GlennHD
0b9b6c4f41
Added GeoIP_ASN Enrichment module
2020-02-12 21:29:40 -06:00
GlennHD
7a3f9a422d
Added GeoIP_City Enrichment module
2020-02-12 21:28:41 -06:00
Jakub Onderka
acdc4b9d03
fix: [VT] Disable SHA512 query for VT
2020-02-07 12:20:12 +01:00
Hendrik
8f9940200b
Lastline verify_ssl option
...
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy
09cdc7277c
Merge pull request #365 from ostefano/analysis
...
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
Koen Van Impe
036933ea14
2nd fix for VT Public module
2020-01-17 11:26:35 +01:00
Koen Van Impe
610c99ce7b
Fix error message in Public VT module
2020-01-17 10:58:31 +01:00
chrisr3d
31a74a10c1
fix: Fixed ipasn test input format + module version updated
2020-01-10 15:37:54 +01:00
chrisr3d
b3bc533bc3
chg: Making ipasn module return asn object(s)
...
- Latest changes on the returned value as string
broke the freetext parser, because no asn number
could be parsed when we return the full json
blob as a freetext attribute
- Now returning asn object(s) with a reference to
the initial attribute
2020-01-10 15:02:59 +01:00
Erick Cheng
bfcba18e3c
Update ipasn.py
2020-01-07 18:58:40 +01:00
chrisr3d
7945d060ff
new: Enrichment module for querying APIVoid with domain attributes
2019-12-18 17:11:13 +01:00
chrisr3d
2fc0b44b90
fix: Making pep8 happy with whitespace after ':'
2019-12-18 16:16:47 +01:00
chrisr3d
3007761a55
fix: Making pep8 happy by having spaces around '+' operators
2019-12-17 16:31:53 +01:00
chrisr3d
5f90ae776f
fix: Making pep8 happy
2019-12-17 14:29:29 +01:00
chrisr3d
b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects
2019-12-17 11:18:21 +01:00
chrisr3d
9c9f01b6ff
fix: Quick variable name fix
2019-12-17 11:17:56 +01:00
chrisr3d
6849daebfa
chg: Made circl_passivessl module able to return MISP objects
2019-12-17 10:26:43 +01:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
Raphaël Vinot
5d7a829583
chg: Use MISPObject in ransomcoindb
2019-11-26 13:27:02 +01:00
aaronkaplan
06025e63d0
oops , use relative import
2019-11-26 01:52:31 +01:00
aaronkaplan
d73a9b601a
use a helpful user-agent string
2019-11-26 01:08:28 +01:00
aaronkaplan
777483838b
Revert "fix url"
...
This reverts commit 44130e2bf9
.
2019-11-25 22:24:57 +01:00
aaronkaplan
44130e2bf9
fix url
2019-11-25 20:51:20 +01:00
aaronkaplan
24ec4a0e23
remove pprint
2019-11-25 18:56:12 +01:00
aaronkaplan
5350003e3a
initial version of the ransomcoindb expansion module
2019-11-25 18:52:39 +01:00
chrisr3d
ccf12a225c
fix: Making pep8 happy
2019-11-21 17:50:49 -05:00
chrisr3d
96712da5e0
add: Module to query AssemblyLine and parse the results
...
- Takes an AssemblyLine submission link to query
the API and get the full submission report
- Parses the potentially malicious files and the
IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d
de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine
2019-11-20 17:35:37 -05:00
chrisr3d
dc9ea98d2c
fix: Making pep8 happy
2019-11-20 10:13:51 -05:00
chrisr3d
58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine
2019-11-19 15:41:35 -05:00
chrisr3d
f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain
2019-11-17 19:11:26 -05:00
chrisr3d
4990bcebd8
fix: Avoiding KeyError exception when no result is found
2019-11-17 18:00:19 -05:00
chrisr3d
0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
...
- Now able to return MISP objects
- Support of the xforce exchange authentication
with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d
852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list
2019-11-04 16:52:26 +01:00
chrisr3d
bfe227d555
fix: More clarity on the exception raised on the securitytrails module
2019-10-31 17:19:42 +01:00
chrisr3d
69e81b47d7
fix: Better exceptions handling on the passivetotal module
2019-10-31 17:18:23 +01:00
chrisr3d
4411166b43
fix: Fixed config parsing and the associated error message
2019-10-31 11:52:34 +01:00
chrisr3d
4f70011edf
fix: Fixed config parsing + results parsing
...
- Avoiding errors with config field when it is
empty or the apikey is not set
- Parsing all the results instead of only the
first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy
c3c6f1a6ea
Merge pull request #346 from blaverick62/master
...
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick
717be2b859
Removed extraneous comments and unused imports
2019-10-30 15:44:47 +00:00
chrisr3d
b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
...
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d
d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
...
- Avoiding securitytrails to fail with an unavailable
feature for free accounts
- Avoiding urlhaus to fail with input attribute
fields that are not critical for the query and
results
- Avoiding VT modules to fail when a certain
resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d
393b33d02d
fix: Fixed config field parsing for various modules
...
- Same as previous commit
2019-10-30 16:31:57 +01:00
chrisr3d
d0ddfb3355
fix: [expansion] Better config field handling for various modules
...
