MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
1,047 Commits
23 Branches
47 Tags
22 MiB
Commit Graph

559 Commits (2246fc0d02b22ad3662b444a7743fd23f4e92584)

Author SHA1 Message Date
chrisr3d 2246fc0d02
add: Parsing registry activities under processes 2019-05-16 16:11:43 +02:00
chrisr3d 067b229224
fix: Handling case of multiple processes in behavior field 
- Also starting parsing file activities
 2019-05-15 22:06:55 +02:00
chrisr3d d195b554a5
fix: Testing if some fields exist before trying to import them 
- Testing for pe itself, pe versions and pe signature
 2019-05-15 22:05:03 +02:00
chrisr3d fc8a56d1d9
fix: Removed test print 2019-05-15 15:49:29 +02:00
chrisr3d df7047dff0
fix: Fixed output format to match with the recent changes on modules 2019-05-14 10:50:11 +02:00
chrisr3d 29e681ef81
add: Parsing processes called by the file analyzed in the joe sandbox report 2019-05-13 17:30:01 +02:00
chrisr3d d39fb7da18
add: Parsing some object references at the end of the process 2019-05-13 17:29:07 +02:00
chrisr3d 728386d8a0
add: [new_module] Module to import data from Joe sandbox reports 
- Parsing file, pe and pe-section objects from the
  report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
 2019-05-08 16:52:49 +02:00
chrisr3d 77db21cf18
fix: Making pep8 happy 2019-05-07 09:37:21 +02:00
chrisr3d f1b5f05bb3
fix: Checking not MISP header fields 
- Rejecting fields not recognizable by MISP
 2019-05-07 09:35:56 +02:00
chrisr3d 6608671a01 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-07 08:38:16 +02:00
chrisr3d 28eb92da53
fix: Using pymisp classes & methods to parse the module results 2019-05-06 22:16:14 +02:00
chrisr3d ae5bd8d06a
fix: Clearer user config messages displayed in the import view 2019-05-06 22:15:14 +02:00
Koen Van Impe 1cd60790fd Bugfix for "sources" ; do not include as IDS for "access" registry keys 
- Bugfix to query "operations" in files, mutex, registry
- Do not set IDS flag for registry 'access' operations
 2019-05-06 16:36:26 +02:00
chrisr3d d4bc85259d
fix: Removed unused library 2019-05-02 14:15:12 +02:00
chrisr3d 6f4b88606b
fix: Make pep8 happy 2019-05-02 14:07:36 +02:00
chrisr3d a5ff849950 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-02 13:23:24 +02:00
Steve Clement 559ed786ba
chg: [pep8] try/except # noqa 
Not sure how to make flake happy on this one.
 2019-05-02 11:44:32 +09:00
Steve Clement 9af06fd24c
fix: [pep8] More fixes 2019-05-02 11:23:49 +09:00
Steve Clement 81ffabd621
fix: [pep8] More pep8 happiness 2019-05-02 11:06:32 +09:00
Steve Clement 553cf44337
fix: [pep8] Fixes 2019-05-02 10:37:48 +09:00
Koen Van Impe c8a4d8d76f New VMRay modules 
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
 2019-05-01 22:44:24 +02:00
root c886247a64
fix: Fixed standard MISP csv format header 
- The csv header we can find in data produced from
  MISP restSearch csv format is the one to use to
  recognize a csv file produced by MISP
 2019-05-01 22:32:06 +02:00
root f900cb7c68
fix: Fixed introspection fields for csvimport & goamlimport 
- Added format field for goaml so the module is
  known as returning MISP attributes & objects
- Fixed introspection to make the format, user
  config and input source fields visible from
  MISP (format also added at the same time)
 2019-05-01 22:28:19 +02:00
root db74c5f49a
fix: Fixed libraries import that changed with the latest merge 2019-05-01 22:26:53 +02:00
root 92351e6679
add: Added urlhaus in the expansion modules init list 2019-05-01 22:22:10 +02:00
chrisr3d ed7a14b057 Merge branch 'features_csvimport' of github.com:MISP/misp-modules into new_module 2019-04-30 17:19:34 +02:00
chrisr3d ee560155a4 Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport 2019-04-30 17:16:48 +02:00
chrisr3d 55e494c9ed Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport 2019-04-30 17:16:31 +02:00
chrisr3d 922782f24b Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-04-30 08:57:19 +02:00
Alexandre Dulaunoy ec766f571c
chg: [init] cleanup for pep 2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy 63c12f34e6
chg: [pdf-enrich] updated 2019-04-26 13:36:07 +02:00
Sascha Rommelfangen fc339c888d removed trailing whitespaces 2019-04-26 12:14:56 +02:00
Sascha Rommelfangen 1d4f8a6989 new modules added 2019-04-26 12:09:16 +02:00
Sascha Rommelfangen f55d7946df introduction of new modules 2019-04-26 12:07:55 +02:00
Sascha Rommelfangen 06036b7fe5 Merge branch 'master' of https://github.com/MISP/misp-modules 2019-04-24 15:01:03 +02:00
Sascha Rommelfangen 07f759b07a renamed file 2019-04-24 14:53:16 +02:00
Sascha Rommelfangen 5104bce451 renamed module 2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy 81b0082ae5
chg: [init] removed trailing whitespace 2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy 614fc1354b
chg: [ocr] re module not used - removed 2019-04-24 14:01:08 +02:00
Sascha Rommelfangen 7171c8ce92 initial version of OCR expansion module 2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy 18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo 
Expansion module - File/URL submission to Cuckoo Sandbox
 2019-04-23 19:36:28 +02:00
Sascha Rommelfangen 2d8aaf09c2
brackets are difficult... 2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy e55ae11a1e
chg: [qrcode] added to the __init__ 2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy 44050ec4da
chg: [qrcode] flake8 needs some drugs 2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant 2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module 2019-04-23 14:33:06 +02:00
Sascha Rommelfangen c85ab8d93c
initial version of QR code reader 
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
 2019-04-23 11:38:56 +02:00
Ricardo van Zutphen e6326185d5 Use double quotes and provide headers correctly 2019-04-19 16:24:30 +02:00
Ricardo van Zutphen 49acb53745 Update Cuckoo module to support files and URLs 2019-04-19 14:06:35 +02:00