aaronkaplan
36904c688c
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:49:40 +00:00
aaronkaplan
85864dad2e
make flake8 happier
2021-05-02 21:39:39 +00:00
aaronkaplan
ff950bc50c
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:11:00 +00:00
aaronkaplan
f1da1dd6fa
Version 0.2 of the cof2misp import module.
2021-05-02 20:51:07 +00:00
aaronkaplan
c06b8ff604
Version 0.2 of the cof2misp import module.
2021-05-02 16:45:55 +00:00
Sebdraven
16f9ec9f6d
fix bug
2021-04-30 15:46:59 +02:00
Sebdraven
73ea9620bf
add reference
2021-04-30 15:39:56 +02:00
Sebdraven
86beb488c1
add test to check
2021-04-30 15:25:27 +02:00
Sebdraven
32aeb52efc
fixe typo
2021-04-30 15:22:55 +02:00
Sebdraven
4478440d5b
remove pass
2021-04-30 15:16:47 +02:00
Sebdraven
7f1caaba25
add object certificate
2021-04-30 15:16:22 +02:00
Sebdraven
098616846d
add hostname
2021-04-23 16:19:47 +02:00
Sebdraven
e1c2c779aa
Update onyphe.py
...
remove typo
2021-04-23 16:16:43 +02:00
Sebdraven
f32717c896
check entry in result dico
2021-04-23 16:15:38 +02:00
Sebdraven
436254cd8c
add logs
2021-04-23 16:13:32 +02:00
Sebdraven
7813ba4fc3
fix logical test
2021-04-23 16:11:10 +02:00
Sebdraven
9fd23d6fe0
add logs
2021-04-23 16:09:21 +02:00
Sebdraven
ff6470d0e2
add logs
2021-04-23 16:07:44 +02:00
Sebdraven
8fbe371eca
add logs
2021-04-23 16:06:20 +02:00
Sebdraven
94f6af8882
add summary ip
...
object domain
2021-04-23 16:02:21 +02:00
Sebdraven
9364859ce9
refactoring of the module
2021-04-22 15:05:29 +02:00
Sebdraven
b9407ad85a
Merge branch 'main'
2021-04-22 11:27:43 +02:00
Sebdraven
7ab2e099f4
fix typo
2021-04-21 18:15:16 +02:00
Sebdraven
9f5a4be9d7
remove variable unused
2021-04-21 17:54:01 +02:00
Sebdraven
abac4cfab7
remove import unused and add package in requirements
2021-04-21 17:51:22 +02:00
Sebdraven
1b9d47dd33
Update yeti.py
...
pep 8 compliant
2021-04-21 15:41:20 +02:00
Sebdraven
a76978d6c6
Update yeti.py
...
remove tags and entity
2021-04-21 15:40:46 +02:00
Sebdraven
a277cbb8bf
Update yeti.py
...
add input
2021-04-21 14:45:07 +02:00
sebdraven
f6675a71e4
Merge pull request #2 from MISP/master
...
Master
2021-04-21 12:42:33 +02:00
Sebdraven
7e5238e8be
Update yeti.py
...
add tests
2021-04-20 14:35:18 +02:00
Sebdraven
8683c9e5ce
Update yeti.py
...
add ns record dst and src link
2021-04-20 14:13:16 +02:00
Sebdraven
26bc02617f
Update yeti.py
...
add test to create result
2021-04-20 14:08:31 +02:00
Sebdraven
3426ad13c5
Update yeti.py
...
fix edges
2021-04-20 14:05:51 +02:00
Sebdraven
fd76e55093
Update yeti.py
...
fix typo
2021-04-20 13:56:45 +02:00
Sebdraven
dfa46b551a
Update yeti.py
...
change params
2021-04-20 13:55:36 +02:00
Sebdraven
baaaa81ec3
Update yeti.py
...
add ns_record object
2021-04-20 13:53:06 +02:00
Sebdraven
cec06ed26d
Update yeti.py
...