- Testing if config is present before trying to
look whithin the config field
- The config field should be there when the module
is called form MISP, but it is not always the
case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick
c1ca936910
Fixed syntax error
2019-10-29 20:14:07 +00:00
Braden Laverick
c06ceedfb8
Changed to single attribute EQL
2019-10-29 20:11:35 +00:00
Braden Laverick
a426ad249d
Added EQL enrichment module
2019-10-29 19:42:47 +00:00
chrisr3d
dc7463a67e
fix: Avoid issues when some config fields are not set
2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy
dec2494a0a
chg: [apiosintds] make flake8 happy
2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy
fdbb0717e0
Merge pull request #344 from davidonzo/master
...
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d
204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules
2019-10-28 16:45:50 +01:00
chrisr3d
7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management
2019-10-28 16:39:08 +01:00
milkmix
bdc5282e09
updated to geoip2 to support mmdb format
2019-10-25 18:09:44 +02:00
Davide
56e16dbaf5
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-24 12:49:29 +02:00
chrisr3d
e1602fdca9
fix: Updates following the latest CVE-search version
...
- Support of the new vulnerable configuration
field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d
63dba29c52
fix: Fixed module names with - to avoid errors with python paths
2019-10-18 11:09:10 +02:00
chrisr3d
d740abe74b
fix: Making pep8 happy
2019-10-17 10:45:51 +02:00
chrisr3d
a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError
2019-10-17 10:42:34 +02:00
chrisr3d
5f7b127713
chg: Avoids returning empty values + easier results parsing
2019-10-15 23:30:39 +02:00
chrisr3d
8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration
2019-10-15 11:25:30 +02:00
chrisr3d
6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true
2019-10-13 20:23:02 +02:00
chrisr3d
b560347d5d
fix: Considering the case of empty results
2019-10-08 15:49:09 +02:00
chrisr3d
8bcb630340
fix: Catching results exceptions properly
2019-10-08 15:48:26 +02:00
chrisr3d
2850d6f690
fix: Catching exceptions and results properly depending on the cases
2019-10-08 15:45:06 +02:00
chrisr3d
5d4a0bff98
fix: Handling cases where there is no result from the query
2019-10-08 13:28:23 +02:00
chrisr3d
662e58da88
fix: Fixed pattern parsing + made the module hover only
2019-10-07 16:46:32 +02:00
chrisr3d
b9b78d1606
fix: Travis tests should be happy now
2019-10-04 17:22:32 +02:00
chrisr3d
6801289175
fix: Returning results in text format
...
- Makes the hover functionality display the full
result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d
09590ca451
fix: Making pep8 happy
2019-09-17 14:13:05 +02:00
Christian Studer
205342996a
Merge pull request #335 from FafnerKeyZee/patch-2
...
Travis should not be complaining with the tests after the latest update on "test_cve"
2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_]
dc84c9f972
adding custom API
...
Adding the possibility to have our own API server.
2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_]
5c09b66706
Cleaning the error message
...
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d
8d33d6c18c
add: New parameter to specify a custom CVE API to query
...
- Any API specified here must return the same
format as the CIRCL CVE search one in order to
be supported by the parsing functions, and
ideally provide response to the same kind of
requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
chrisr3d
415fa55fff
fix: Avoiding issues when no CWE id is provided
2019-08-06 15:55:50 +02:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
4df528c331
add: Added initial event to reference it from the vulnerability object created out of it
2019-08-02 15:35:33 +02:00
chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
f541b1f4ba
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-29 10:50:39 +10:00
Georg Schölly
1745d33ee4
add expansion for joe sandbox
2019-05-21 21:14:21 +02:00
chrisr3d
d4bc85259d
fix: Removed unused library
2019-05-02 14:15:12 +02:00
chrisr3d
a5ff849950
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-02 13:23:24 +02:00
Steve Clement
553cf44337
fix: [pep8] Fixes
2019-05-02 10:37:48 +09:00
Koen Van Impe
c8a4d8d76f
New VMRay modules
...
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
2019-05-01 22:44:24 +02:00
root
92351e6679
add: Added urlhaus in the expansion modules init list
2019-05-01 22:22:10 +02:00
root
9d3741aeb9
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-30 08:59:05 +02:00
Alexandre Dulaunoy
ec766f571c
chg: [init] cleanup for pep
2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy
63c12f34e6
chg: [pdf-enrich] updated
2019-04-26 13:36:07 +02:00
Sascha Rommelfangen
fc339c888d
removed trailing whitespaces
2019-04-26 12:14:56 +02:00
Sascha Rommelfangen
1d4f8a6989
new modules added
2019-04-26 12:09:16 +02:00
Sascha Rommelfangen
f55d7946df
introduction of new modules
2019-04-26 12:07:55 +02:00
Sascha Rommelfangen
06036b7fe5
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-04-24 15:01:03 +02:00
Sascha Rommelfangen
07f759b07a
renamed file
2019-04-24 14:53:16 +02:00
Sascha Rommelfangen
5104bce451
renamed module
2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy
81b0082ae5
chg: [init] removed trailing whitespace
2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy
614fc1354b
chg: [ocr] re module not used - removed
2019-04-24 14:01:08 +02:00
Sascha Rommelfangen
7171c8ce92
initial version of OCR expansion module
2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy
18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo
...
Expansion module - File/URL submission to Cuckoo Sandbox
2019-04-23 19:36:28 +02:00
Sascha Rommelfangen
2d8aaf09c2
brackets are difficult...
