milkmix
bdc5282e09
updated to geoip2 to support mmdb format
2019-10-25 18:09:44 +02:00
Davide
56e16dbaf5
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-24 12:49:29 +02:00
chrisr3d
e1602fdca9
fix: Updates following the latest CVE-search version
...
- Support of the new vulnerable configuration
field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d
63dba29c52
fix: Fixed module names with - to avoid errors with python paths
2019-10-18 11:09:10 +02:00
chrisr3d
d740abe74b
fix: Making pep8 happy
2019-10-17 10:45:51 +02:00
chrisr3d
a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError
2019-10-17 10:42:34 +02:00
chrisr3d
5f7b127713
chg: Avoids returning empty values + easier results parsing
2019-10-15 23:30:39 +02:00
chrisr3d
8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration
2019-10-15 11:25:30 +02:00
chrisr3d
6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true
2019-10-13 20:23:02 +02:00
chrisr3d
b560347d5d
fix: Considering the case of empty results
2019-10-08 15:49:09 +02:00
chrisr3d
8bcb630340
fix: Catching results exceptions properly
2019-10-08 15:48:26 +02:00
chrisr3d
2850d6f690
fix: Catching exceptions and results properly depending on the cases
2019-10-08 15:45:06 +02:00
chrisr3d
5d4a0bff98
fix: Handling cases where there is no result from the query
2019-10-08 13:28:23 +02:00
chrisr3d
662e58da88
fix: Fixed pattern parsing + made the module hover only
2019-10-07 16:46:32 +02:00
chrisr3d
b9b78d1606
fix: Travis tests should be happy now
2019-10-04 17:22:32 +02:00
chrisr3d
6801289175
fix: Returning results in text format
...
- Makes the hover functionality display the full
result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d
fe1987101d
fix: Making pep8 happy
2019-10-03 17:10:47 +02:00
chrisr3d
c5c5c16ff1
fix: Avoiding errors with uncommon lines
...
- Excluding first from data parsed all lines that
are comments or empty
- Skipping lines with failing indexes
2019-10-03 16:03:30 +02:00
chrisr3d
3d7de2dc22
fix: Fixed unassigned variable name
2019-10-03 16:02:25 +02:00
chrisr3d
ffe43acd89
fix: Removed no longer used variables
2019-09-20 09:22:20 +02:00
chrisr3d
cfc6438c47
fix: csv import rework & improvement
...
- More efficient parsing
- Support of multiple csv formats
- Possibility to customise headers
- More improvement to come for external csv file
2019-09-19 23:19:57 +02:00
chrisr3d
09590ca451
fix: Making pep8 happy
2019-09-17 14:13:05 +02:00
Christian Studer
205342996a
Merge pull request #335 from FafnerKeyZee/patch-2
...
Travis should not be complaining with the tests after the latest update on "test_cve"
2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_]
dc84c9f972
adding custom API
...
Adding the possibility to have our own API server.
2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_]
5c09b66706
Cleaning the error message
...
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d
5ebd0bd4fc
Merge branch 'master' of github.com:MISP/misp-modules
2019-09-16 14:31:01 +02:00
chrisr3d
8d33d6c18c
add: New parameter to specify a custom CVE API to query
...
- Any API specified here must return the same
format as the CIRCL CVE search one in order to
be supported by the parsing functions, and
ideally provide response to the same kind of
requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
Pierre-Jean Grenier
b2ab727f9b
fix: prevent symlink attacks
2019-08-22 11:23:37 +02:00
Pierre-Jean Grenier
413cc2469f
chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API
2019-08-21 16:35:11 +02:00
Alexandre Dulaunoy
c019e4d997
Merge pull request #322 from zaphodef/cuckooimport
...
Rewrite cuckooimport
2019-08-13 14:32:48 +02:00
Pierre-Jean Grenier
6ba6f8bb1f
new: Rewrite cuckooimport
2019-08-09 15:44:47 +02:00
chrisr3d
415fa55fff
fix: Avoiding issues when no CWE id is provided
2019-08-06 15:55:50 +02:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
4df528c331
add: Added initial event to reference it from the vulnerability object created out of it
2019-08-02 15:35:33 +02:00
chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00
chrisr3d
74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules
2019-05-29 11:26:14 +10:00
chrisr3d
f541b1f4ba
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-29 10:50:39 +10:00
Georg Schölly
9377a892f4
support url analyses
2019-05-28 16:19:35 +02:00
Georg Schölly
380b8d46ba
improve forwards-compatibility
2019-05-28 16:14:59 +02:00
chrisr3d
8ac651562e
fix: Making pep8 & travis happy
2019-05-23 16:13:49 +02:00
chrisr3d
be05de62c0
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report
2019-05-23 15:59:52 +02:00
chrisr3d
e608107a09
add: Parsing domains, urls & ips contacted by processes
2019-05-22 17:12:49 +02:00
chrisr3d
cfec9a6b1c
fix: Added references between processes and the files they drop
2019-05-22 15:27:04 +02:00
chrisr3d
191034d311
add: Starting parsing dropped files
2019-05-21 23:37:53 +02:00
Georg Schölly
1745d33ee4
add expansion for joe sandbox
2019-05-21 21:14:21 +02:00
chrisr3d
417c306ace
fix: Avoiding network connection object duplicates
2019-05-20 15:59:18 +02:00
chrisr3d
72e5f0099d
fix: Avoid creating a signer info object when the pe is not signed
2019-05-20 10:52:34 +02:00
chrisr3d
54f5fa6fa9
fix: Avoiding dictionary indexes issues
...