change loop
2021-04-20 13:38:45 +02:00
Sebdraven
bb1cd7c4de
Update yeti.py
...
fix bug
2021-04-20 12:43:43 +02:00
Sebdraven
e037c4c767
Update yeti.py
...
remove tests
2021-04-20 12:42:49 +02:00
Sebdraven
e0506ee31e
Update yeti.py
...
filter by id
2021-04-20 12:40:01 +02:00
Sebdraven
f701256008
Update yeti.py
...
add src
2021-04-20 12:33:46 +02:00
Sebdraven
a2741e8eb7
Update yeti.py
...
fix keyerror
2021-04-20 12:30:22 +02:00
Sebdraven
9cb1a83e54
Update yeti.py
...
fix bug about id
2021-04-20 12:24:34 +02:00
Sebdraven
37867f89ee
Update yeti.py
...
add logs
2021-04-20 12:21:56 +02:00
Sebdraven
507e56228f
Update yeti.py
...
add logs
2021-04-20 12:19:43 +02:00
Sebdraven
abba63f32f
Update yeti.py
...
add test of id
2021-04-20 12:17:17 +02:00
Sebdraven
1a67f8ed96
Update yeti.py
...
add log
2021-04-20 12:08:59 +02:00
Sebdraven
385af28a0a
Update yeti.py
...
add descripton
2021-04-20 12:07:06 +02:00
Sebdraven
8ea3d5c5c7
Update yeti.py
...
add file to add in attribute
2021-04-20 10:41:44 +02:00
Sebdraven
5d80b79bc4
Update yeti.py
...
add tags for attribute
2021-04-19 17:55:29 +02:00
Sebdraven
43672ee9a9
Update yeti.py
...
remove tag
2021-04-19 17:20:13 +02:00
Sebdraven
f7ca8bf140
Update yeti.py
...
test tags
2021-04-19 17:19:23 +02:00
Sebdraven
ee7c065795
Update yeti.py
...
change tags method
2021-04-19 17:16:59 +02:00
Sebdraven
21b52dda15
Update yeti.py
...
add related observable and AS
2021-04-19 17:10:47 +02:00
Sebdraven
5e6aec4162
Update yeti.py
...
remove print debug
2021-04-19 13:49:02 +02:00
Sebdraven
b46a3a8885
Update yeti.py
...
fix bugs key error
2021-04-19 13:47:45 +02:00
Sebdraven
0da40b34ee
Update yeti.py
...
add param
2021-04-19 13:45:29 +02:00
Sebdraven
1e98f1d575
Update yeti.py
...
try typo
2021-04-19 12:20:25 +02:00
Sebdraven
53cc15adcd
Update yeti.py
...
remove print
2021-04-19 12:12:32 +02:00
Sebdraven
ef6596637d
Update yeti.py
...
remove tests
2021-04-19 11:49:24 +02:00
Sebdraven
e3fc3a3f38
Update yeti.py
...
test
2021-04-19 11:47:06 +02:00
Sebdraven
8a24ed7fd6
Update yeti.py
...
add logs
2021-04-19 11:27:33 +02:00
Sebdraven
559533ea78
Update yeti.py
...
try test
2021-04-19 11:25:50 +02:00
Sebdraven
a29779eff6
Update yeti.py
...
add check
2021-04-19 11:24:01 +02:00
Sebdraven
4634567b23
Update yeti.py
...
correct bug
2021-04-19 11:09:38 +02:00
Sebdraven
be212097a7
Update yeti.py
...
add log
2021-04-19 11:08:21 +02:00
Sebdraven
af01db860a
Update yeti.py
...
add log
2021-04-19 11:05:16 +02:00
Sebdraven
07f54c1b86
Update yeti.py
...
correct typo
2021-04-19 11:03:39 +02:00
Sebdraven
69a5584dfe
Update yeti.py
...
add relation
2021-04-19 11:00:55 +02:00
Sebdraven
6cd99c03e4
Update yeti.py
...
refactoring and add Url neighboors
2021-04-19 10:46:07 +02:00
chrisr3d
dbff9b3aa8
chg: [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed
2021-04-16 22:00:27 +02:00
chrisr3d
576dcca671
chg: [rbl] Small changes on the rbl list and the results handling
2021-04-16 16:45:38 +02:00
chrisr3d
300cdc7a4c
fix: [ocr_enrich] Making Pep8 happy
2021-04-15 16:41:15 +02:00
chrisr3d
611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
...