2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy
e55ae11a1e
chg: [qrcode] added to the __init__
2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy
44050ec4da
chg: [qrcode] flake8 needs some drugs
2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy
d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant
2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy
a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module
2019-04-23 14:33:06 +02:00
Sascha Rommelfangen
c85ab8d93c
initial version of QR code reader
...
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
2019-04-23 11:38:56 +02:00
Ricardo van Zutphen
e6326185d5
Use double quotes and provide headers correctly
2019-04-19 16:24:30 +02:00
Ricardo van Zutphen
49acb53745
Update Cuckoo module to support files and URLs
2019-04-19 14:06:35 +02:00
Evert0x
e243edb503
Update __init__.py
2019-04-18 14:25:05 +02:00
Evert0x
eefa35c65d
Create cuckoo_submit.py
2019-04-18 00:23:38 +02:00
Raphaël Vinot
f82933779f
fix: pep8 foobar.
2019-04-02 16:01:36 +02:00
Raphaël Vinot
9cb21f98e1
fix: Add the new module sin the list of modules availables.
2019-04-02 15:46:17 +02:00
Raphaël Vinot
c64f514a6f
fix: Typos in variable names
2019-04-02 15:39:27 +02:00
Raphaël Vinot
b89d068c04
new: Modules for greynoise, haveibeenpwned and macvendors
...
Source: https://github.com/src7/misp-modules
2019-04-02 15:30:11 +02:00
root
38fc479d12
Merge branch 'master' of https://github.com/MISP/misp-modules into new_module
2019-04-01 16:29:10 +02:00
root
2439d5f75d
fix: Fixed object_id variable name typo
2019-04-01 16:28:19 +02:00
Raphaël Vinot
1c0984eaec
fix: Remove unused import
2019-03-15 11:06:11 +01:00
chrisr3d
d87a67c6f3
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-03-14 19:04:32 +01:00
chrisr3d
0b92fd5a53
fix: Making json_decode even happier with full json format
...
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
2019-03-14 18:48:13 +01:00
Sascha Rommelfangen
5af667edff
Merge branch 'master' of https://github.com/MISP/misp-modules
2019-03-14 14:41:24 +01:00
Sascha Rommelfangen
eb2dcca12b
fixed a bug when checking malformed BTC addresses
2019-03-14 14:39:58 +01:00
chrisr3d
62bc45e03a
fix: Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part
2019-03-14 14:31:38 +01:00
chrisr3d
9c8ee1f3d7
new: Expansion module to query urlhaus API
...
- Using the next version of modules, taking a
MISP attribute as input and able to return
attributes and objects
- Work still in process in the core part
2019-03-13 09:57:28 +01:00
Alexandre Dulaunoy
0bf27c1b69
chg: [btc_scam_check] fix spacing for making flake 8 happy
2019-02-11 14:23:18 +01:00
chrisr3d
74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-02-11 09:28:49 +01:00
Alexandre Dulaunoy
f0ccfd2027
chg: [backscatter.io] blind fix regarding undefined value
2019-02-10 16:56:01 +01:00
Alexandre Dulaunoy
7b1a837b10
chg: [backscatter.io] remove blank line at the end of the file
2019-02-10 16:40:06 +01:00
Alexandre Dulaunoy
acc35e3a02
chg: [backscatter.io] Exception handler fixed for recent version of Python
2019-02-10 16:33:09 +01:00
9b
c8b410161a
Use the write var on return
2019-02-08 12:29:43 -05:00
9b
e4c1468968
Stubbed module
2019-02-08 12:27:20 -05:00
chrisr3d
08fe0cbe09
fix: Description fixed
2019-02-05 14:54:22 +01:00
chrisr3d
d1000d82c4
add: New module to check if a bitcoin address has been abused
...
- Also related update of documentation
2019-02-05 14:46:42 +01:00
Raphaël Vinot
454c9e0f43
fix: Pep8 related fixes.
2019-02-04 11:05:51 +01:00
Raphaël Vinot
3d47eb7420
fix: make flake8 happy
2019-01-25 10:45:07 +01:00
Sascha Rommelfangen
c52b95cdbe
sometimes server doesn't return expected values. fixed.
2019-01-24 09:51:46 +01:00
Raphaël Vinot
0189a117a3
fix: Change in the imports in other sigma module
2019-01-21 14:14:19 +01:00
Raphaël Vinot
b791b177c3
fix: Change in the imports
2019-01-21 14:06:38 +01:00
Raphaël Vinot
d5ec09fe4a
fix: Change module name
2019-01-21 13:57:45 +01:00
Raphaël Vinot
55f05e0524
chg: Use pipenv, update bgpranking/ipasn modules
2019-01-21 13:31:52 +01:00
Raphaël Vinot
8fc5b1fd1f
fix: Make pep8 happy
2018-12-11 15:29:09 +01:00
Raphaël Vinot
d0aec62f1a
new: Intel471 module
2018-12-11 13:30:52 +01:00
Sascha Rommelfangen
d5eb34270a
Merge branch 'master' of https://github.com/MISP/misp-modules
2018-11-26 15:56:33 +01:00
Sascha Rommelfangen
96570caece
cosmetic output change
2018-11-26 15:56:11 +01:00
chrisr3d
e30a5d2502
fix: Removed not valid input type
2018-11-22 12:30:12 +01:00
chrisr3d
7cfc7a730b
fix: Cleaned up not used variables
2018-11-22 12:27:45 +01:00
chrisr3d
627420ca43
fix: Updated rbl module result format
...