- Using tuples as a dictionary indexes is better
than using generators...
2019-05-20 09:19:38 +02:00
chrisr3d
0d5f867825
add: Starting parsing network behavior fields
2019-05-17 22:18:11 +02:00
chrisr3d
f9515c14d0
fix: Avoiding attribute & reference duplicates
2019-05-16 16:14:25 +02:00
chrisr3d
2246fc0d02
add: Parsing registry activities under processes
2019-05-16 16:11:43 +02:00
chrisr3d
067b229224
fix: Handling case of multiple processes in behavior field
...
- Also starting parsing file activities
2019-05-15 22:06:55 +02:00
chrisr3d
d195b554a5
fix: Testing if some fields exist before trying to import them
...
- Testing for pe itself, pe versions and pe signature
2019-05-15 22:05:03 +02:00
chrisr3d
fc8a56d1d9
fix: Removed test print
2019-05-15 15:49:29 +02:00
chrisr3d
df7047dff0
fix: Fixed output format to match with the recent changes on modules
2019-05-14 10:50:11 +02:00
chrisr3d
29e681ef81
add: Parsing processes called by the file analyzed in the joe sandbox report
2019-05-13 17:30:01 +02:00
chrisr3d
d39fb7da18
add: Parsing some object references at the end of the process
2019-05-13 17:29:07 +02:00
chrisr3d
728386d8a0
add: [new_module] Module to import data from Joe sandbox reports
...
- Parsing file, pe and pe-section objects from the
report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
2019-05-08 16:52:49 +02:00
chrisr3d
77db21cf18
fix: Making pep8 happy
2019-05-07 09:37:21 +02:00
chrisr3d
f1b5f05bb3
fix: Checking not MISP header fields
...
- Rejecting fields not recognizable by MISP
2019-05-07 09:35:56 +02:00
chrisr3d
6608671a01
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-07 08:38:16 +02:00
chrisr3d
28eb92da53
fix: Using pymisp classes & methods to parse the module results
2019-05-06 22:16:14 +02:00
chrisr3d
ae5bd8d06a
fix: Clearer user config messages displayed in the import view
2019-05-06 22:15:14 +02:00
Koen Van Impe
1cd60790fd
Bugfix for "sources" ; do not include as IDS for "access" registry keys
...
- Bugfix to query "operations" in files, mutex, registry
- Do not set IDS flag for registry 'access' operations
2019-05-06 16:36:26 +02:00
chrisr3d
d4bc85259d
fix: Removed unused library
2019-05-02 14:15:12 +02:00
chrisr3d
6f4b88606b
fix: Make pep8 happy
2019-05-02 14:07:36 +02:00
chrisr3d
a5ff849950
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-02 13:23:24 +02:00
Steve Clement
559ed786ba
chg: [pep8] try/except # noqa
...
Not sure how to make flake happy on this one.
2019-05-02 11:44:32 +09:00
Steve Clement
9af06fd24c
fix: [pep8] More fixes
2019-05-02 11:23:49 +09:00
Steve Clement
81ffabd621
fix: [pep8] More pep8 happiness
2019-05-02 11:06:32 +09:00
Steve Clement
553cf44337
fix: [pep8] Fixes
2019-05-02 10:37:48 +09:00
Koen Van Impe
c8a4d8d76f
New VMRay modules
...
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
2019-05-01 22:44:24 +02:00
root
c886247a64
fix: Fixed standard MISP csv format header
...
- The csv header we can find in data produced from
MISP restSearch csv format is the one to use to
recognize a csv file produced by MISP
2019-05-01 22:32:06 +02:00
root
f900cb7c68
fix: Fixed introspection fields for csvimport & goamlimport
...
