Commit Graph

441 Commits (306e9f320f922b2cb072425334e9e95310b86003)

Author SHA1 Message Date
chrisr3d b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects 2019-12-17 11:18:21 +01:00
chrisr3d 9c9f01b6ff
fix: Quick variable name fix 2019-12-17 11:17:56 +01:00
chrisr3d 6849daebfa
chg: Made circl_passivessl module able to return MISP objects 2019-12-17 10:26:43 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
Raphaël Vinot 5d7a829583 chg: Use MISPObject in ransomcoindb 2019-11-26 13:27:02 +01:00
aaronkaplan 06025e63d0
oops , use relative import 2019-11-26 01:52:31 +01:00
aaronkaplan d73a9b601a
use a helpful user-agent string 2019-11-26 01:08:28 +01:00
aaronkaplan 777483838b
Revert "fix url"
This reverts commit 44130e2bf9.
2019-11-25 22:24:57 +01:00
aaronkaplan 44130e2bf9
fix url 2019-11-25 20:51:20 +01:00
aaronkaplan 24ec4a0e23
remove pprint 2019-11-25 18:56:12 +01:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d ccf12a225c
fix: Making pep8 happy 2019-11-21 17:50:49 -05:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00
chrisr3d 4411166b43
fix: Fixed config parsing and the associated error message 2019-10-31 11:52:34 +01:00
chrisr3d 4f70011edf
fix: Fixed config parsing + results parsing
- Avoiding errors with config field when it is
  empty or the apikey is not set
- Parsing all the results instead of only the
  first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy c3c6f1a6ea
Merge pull request #346 from blaverick62/master
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick 717be2b859 Removed extraneous comments and unused imports 2019-10-30 15:44:47 +00:00
chrisr3d b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d 393b33d02d
fix: Fixed config field parsing for various modules
- Same as previous commit
2019-10-30 16:31:57 +01:00
chrisr3d d0ddfb3355
fix: [expansion] Better config field handling for various modules
- Testing if config is present before trying to
  look whithin the config field
- The config field should be there when the module
  is called form MISP, but it is not always the
  case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick c1ca936910 Fixed syntax error 2019-10-29 20:14:07 +00:00
Braden Laverick c06ceedfb8 Changed to single attribute EQL 2019-10-29 20:11:35 +00:00
Braden Laverick a426ad249d Added EQL enrichment module 2019-10-29 19:42:47 +00:00
chrisr3d dc7463a67e
fix: Avoid issues when some config fields are not set 2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy dec2494a0a
chg: [apiosintds] make flake8 happy 2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy fdbb0717e0
Merge pull request #344 from davidonzo/master
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d 204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules 2019-10-28 16:45:50 +01:00
chrisr3d 7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management 2019-10-28 16:39:08 +01:00
milkmix bdc5282e09 updated to geoip2 to support mmdb format 2019-10-25 18:09:44 +02:00
Davide 56e16dbaf5 Added apiosintDS module to query OSINT.digitalside.it services 2019-10-24 12:49:29 +02:00
chrisr3d e1602fdca9
fix: Updates following the latest CVE-search version
- Support of the new vulnerable configuration
  field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d d740abe74b
fix: Making pep8 happy 2019-10-17 10:45:51 +02:00
chrisr3d a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError 2019-10-17 10:42:34 +02:00
chrisr3d 5f7b127713
chg: Avoids returning empty values + easier results parsing 2019-10-15 23:30:39 +02:00
chrisr3d 8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration 2019-10-15 11:25:30 +02:00
chrisr3d 6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true 2019-10-13 20:23:02 +02:00
chrisr3d b560347d5d
fix: Considering the case of empty results 2019-10-08 15:49:09 +02:00
chrisr3d 8bcb630340
fix: Catching results exceptions properly 2019-10-08 15:48:26 +02:00
chrisr3d 2850d6f690
fix: Catching exceptions and results properly depending on the cases 2019-10-08 15:45:06 +02:00