- More readable as str than dumped json
2018-11-22 12:27:16 +01:00
chrisr3d
547985b8ce
fix: Added Macaddress.io module in the init list
2018-11-22 12:26:27 +01:00
chrisr3d
be3063f3c6
fix: Typo on input type
2018-11-22 12:24:47 +01:00
chrisr3d
22173c249e
add: Update to support sha1 & sha256 attributes
2018-11-22 12:23:40 +01:00
chrisr3d
b778dd5e67
fix: Fixed type of the result in case of exception
...
- Set as str since some exception types are not
jsonable
2018-11-21 16:06:22 +01:00
chrisr3d
1b44668094
fix: Added hostname attribute support as it is intended
2018-11-21 16:05:38 +01:00
chrisr3d
651f69126d
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-13 16:05:24 +01:00
chrisr3d
299e97d1ce
add: Added imphash to input attribute types
2018-11-13 15:40:47 +01:00
Sascha Rommelfangen
3e25428978
debug removed
2018-11-13 15:34:33 +01:00
Sascha Rommelfangen
8285ff324f
API changes reflected
2018-11-13 15:30:06 +01:00
chrisr3d
58b3a069bf
fix: Updated yara import error message
...
- Better to 'pip install -I -r REQUIREMENTS' to
have the correct yara-python version working
for all the modules, than having another one
failing with yara hash & pe modules
2018-11-12 16:22:14 +01:00
chrisr3d
ad1ccdb9d0
Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch
2018-11-12 12:48:58 +01:00
Alexandre Dulaunoy
5d1583d88b
chg: [onyphe] fix #252
2018-11-11 15:49:14 +01:00
Sascha Rommelfangen
463d7ae874
bug fix regarding leftovers between runs
2018-11-07 14:57:19 +01:00
Steve Clement
91f922b5c4
chg: [btc] Removed simple PoC for btc expansion.
2018-11-07 22:53:21 +09:00
Sascha Rommelfangen
00b1b3214b
added btc_steroids to the list
2018-11-07 14:28:28 +01:00
Sascha Rommelfangen
b01cb28323
initial version of a Bitcoin module
2018-11-07 14:14:39 +01:00
Steve Clement
7bafa939b0
new: [btc] Very simple BTC expansion
...
chg: [req] yara-python is preferred
2018-11-06 00:48:36 +09:00
chrisr3d
d1308f9924
chg: Validating yara rules after their creation
2018-11-02 21:35:02 +01:00
chrisr3d
1c10fd5e50
fix: Making yara query an expansion module for single attributes atm
2018-10-31 10:21:21 +01:00
chrisr3d
1d530a7fa6
new: First version of a yara rule creation expansion module
2018-10-18 14:44:57 +02:00
chrisr3d
e2cebd6c3e
fix: Catching errors while parsing additional info in requests
2018-09-25 17:10:19 +02:00
Codelinefi-admin
c19989e217
Fixed a bug with wrong dates conversion
2018-09-19 21:50:56 +03:00
isox
f1325f4316
Fixed getting of the Vulners AI score.
2018-09-18 18:36:12 +03:00
Igor Ivanov
3e9589d0f4
code cleanup and formatting
2018-09-18 14:38:49 +02:00
Igor Ivanov
8d7d377464
added exploit information
2018-09-18 12:11:47 +02:00
Igor Ivanov
5dc05bfafc
initial Vulners module PoC
2018-09-18 11:18:55 +02:00
Codelinefi-admin
db7dbd6ed5
macaddress.io hover module added
2018-09-13 17:02:49 +03:00
chrisr3d
5c718c5379
fix: Making python 3.5 happy with the exception type ImportError
2018-09-08 02:53:15 +02:00
chrisr3d
cfbd63f14e
fix: Fixed exception type for python 3.5
2018-09-07 18:06:01 +02:00
chrisr3d
a18db2ed1d
fix: Fixed exception type
2018-09-07 17:56:25 +02:00
chrisr3d
48fcf9a85e
fix: Fixed syntax error
2018-09-07 17:49:28 +02:00
chrisr3d
26647a164b
fix: Fixed indentation error
2018-09-07 17:43:46 +02:00
chrisr3d
5c69f1d867
Merge branch 'master' of github.com:MISP/misp-modules
2018-09-07 16:59:21 +02:00
Sascha Rommelfangen
ef781f59f8
fixed typo
...
via #220
2018-09-06 14:05:55 +02:00
chrisr3d
ba728f7120
fix: Fixed 1 variable misuse + cleaned up variable names
...
- Fixed use of 'domain' variable instead of 'email'
- Cleaned up variable names to avoid redefinition
of built-in variables
2018-09-03 14:43:51 +02:00
chrisr3d
cdf2f434ce
fix: Avoiding adding attributes that are already in the event
2018-09-03 14:30:33 +02:00
chrisr3d
33181bc52b
fix: Fixed quick variable issue
2018-09-03 14:29:42 +02:00
chrisr3d
0ab38feade
fix: Cleaned up test function not used anymore
2018-09-03 13:17:48 +02:00
chrisr3d
936e30b15b
fix: Multiple attributes parsing support
...
- Fixing one of my previous changes not processing
multiple attributes parsing
2018-09-03 12:03:42 +02:00
chrisr3d
2af947a2de
fix: Removed print
2018-09-03 10:23:05 +02:00
chrisr3d
bc2a73c5cf
Merge branch 'master' of github.com:MISP/misp-modules
2018-09-02 20:21:01 +02:00
chrisr3d
179430d69d
fix: Some cleanup and output types fixed
...