- It looks like the `image_to_string` method now
assumes RGB format and the `imdecode` method
seems to give BGR format, so we convert the
image array before
2021-04-15 16:12:00 +02:00
chrisr3d
729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions
2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy
577d0de500
chg: [farsight] make PEP happy
2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy
0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other
2021-04-08 19:14:13 +02:00
chrisr3d
a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
...
- The object_relation `time_first` is added as the
`first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d
505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
...
- With last_seen set we can easily get results
included in a certain time frame (between first
seen and last seen), but we do not get the
latest results. In order to get those ones, we
skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d
5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
...
- We get the datetime format instead of the raw
timestamp
2021-03-30 03:47:34 +02:00
chrisr3d
327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
...
- Getting generator as a list as it is already the
case for all the other results, so it avoids
issues to read the results by accidently looping
through the generator before it is actually
needed, which would lose the content of the
generator
- Also removed print that was accidently introduced
with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d
8935c4adc5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-29 20:10:28 +02:00
chrisr3d
25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields
2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy
521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
...
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta
5e20ea0dc0
update community api to released ver
2021-03-26 11:19:40 -04:00
Brad Chiappetta
714eb425c6
fix ver info
2021-03-23 13:41:05 -04:00
Brad Chiappetta
2855f7ff5f
updates for greynoise community api
2021-03-23 13:39:36 -04:00
Sebdraven
b42da0435b
Update yeti.py
...
add key results
2021-03-19 15:55:18 +01:00
Sebdraven
240d043f91
Update yeti.py
...
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven
ef2bf29621
Update yeti.py
...
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven
76133ace8b
Update yeti.py
...
change logs
2021-03-19 15:37:49 +01:00
Sebdraven
6b35a7ee4d
Update yeti.py
...
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven
ed3e0d56fd
Update yeti.py
...
change logs
2021-03-19 15:29:21 +01:00
Sebdraven
1be2c27131
Update yeti.py
...
add logs
2021-03-19 15:26:45 +01:00
Sebdraven
83c4b2f4b0
Update yeti.py
...
add relation
2021-03-19 15:22:53 +01:00
Sebdraven
cd97186776
Update yeti.py
...
remove add
2021-03-19 15:20:58 +01:00
Sebdraven
624f423264
Update yeti.py
...
add logs
2021-03-19 15:19:37 +01:00
Sebdraven
5176a36acf
Update yeti.py
...
change relations
2021-03-19 15:16:00 +01:00
Sebdraven
86275d7610
Update yeti.py
...
change modification
2021-03-19 14:38:34 +01:00
Sebdraven
0a364cf815
Update yeti.py
...
update relation
2021-03-19 14:32:00 +01:00
Sebdraven
9eb41f4022
Update yeti.py
...
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven
0d035c0292
Update yeti.py
...
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven
b9ce6d689c
Update yeti.py
...
add ref
2021-03-19 13:56:02 +01:00
Sebdraven
28b554d975
Update yeti.py
...
add test
2021-03-19 12:24:15 +01:00
Sebdraven
bc1bea0ec4
Update yeti.py
...
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven
7255a1eddc
Update yeti.py
...
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven
65d8bb6b07
Update yeti.py
...
log json
2021-03-19 11:51:55 +01:00
Sebdraven
633f5efd56
Update yeti.py
...
log object
2021-03-19 11:48:55 +01:00
Sebdraven
bd5c1b0b53
Update yeti.py
...
add logs
2021-03-19 11:40:23 +01:00
Sebdraven
1dfdb5a2a2
Update yeti.py
...