- Added format field for goaml so the module is
known as returning MISP attributes & objects
- Fixed introspection to make the format, user
config and input source fields visible from
MISP (format also added at the same time)
2019-05-01 22:28:19 +02:00
root
db74c5f49a
fix: Fixed libraries import that changed with the latest merge
2019-05-01 22:26:53 +02:00
root
92351e6679
add: Added urlhaus in the expansion modules init list
2019-05-01 22:22:10 +02:00
chrisr3d
ed7a14b057
Merge branch 'features_csvimport' of github.com:MISP/misp-modules into new_module
2019-04-30 17:19:34 +02:00
chrisr3d
ee560155a4
Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport
2019-04-30 17:16:48 +02:00
chrisr3d
55e494c9ed
Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport
2019-04-30 17:16:31 +02:00
chrisr3d
922782f24b
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-04-30 08:57:19 +02:00
Alexandre Dulaunoy
ec766f571c
chg: [init] cleanup for pep
2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy
63c12f34e6
chg: [pdf-enrich] updated
2019-04-26 13:36:07 +02:00
Sascha Rommelfangen
fc339c888d
removed trailing whitespaces
2019-04-26 12:14:56 +02:00
Sascha Rommelfangen
1d4f8a6989
new modules added
2019-04-26 12:09:16 +02:00
Sascha Rommelfangen
f55d7946df
introduction of new modules
2019-04-26 12:07:55 +02:00
Sascha Rommelfangen
06036b7fe5
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-04-24 15:01:03 +02:00
Sascha Rommelfangen
07f759b07a
renamed file
2019-04-24 14:53:16 +02:00
Sascha Rommelfangen
5104bce451
renamed module
2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy
81b0082ae5
chg: [init] removed trailing whitespace
2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy
614fc1354b
chg: [ocr] re module not used - removed
2019-04-24 14:01:08 +02:00
Sascha Rommelfangen
7171c8ce92
initial version of OCR expansion module
2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy
18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo
...
Expansion module - File/URL submission to Cuckoo Sandbox
2019-04-23 19:36:28 +02:00
Sascha Rommelfangen
2d8aaf09c2
brackets are difficult...
2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy
e55ae11a1e
chg: [qrcode] added to the __init__
2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy
44050ec4da
chg: [qrcode] flake8 needs some drugs
2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy
d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant
2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy
a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module
2019-04-23 14:33:06 +02:00
Sascha Rommelfangen
c85ab8d93c
initial version of QR code reader
...
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
2019-04-23 11:38:56 +02:00
Ricardo van Zutphen
e6326185d5
Use double quotes and provide headers correctly
2019-04-19 16:24:30 +02:00
Ricardo van Zutphen
49acb53745
Update Cuckoo module to support files and URLs
2019-04-19 14:06:35 +02:00
Evert0x
e243edb503
Update __init__.py
2019-04-18 14:25:05 +02:00
Evert0x
eefa35c65d
Create cuckoo_submit.py
2019-04-18 00:23:38 +02:00
Raphaël Vinot
f5167c2f23
fix: Make flake8 happy.
2019-04-16 11:25:39 +02:00
iceone23
d24a6e2e24
Create cisco_firesight_manager_ACL_rule_export.py
...
Cisco Firesight Manager ACL Rule Export module
2019-04-15 06:17:27 -07:00
chrisr3d
4955698c63
Merge branch 'new_module' of github.com:MISP/misp-modules into new_module
2019-04-03 22:02:44 +02:00
chrisr3d
f492465c00
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-04-03 22:00:40 +02:00
Raphaël Vinot
f82933779f
fix: pep8 foobar.
2019-04-02 16:01:36 +02:00
Raphaël Vinot
9cb21f98e1
fix: Add the new module sin the list of modules availables.
2019-04-02 15:46:17 +02:00
Raphaël Vinot
c64f514a6f
fix: Typos in variable names
2019-04-02 15:39:27 +02:00
Raphaël Vinot
b89d068c04
new: Modules for greynoise, haveibeenpwned and macvendors
...
Source: https://github.com/src7/misp-modules
2019-04-02 15:30:11 +02:00
root
38fc479d12
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-01 16:29:10 +02:00
root
2439d5f75d
fix: Fixed object_id variable name typo
2019-04-01 16:28:19 +02:00
chrisr3d
756a794087
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-03-25 15:35:10 +01:00
Raphaël Vinot
1c0984eaec
fix: Remove unused import
2019-03-15 11:06:11 +01:00
chrisr3d
d87a67c6f3
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-03-14 19:04:32 +01:00
chrisr3d
0b92fd5a53
fix: Making json_decode even happier with full json format
...
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
2019-03-14 18:48:13 +01:00
Sascha Rommelfangen
5af667edff
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-03-14 14:41:24 +01:00
Sascha Rommelfangen
eb2dcca12b
fixed a bug when checking malformed BTC addresses
2019-03-14 14:39:58 +01:00