- hashes types specified in output
2018-08-31 21:38:53 +02:00
SuRb0
b0be965e57
Update urlscan.py
...
Added hash to the search so you can take advantage of the new file down load function on urlscan.io. You can use this to pivot on file hashes and find out domains that hosting the same malicious file.
2018-08-30 19:41:34 -05:00
chrisr3d
35f3a5e43f
fix: Quick cleanup
2018-08-30 20:45:29 +02:00
chrisr3d
18bad54603
Merge branch 'master' of github.com:MISP/misp-modules
2018-08-30 09:11:25 +02:00
David J
a697f65382
Add error handling for DNS failures, reduce imports, and simplify misp_comments
2018-08-14 10:51:15 -05:00
David J
bdbf538893
Create urlscan.py
2018-08-10 16:00:01 -05:00
chrisr3d
3a57d11745
Merge branch 'chrisr3d_patch' of github.com:chrisr3d/misp-modules
2018-08-08 17:41:07 +02:00
chrisr3d
90baa1dd5a
add: Added DBL spamhaus module documentation and in expansion init file
2018-08-08 17:05:22 +02:00
chrisr3d
61232ad93e
new: Expansion hover module to check spamhaus DBL for a domain name
2018-08-08 17:00:10 +02:00
chrisr3d
0666a60b3d
fix: [cleanup] Quick clean up on exception type
2018-08-07 18:15:15 +02:00
chrisr3d
bb6002a3ff
fix: [cleanup] Quick clean up on yaml load function
2018-08-07 18:14:29 +02:00
chrisr3d
57af98720d
fix: [cleanup] Quick clean up on exception type
2018-08-07 18:13:25 +02:00
sebdraven
d7fac002af
Merge branch 'master' into dnstrails
2018-07-18 11:07:44 +02:00
Sebdraven
804e59ed8d
change type of status
2018-07-18 10:58:51 +02:00
Sebdraven
c8e20d9087
remove print
2018-07-18 10:51:47 +02:00
Sebdraven
f2df6dc538
last commit for release
2018-07-18 10:47:42 +02:00
Sebdraven
88859a0ba7
add logs
2018-07-17 18:43:52 +02:00
Sebdraven
8cbeda40a5
add searching_stats
2018-07-17 18:42:01 +02:00
Sebdraven
9d603344c2
add searching_stats
2018-07-17 18:32:50 +02:00
Sebdraven
c785cae89b
correct key
2018-07-17 17:22:48 +02:00
Sebdraven
2706c4a82a
correct key
2018-07-17 17:21:38 +02:00
Sebdraven
431c1511a3
correct param
2018-07-17 17:20:30 +02:00
Sebdraven
999ae1f6f0
add searching domains
2018-07-17 17:09:01 +02:00
Sebdraven
a41cf59e0c
add searching domains
2018-07-17 15:05:15 +02:00
Sebdraven
966f9603a9
add return
2018-07-12 15:02:46 +02:00
Sebdraven
7f52a15d16
add logs
2018-07-12 14:59:50 +02:00
Sebdraven
3eda712193
add whois expand to test
2018-07-12 14:58:48 +02:00
Sebdraven
5a422c2e5b
add whois expand to test
2018-07-12 14:57:37 +02:00
Sebdraven
db35c9b091
correct index error
2018-07-12 14:55:56 +02:00
Sebdraven
0341bdc398
error call functions
2018-07-12 14:52:01 +02:00
Sebdraven
2f5381d7b2
add logs
2018-07-12 14:49:51 +02:00
Sebdraven
0b0137829a
add logs
2018-07-12 14:48:15 +02:00
Sebdraven
86d236f859
add status_ok to true
2018-07-12 14:47:34 +02:00
Sebdraven
aa89a7fc4d
add logs
2018-07-12 14:44:19 +02:00
Sebdraven
86d9427816
add logs
2018-07-12 14:42:33 +02:00
Sebdraven
a0cf9de590
add logs
2018-07-12 14:38:38 +02:00
Sebdraven
9de201375b
add logs
2018-07-12 14:37:09 +02:00
Sebdraven
d56bf55038
add logs
2018-07-12 14:33:52 +02:00
Sebdraven
844b25b4cd
correct out of bound returns
2018-07-12 14:32:56 +02:00
Sebdraven
9063da88cd
correct key and return of functions
2018-07-12 14:27:59 +02:00
Sebdraven
731c06a939
add logs
2018-07-12 14:17:16 +02:00
Sebdraven
fb595c08aa
add logs
2018-07-12 14:16:19 +02:00
Sebdraven
41587bd568
correct typo
2018-07-12 14:14:43 +02:00
Sebdraven
4b0daee6f1
test whois history
2018-07-12 14:04:37 +02:00
Sebdraven
576b3c9b9b
history whois dns
2018-07-12 13:40:51 +02:00
chrisr3d
32419c398e
Merge branch 'master' of github.com:MISP/misp-modules
2018-07-12 00:05:01 +02:00