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven
347d12c78c
Update yeti.py
...
add logs
2021-03-19 11:27:23 +01:00
Sebdraven
d868373c5a
Update yeti.py
...
add logs
2021-03-19 11:24:10 +01:00
Sebdraven
bd4a4b87fc
Update yeti.py
...
add logs
2021-03-19 11:18:01 +01:00
Sebdraven
c9bc97c9f9
Update yeti.py
...
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven
0618e288d3
Update yeti.py
...
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven
48f56b0690
Update yeti.py
...
add object
2021-03-19 10:52:48 +01:00
chrisr3d
9f80d69e64
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 19:34:18 +01:00
chrisr3d
458e432bb7
fix: Making pep8 happy
2021-03-18 19:22:26 +01:00
chrisr3d
aea7e247a5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 18:45:41 +01:00
chrisr3d
c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
...
- Since flex queries input may be email addresses,
we nake sure we replace '@' by '.' in the flex
queries input.
- We also run the flex queries with the input as
is first, before runnning them as second time
with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy
bd38fabba5
Merge pull request #481 from cocaman/main
...
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d
f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
...
- Standard types still supported as before
- Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel
a13184b078
adding additional tags
2021-03-13 20:59:54 +01:00
Corsin Camichel
d14d3d585f
first version of ThreatFox enrichment module
2021-03-13 20:36:49 +01:00
Corsin Camichel
d913ae4b36
updating "hibp" for API version 3
2021-03-13 17:44:27 +01:00
Jürgen Löhel
9e8d01b6c8
fix: google.py module
...
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel
c1700cc955
fix: google.py module
...
Corrects import for gh.com/abenassi/Google-Search-API.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven
6fc3b2a860
Update yeti.py
...
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven
294bdee51a
Update yeti.py
...
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven
33bba708bf
Update yeti.py
...
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven
bf617807df
Update yeti.py
...
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven
9de5dd89ee
Update yeti.py
...
add logs
2021-03-05 15:14:25 +01:00
Sebdraven
7e1bf41d47
Update yeti.py
...
add logs
2021-03-05 15:08:32 +01:00
Sebdraven
cb008124c3
Update yeti.py
...
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven
e3f23793e0
Update yeti.py
...
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven
6aff43cf99
Update yeti.py
...
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven
800020d6a2
Update yeti.py
...
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven
e2a1ade14a
Update yeti.py
...
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven
3fdce84ff7
Update yeti.py
...
add log
2021-03-05 11:24:43 +01:00
Sebdraven
e7cb15a0c4
Update yeti.py
...
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven
0f31893fdb
Update yeti.py
...
add logs
2021-03-05 11:06:12 +01:00
Sebdraven
1209cd3a75
yeti pluggin
...
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Jakub Onderka
38457f0a7b
fix: Consider mail body as UTF-8 encoded
2021-03-02 15:03:15 +01:00
Sebdraven
1def6e3f06
Update yeti.py
...
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven
b29b3ded28
Update yeti.py
...
add method version
2021-02-05 11:47:27 +01:00
Sebdraven
619d648084
Update yeti.py
...
correct import
2021-02-05 11:37:34 +01:00
Sebdraven
66fc121dbe
Update yeti.py
...
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven
7781a0cae7
add new module
...
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh
2832466f7f
Update assemblyline_submit.py
2021-02-02 22:56:02 +10:30
adammchugh
6f5c77ef08
Update assemblyline_query.py
2021-02-02 22:55:09 +10:30
adammchugh
07b8968b7d
Update assemblyline_submit.py
2021-02-02 22:52:27 +10:30
Cory Kennedy
774b2f37a6
Corrected VMray rest API import
...
When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy
ff9ac60bbd
Merge pull request #457 from trustar/main
...
