
2019-11-25 18:56:12 +01:00
aaronkaplan
5350003e3a
initial version of the ransomcoindb expansion module
2019-11-25 18:52:39 +01:00
chrisr3d
ccf12a225c
fix: Making pep8 happy
2019-11-21 17:50:49 -05:00
chrisr3d
96712da5e0
add: Module to query AssemblyLine and parse the results
...
- Takes an AssemblyLine submission link to query
the API and get the full submission report
- Parses the potentially malicious files and the
IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d
de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine
2019-11-20 17:35:37 -05:00
chrisr3d
dc9ea98d2c
fix: Making pep8 happy
2019-11-20 10:13:51 -05:00
chrisr3d
58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine
2019-11-19 15:41:35 -05:00
chrisr3d
f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain
2019-11-17 19:11:26 -05:00
chrisr3d
4990bcebd8
fix: Avoiding KeyError exception when no result is found
2019-11-17 18:00:19 -05:00
chrisr3d
91d6f1baa0
fix: Fixed csv file parsing
2019-11-07 11:50:16 +01:00
chrisr3d
0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
...
- Now able to return MISP objects
- Support of the xforce exchange authentication
with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d
852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list
2019-11-04 16:52:26 +01:00
chrisr3d
bfe227d555
fix: More clarity on the exception raised on the securitytrails module
2019-10-31 17:19:42 +01:00
chrisr3d
69e81b47d7
fix: Better exceptions handling on the passivetotal module
2019-10-31 17:18:23 +01:00
chrisr3d
4411166b43
fix: Fixed config parsing and the associated error message
2019-10-31 11:52:34 +01:00
chrisr3d
4f70011edf
fix: Fixed config parsing + results parsing
...
- Avoiding errors with config field when it is
empty or the apikey is not set
- Parsing all the results instead of only the
first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy
c3c6f1a6ea
Merge pull request #346 from blaverick62/master
...
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick
717be2b859
Removed extraneous comments and unused imports
2019-10-30 15:44:47 +00:00
chrisr3d
b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
...
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d
d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
...
- Avoiding securitytrails to fail with an unavailable
feature for free accounts
- Avoiding urlhaus to fail with input attribute
fields that are not critical for the query and
results
- Avoiding VT modules to fail when a certain
resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d
393b33d02d
fix: Fixed config field parsing for various modules
...
- Same as previous commit
2019-10-30 16:31:57 +01:00
Braden Laverick
dc4c09f751
Fixed python links
2019-10-30 13:47:43 +00:00
Braden Laverick
62d25b1f76
Changed file name to mass eql export
2019-10-30 13:46:52 +00:00
Braden Laverick
08fc938acd
Fixed comments
2019-10-30 13:41:40 +00:00
chrisr3d
d0ddfb3355
fix: [expansion] Better config field handling for various modules
...
- Testing if config is present before trying to
look whithin the config field
- The config field should be there when the module
is called form MISP, but it is not always the
case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick
2a4c7ff150
Added ors for compound queries
2019-10-29 20:22:41 +00:00
Braden Laverick
c1ca936910
Fixed syntax error
2019-10-29 20:14:07 +00:00
Braden Laverick
c06ceedfb8
Changed to single attribute EQL
2019-10-29 20:11:35 +00:00
Braden Laverick
a426ad249d
Added EQL enrichment module
2019-10-29 19:42:47 +00:00
Braden Laverick
5802575e44
Fixed string formatting
2019-10-29 16:29:36 +00:00
Braden Laverick
3142b0ab02
Fixed type error in JSON parsing
2019-10-29 16:08:58 +00:00
Braden Laverick
c3ccc9c577
Attempting to import endgame module
2019-10-29 15:52:49 +00:00
Braden Laverick
8ac4b610b8
Added endgame export to __all__
2019-10-29 15:11:31 +00:00
Braden Laverick
3e44181aed
Added EQL export test module
2019-10-29 15:02:08 +00:00
chrisr3d
dc7463a67e
fix: Avoid issues when some config fields are not set
2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy
dec2494a0a
chg: [apiosintds] make flake8 happy
2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy
fdbb0717e0
Merge pull request #344 from davidonzo/master
...
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d
204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules
2019-10-28 16:45:50 +01:00
chrisr3d
7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management
2019-10-28 16:39:08 +01:00
milkmix
bdc5282e09
updated to geoip2 to support mmdb format
2019-10-25 18:09:44 +02:00
Davide
56e16dbaf5
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-24 12:49:29 +02:00
chrisr3d
e1602fdca9
fix: Updates following the latest CVE-search version
...
- Support of the new vulnerable configuration
field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d
63dba29c52
fix: Fixed module names with - to avoid errors with python paths
2019-10-18 11:09:10 +02:00
chrisr3d
d740abe74b
fix: Making pep8 happy
2019-10-17 10:45:51 +02:00
chrisr3d
a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError
2019-10-17 10:42:34 +02:00
chrisr3d
5f7b127713
chg: Avoids returning empty values + easier results parsing
2019-10-15 23:30:39 +02:00
chrisr3d
8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration
2019-10-15 11:25:30 +02:00
chrisr3d
6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true
2019-10-13 20:23:02 +02:00
chrisr3d
b560347d5d
fix: Considering the case of empty results
2019-10-08 15:49:09 +02:00
chrisr3d
8bcb630340
fix: Catching results exceptions properly
2019-10-08 15:48:26 +02:00
chrisr3d
2850d6f690
fix: Catching exceptions and results properly depending on the cases
2019-10-08 15:45:06 +02:00
chrisr3d
5d4a0bff98
fix: Handling cases where there is no result from the query
2019-10-08 13:28:23 +02:00
chrisr3d
662e58da88
fix: Fixed pattern parsing + made the module hover only
2019-10-07 16:46:32 +02:00
chrisr3d
b9b78d1606
fix: Travis tests should be happy now
2019-10-04 17:22:32 +02:00
chrisr3d
6801289175
fix: Returning results in text format
...
- Makes the hover functionality display the full
result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d
fe1987101d
fix: Making pep8 happy
2019-10-03 17:10:47 +02:00
chrisr3d
c5c5c16ff1
fix: Avoiding errors with uncommon lines
...
- Excluding first from data parsed all lines that
are comments or empty
- Skipping lines with failing indexes
2019-10-03 16:03:30 +02:00
chrisr3d
3d7de2dc22
fix: Fixed unassigned variable name
2019-10-03 16:02:25 +02:00