chrisr3d
a62078aad1
add: Experimental expansion module to display the SIEM signatures from a sigma rule
2018-07-11 23:43:42 +02:00
Sebdraven
51067039da
correct typo
2018-07-11 13:03:47 +02:00
Sebdraven
3a2aab6d71
rename misp modules
2018-07-11 12:41:54 +02:00
Sebdraven
a8ae6e06e9
add a test to check if the list is not empty
2018-07-11 12:09:34 +02:00
Sebdraven
f0a4c71908
add a test to check if the list is not empty
2018-07-11 12:08:01 +02:00
Sebdraven
dbeec4682e
add logs
2018-07-11 12:02:31 +02:00
Sebdraven
fb262b451f
debug whois
2018-07-11 12:00:59 +02:00
Sebdraven
80e71f582c
debug ipv4 or ipv6
2018-07-11 11:58:42 +02:00
Sebdraven
386d38c88f
add debug
2018-07-11 11:55:59 +02:00
Sebdraven
45decc728d
debug
2018-07-11 11:55:31 +02:00
Sebdraven
45c473aef5
change status
2018-07-11 11:52:10 +02:00
Sebdraven
64e7f9c8b6
change history dns
2018-07-11 11:47:10 +02:00
Sebdraven
560dacbf7e
add logs to debug
2018-07-11 11:40:22 +02:00
Sebdraven
74c611d2fb
correct call function
2018-07-11 11:37:07 +02:00
Sebdraven
f47a64b364
add history mx and soa
2018-07-11 11:24:49 +02:00
Sebdraven
43a49dafc6
add history dns and handler exception
2018-07-11 09:48:14 +02:00
Sebdraven
54d996cb00
add history dns
2018-07-11 09:39:09 +02:00
Sebdraven
dcdb6e5895
switch type ip
2018-07-11 09:02:47 +02:00
Sebdraven
42c362d2fd
refactoring expand_whois
2018-07-11 09:00:23 +02:00
Sebdraven
41635d43c7
correct typo
2018-07-11 08:49:59 +02:00
Sebdraven
3a96e189ed
add ipv6 and ipv4
2018-07-11 08:43:23 +02:00
Sebdraven
f2333a4978
change type
2018-07-10 16:55:13 +02:00
Sebdraven
9e6162a434
change type
2018-07-10 16:53:06 +02:00
Sebdraven
26950ea7de
change loop
2018-07-10 16:51:31 +02:00
Sebdraven
e9747a3379
add time sleep in each request
2018-07-10 16:41:44 +02:00
Sebdraven
602da3d1a3
control return of records
2018-07-10 16:35:01 +02:00
Sebdraven
495c720d0f
add history ipv4
2018-07-10 16:31:39 +02:00
Sebdraven
21794249d0
add logs
2018-07-10 15:17:37 +02:00
Sebdraven
b677cd5fc7
change categories
2018-07-10 15:16:02 +02:00
Sebdraven
1d100833a4
concat results
2018-07-10 15:12:27 +02:00
Sebdraven
1223d93d52
change name keys
2018-07-10 15:07:54 +02:00
Sebdraven
714c15f079
change return value
2018-07-10 15:05:10 +02:00
Sebdraven
e1a1648f14
add logs
2018-07-10 15:01:04 +02:00
Sebdraven
f710162bed
change errors
2018-07-10 14:59:39 +02:00
Sebdraven
2a8fb76e84
add logs
2018-07-10 14:56:20 +02:00
Steve Clement
562a6b1308
- Removed test modules from view
...
- Moved skeleton expansion module to it's proper place
2018-07-03 08:27:54 +02:00
chrisr3d
90e42c0305
fix: Put the stix2-pattern library import in a try statement
...
--> Error more easily caught
2018-07-02 12:14:21 +02:00
chrisr3d
08d8459e1a
add: STIX2 pattern syntax validator
2018-07-02 11:38:33 +02:00
Sebdraven
34da5cdb76
add expand whois
2018-06-29 17:57:11 +02:00
Sebdraven
f1c6095914
typo
2018-06-29 17:26:56 +02:00
Sebdraven
78d6de9b7a
add categories and comments
2018-06-29 17:25:37 +02:00
Sebdraven
0965def6bf
add expand subdomains
2018-06-29 17:22:19 +02:00
Sebdraven
64847a8a04
add expand subdomains
2018-06-29 17:19:21 +02:00
Sebdraven
2d1adf4aa9
change categories
2018-06-29 16:30:47 +02:00
Sebdraven
0275e3ecd8
changes keys
2018-06-29 16:20:35 +02:00
Sebdraven
f3962d2d05
add status !
2018-06-29 16:17:32 +02:00
Sebdraven
09c52788b8
add methods
2018-06-29 16:11:24 +02:00
Sebdraven
cfe971a271
add expand domains
2018-06-29 15:50:26 +02:00
Sebdraven
60f772b905
add new module dnstrails
2018-06-29 11:27:36 +02:00
chrisr3d
b1c90b411e
add: Sigma syntax validator expansion module
...