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden
bad538653d
added more explicit error messages for indicators that return no enrichment data
2020-12-04 11:59:57 -08:00
Jens Thom
0e4e432dc4
fix imports and unused variables
2020-11-30 12:48:01 +01:00
Jens Thom
a404202d1d
Merge remote-tracking branch 'upstream/main' into main
2020-11-30 12:23:11 +01:00
Jens Thom
2a870f2d97
* add parser for report version v1 and v2
...
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix
2544218899
fixed error reported by LGTM analysis
2020-11-23 16:28:23 +01:00
milkmix
47980ef2eb
added missing quotes
2020-11-21 08:52:18 +01:00
milkmix
30d9ae6032
added URL support
2020-11-20 18:56:28 +01:00
milkmix
71d2aeaacd
typo in python src name
2020-11-20 16:31:48 +01:00
milkmix
451531326d
initial work on Defender for Endpoint export module
2020-11-20 16:29:08 +01:00
chrisr3d
575bed0da8
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-18 11:52:53 +01:00
chrisr3d
2464172e1a
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-11-18 11:34:33 +01:00
chrisr3d
c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue
2020-11-15 20:15:06 +01:00
chrisr3d
d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name
2020-11-15 20:11:08 +01:00
chrisr3d
dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
...
- The rrset and rdata queries remain the same but
with the parameter `flex_queries`, users can
also get the results of the flex rrnames & flex
rdata regex queries about their domain, hostname
or ip address
- Results can thus include passive-dns objects
containing the `raw_rdata` object_relation added
with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d
993a614a20
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-13 16:47:07 +01:00
chrisr3d
32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields
2020-11-13 15:49:58 +01:00
chrisr3d
bd3fa3ea07
chg: [cpe] Added default limit to the results
...
- Results returned by CVE-search are sorted by
cvss score and limited in number to avoid
potential massive amount of data retuned back
to MISP.
- Users can overwrite the default limit with the
configuration already present as optional, and
can also set the limit to 0 to get the full list
of results
2020-11-13 15:46:41 +01:00
chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer
38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
...
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot
2dde6e8757
fix: Typo in EMailObject
...
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d
3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
...
- The module no longer returns freetext, since the
result returned to the freetext import as text
only allowed MISP to parse the same AS number as
the input attribute.
- The new result returned with the updated module
is an asn object describing more precisely the
AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d
ae1016946b
fix: Making pep8 happy
2020-08-28 17:30:23 +02:00
chrisr3d
1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
...
- As expected with the misp_standard modules, the
input is a full attribute and the module is able
to return attributes and objects
- There was a lot of data that was parsed as regkey
attributes by the freetext import, the module now
parses properly the different field of the result
of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh
8087c9a6a1
Add proxy support and User-Agent header
2020-08-24 11:19:15 +02:00
David André
b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py
2020-08-24 10:11:08 +02:00
Jakub Onderka
bd7f7fa1f3
fix: [virustotal] Resolve key error when user enrich hostname
2020-08-17 17:34:21 +02:00
Jesse Hedden
10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update
2020-08-10 08:08:06 -07:00
Jesse Hedden
a3c01fa318
added comments
2020-08-10 07:53:24 -07:00
Jesse Hedden
91417d390b
added comments
2020-08-09 20:41:52 -07:00
Jesse Hedden
0b576faa68
added comments
2020-08-09 20:36:47 -07:00
Jesse Hedden
2d464adfd6
added error checking
2020-08-09 20:29:37 -07:00
johannesh
85d319e85e
Fix typo error introduced in commit: 3b7a5c4dc2
2020-08-07 10:36:40 +02:00
Jesse Hedden
ee21a88127
updating to include metadata and alter type of trustar link generated
2020-08-06 21:59:13 -07:00
chrisr3d
f1dac0c8df
fix: Fixed pep8
2020-07-28 15:23:24 +02:00
chrisr3d
d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits
2020-07-28 15:06:25 +02:00
chrisr3d
3ab67b23b6
fix: Avoid issues with the attribute value field name
...
- The module setup allows 'value1' as attribute
value field name, but we want to make sure that
users passing standard misp format with 'value'
instead, will not have issues, as well as
keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d
3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
...
- Checking if the input format is respected and
displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d
8180ecbfa8
chg: Making use of the Greynoise v2 API
2020-07-27 17:20:36 +02:00
johannesh
c91a61110a
Add Recorded Future expansion module
2020-07-23 12:28:56 +02:00
chrisr3d
a4e9fe456e
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-07-03 10:24:45 +02:00
chrisr3d
8e4c688dce
fix: Fixed list of sigma backends
2020-07-03 10:10:24 +02:00
Jakub Onderka
cda5feedaa
fix: [virustotal] Subdomains is optional in VT response
2020-07-01 16:13:40 +02:00
chrisr3d
f99174af2e
fix: Removed multiple spaces to comply with pep8
2020-07-01 11:27:36 +02:00
chrisr3d
26b0357ac7
fix: Making pep8 happy
2020-06-30 23:10:35 +02:00
chrisr3d
c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues
...
(until it is submitted via PR?)
2020-06-30 18:08:34 +02:00
chrisr3d
3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp
2020-06-30 18:07:14 +02:00
chrisr3d
cadcc8947c
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-06-30 17:14:38 +02:00
Jesse Hedden
a70558945a
removed obsolete file
2020-06-27 17:46:51 -07:00
Jesse Hedden
a91d50b507
corrected variable name
2020-06-27 17:29:01 -07:00
Jesse Hedden
9e1bc5681b
fixed indent
2020-06-25 15:22:54 -07:00
Jesse Hedden
2d31b4e037
fixed incorrect attribute name
2020-06-25 13:10:50 -07:00
Jesse Hedden
61fbb30e1c
fixed metatag; convert summaries generator to list for error handling
2020-06-25 10:54:34 -07:00
Jesse Hedden
b188d2da4e
added strip to remove potential whitespace
2020-06-24 17:47:41 -07:00
Jesse Hedden
b60d142d32
removed extra parameter
2020-06-22 15:06:39 -07:00
Jesse Hedden
b9d191686f
added try/except for TruSTAR API errors and additional comments
2020-06-22 14:54:37 -07:00
Jesse Hedden
f13233d04c
added comments and increased page size to max for get_indicator_summaries
2020-06-22 13:47:25 -07:00
Jesse Hedden
f3b27ca9c0
updated client metatag and version
2020-06-22 12:58:10 -07:00
Jesse Hedden
68b4fbba09
added client metatag to trustar client
2020-06-22 12:15:28 -07:00
Jesse Hedden
341a569de5
ready for code review
2020-06-21 19:52:17 -07:00
Jakub Onderka
fe1ea90b25
fix: [circl_passivessl] Return proper error for IPv6 addresses
2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy
ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
...
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka
b053e1c01b
fix: [circl_passivessl] Return not found error
...
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka
6e21893be4
fix: [circl_passivedns] Return not found error
...
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka
31d15056f9
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 11:12:47 +02:00
Jesse Hedden
67bdb38fc8
WIP: initial push
2020-05-29 17:41:13 -07:00
Jesse Hedden
8a95a000ee
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client
2020-05-29 17:21:20 -07:00
chrisr3d
1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2020-05-05 11:53:09 +02:00
Steve Clement
3fd6633c01
fix: [pep] Comply to PEP E261
2020-05-01 12:12:33 +09:00
Matthias Meidinger
ebf71a371b
Update vmray_submit
...
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark
fd3c62c460
Fix variable issue in the loop
2020-04-08 01:07:46 -07:00
Golbark
500f0301a9
Adding support for more input types, including multi-types
2020-04-07 06:53:42 -07:00
Golbark
b79636ccfa
new: usr: Censys Expansion module
2020-04-03 03:15:03 -07:00