--> Checks sigma rules syntax
- Updated the expansion modules list as well
- Updated the requirements list
2018-06-28 10:41:32 +02:00
chrisr3d
7c691af807
Updated the list of expansion modules
2018-06-28 10:39:40 +02:00
Sebdraven
785aac3e6b
add return handle domains
2018-06-22 16:18:23 +02:00
Sebdraven
87b07b89b5
add search
2018-06-22 16:15:34 +02:00
Sebdraven
396b71ef3b
add domain to expand
2018-06-22 16:06:34 +02:00
Sebdraven
de6a81d488
correct bugs
2018-06-22 16:04:14 +02:00
Sebdraven
83999d6402
add domain expansion
2018-06-22 15:57:52 +02:00
Sebdraven
96c829470d
add comment
2018-06-22 15:14:44 +02:00
Sebdraven
8d03354399
correct bugs
2018-06-22 15:12:10 +02:00
Sebdraven
e9c18b3d5f
correct comments
2018-06-22 13:03:09 +02:00
Sebdraven
e230c88c15
add threat list expansion
2018-06-22 11:59:09 +02:00
Sebdraven
1d1fd36569
change method to concat methods
2018-06-20 18:05:28 +02:00
Sebdraven
e712a31760
set status after requests
2018-06-20 18:04:12 +02:00
Sebdraven
a9b7a10c41
set status after requests
2018-06-20 18:03:34 +02:00
Sebdraven
4166475f9e
add logs
2018-06-20 18:02:12 +02:00
Sebdraven
fe00f099f6
add logs
2018-06-20 17:59:49 +02:00
Sebdraven
153d8bd340
add logs
2018-06-20 17:56:19 +02:00
Sebdraven
9195887f98
pep 8
2018-06-20 17:51:46 +02:00
Sebdraven
2afd2b8aaf
correct bug
2018-06-20 17:50:28 +02:00
Sebdraven
04e932cce0
add datascan expansion
2018-06-20 17:47:11 +02:00
Sebdraven
b56f8cfa36
add reverse infos
2018-06-20 16:30:56 +02:00
Sebdraven
d4be9d9fda
add reverse infos
2018-06-20 16:29:04 +02:00
Sebdraven
4a8a79c560
add reverse infos
2018-06-20 16:26:09 +02:00
Sebdraven
0d120af647
add reverse infos
2018-06-20 16:24:17 +02:00
Sebdraven
a24b529868
add forward infos
2018-06-20 15:33:21 +02:00
Sebdraven
d0f42c1772
add comment of attributes
2018-06-20 15:07:55 +02:00
Sebdraven
915747073a
add comment of attributes
2018-06-20 15:05:00 +02:00
Sebdraven
7eba7c0386
error loops
2018-06-20 14:53:08 +02:00
Sebdraven
d1e72676f1
error method
2018-06-20 14:50:48 +02:00
Sebdraven
3a4294391f
error type
2018-06-20 14:48:18 +02:00
Sebdraven
9427c76603
error keys
2018-06-20 14:45:06 +02:00
Sebdraven
e1bc67afad
add expansion synscan
2018-06-20 14:41:57 +02:00
Sebdraven
5426ec5380
change key access domains
2018-06-20 12:40:52 +02:00
Sebdraven
7a3c4b1084
change add in results
2018-06-20 12:38:41 +02:00
Sebdraven
e8aefde2ee
add logs
2018-06-20 12:36:32 +02:00
Sebdraven
7195f33f5d
correct error keys
2018-06-20 12:34:07 +02:00
Sebdraven
c14d05adef
test patries expansion
2018-06-20 12:32:54 +02:00
Sebdraven
8ae7210aef
add onyphe full module
2018-06-20 11:07:33 +02:00
Sebdraven
023c35f5d8
add onyphe full module and code the stub
2018-06-14 16:47:11 +02:00
Sebdraven
14695bbeb9
correct codecov
2018-06-11 13:34:45 +02:00
Sebdraven
755d907580
pep 8 compliant
2018-06-11 13:21:21 +02:00
Sebdraven
f6b8655f64
correct type of comments
2018-06-11 12:29:51 +02:00
Sebdraven
43402fde26
correct typo
2018-06-11 12:28:40 +02:00
Sebdraven
e0631c9651
correct typo
2018-06-11 12:02:34 +02:00
Sebdraven
59b49f9d20
add domains forward
2018-06-11 12:00:46 +02:00
Sebdraven
d9ee5286e3
add domains
2018-06-11 11:59:00 +02:00
Sebdraven
2e0e63fad6
add targeting os
2018-06-11 11:25:17 +02:00
Sebdraven
7580c63433
add category for AS number
2018-06-11 10:59:06 +02:00
Sebdraven
f069cd9bf4
change keys
2018-06-11 10:56:40 +02:00
Sebdraven
0a543ca0d5
change type
2018-06-11 10:55:44 +02:00
Sebdraven
ef035d051b
add category
2018-06-11 10:54:06 +02:00
Sebdraven
735e626058
add as number with onyphe
2018-06-11 10:41:05 +02:00
Sebdraven
04032d110c
add as number with onyphe
2018-06-08 18:31:08 +02:00
Sebdraven
cad35b5332
error indentation
2018-06-08 18:11:04 +02:00
Sebdraven
3ec1535897
correct key in map result
2018-06-08 18:09:59 +02:00
Sebdraven
f18f8fe05a
correct a bug
2018-06-08 18:01:58 +02:00
Sebdraven
6eeca0fba1
add pastebin url imports
2018-06-08 17:53:50 +02:00
Sebdraven
e6bac113ba
add onyphe module
2018-06-08 16:38:41 +02:00
Andras Iklody
0b0f57b30c
Update countrycode.py
2018-06-06 08:31:41 +02:00
Alexandre Dulaunoy
2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules
2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy
9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset.
2018-05-29 21:54:22 +02:00
Nick Driver
252d190714
fix missing comma
...
fix ip-dst and vulnerability input
2018-03-30 14:27:37 -04:00
Fred Morris
d0f618b648
Add exception blocks for query errors.
2018-03-08 15:26:39 -08:00
x41\x43
0436118747
Improving regex (validating e-mail)
...
Line 48:
The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom ) and needed to be with start (^) and end ($).
This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete.
Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14.
2018-03-06 18:12:36 +01:00
Andras Iklody
978903f911
Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162
2018-02-20 14:08:14 +01:00
Dennis Rand
43db92dbe6
Added Yara syntax validation expansion module
2018-02-12 19:11:54 +00:00
Christophe Vandeplas
8a1a860cda
added CrowdStrike Falcon Intel Indicators expansion module
2018-01-19 14:42:25 +01:00
chrisr3d
d045cf7d5f
chg: Modified output format
2018-01-16 19:46:52 +01:00
chrisr3d
18523c4ada
Check an IPv4 address against known RBLs
2018-01-16 17:08:44 +01:00
Christophe Vandeplas
0be1886444
fix farsight_passivedns - rdata 404 not found
2018-01-16 15:13:17 +01:00
Christophe Vandeplas
4cdb143733
fixes missing init file in dnsdb library folder
2017-12-06 09:23:44 +01:00
Christophe Vandeplas
0ec8339d7a
New Farsight DNSDB Passive DNS expansion module
2017-12-05 16:41:41 +01:00
Jericho
32958324ca
minor touch-ups on error messages for user friendliness
2017-11-16 23:04:41 -07:00
Koen Van Impe
74e660d61b
VulnDB Queries
...
Search on CVE at https://vulndb.cyberriskanalytics.com/
https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
2017-11-06 14:23:03 +01:00
Alexandre Dulaunoy
03baa0b84d
fix : #137 when a CVE is not found, a return message is given
2017-10-21 19:52:19 +02:00
Chris Doman
c4fe78b39d
Add AlienVault OTX and ThreatCrowd Expansions
2017-07-11 18:16:45 +01:00
Hannah Ward
648c6414c3
fix: Use the proper formatting method and not the horrible % one
2017-03-08 16:35:03 +00:00
kx499
aa3a11cd5f
bug fixes
2017-03-08 04:08:23 +01:00
kx499
31a8fb0fe4
threatminer initial commit
2017-03-06 21:36:00 -05:00
Raphaël Vinot
44867b2adc
Cosmetic changes
2017-03-05 18:59:36 +01:00
kx499
3ecd095d1e
bug fixes, tweaks, and python3 learning curve :)
2017-03-04 03:10:45 +01:00
kx499
01fdf3e52b
Initial commit of IPRep module
2017-03-03 15:55:52 -05:00
kx499
bc1eab3520
fixed spacing, addressed error handling for public api, added subdomains, and added context comment
2017-02-28 22:04:24 -05:00
rmarsollier
b5b7e09ef4
Some improvements of virustotal plugin
2017-02-10 14:16:39 +01:00
Joerg Stephan
de3495ea6c
passed local run check
2017-02-01 14:05:29 +01:00
Joerg Stephan
68250094ff
v1
2017-01-31 16:57:16 +01:00
Joerg Stephan
dad73feaa4
python3 changes
2017-01-31 16:34:41 +01:00
Joerg Stephan
3590504821
XForce Exchange v1 (alpha)
2017-01-21 23:31:19 +01:00
Hannah Ward
727f302dd1
Standardised key checking
2017-01-07 10:38:28 -05:00
Hannah Ward
20fd05a231
Fixed checking for submission_names in VT JSON
2017-01-07 10:37:57 -05:00
CheYenBzh
d7b33532eb
Update virustotal.py
2017-01-07 10:37:47 -05:00
Raphaël Vinot
9bf1c936cf
Do not crash if the dat file is not available
2016-12-16 15:22:16 +01:00
Raphaël Vinot
064c3e3649
Fix path to config file
2016-12-16 15:14:48 +01:00
Raphaël Vinot
29bedc7faa
Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master
2016-12-16 15:05:45 +01:00
Raphaël Vinot
60d3e0a1ac
Better error reporting
2016-12-16 12:02:28 +01:00
Raphaël Vinot
ffc0a97126
Catch exception
2016-12-16 11:52:51 +01:00
Raphaël Vinot
467e50327d
Add reverse lookup
2016-12-16 11:22:22 +01:00
Raphaël Vinot
4a8ccb54fb
Refactoring of domaintools expansion module
2016-12-15 16:49:56 +01:00
Andreas Muehlemann
cc58b05d6e
added empty line to end of config file
2016-12-07 17:28:16 +01:00
Andreas Muehlemann
98a27ac3ff
removed DEFAULT section from configfile
2016-12-07 16:36:02 +01:00
Andreas Muehlemann
6853d67a43
fixed more typos
2016-12-07 16:13:46 +01:00
Andreas Muehlemann
6dcc77ba5d
fixed typo
2016-12-07 15:48:08 +01:00
Andreas Muehlemann
a95af26424
changed configparser from python2 to python3
2016-12-07 15:30:49 +01:00
Andreas Muehlemann
1e1796b414
updated missing parenthesis
2016-12-07 15:19:54 +01:00
Andreas Muehlemann
bb62394c1e
Merge branch 'geoip_country'
2016-12-07 14:54:33 +01:00
Andreas Muehlemann
d09c2f3d44
removed unneeded config option for misp
2016-12-07 14:29:11 +01:00
Andreas Muehlemann
6ea7acc5e4
removed debug message
2016-12-07 14:28:27 +01:00
Andreas Muehlemann
f8c7271467
added config option to geoip_country.py
2016-12-07 14:18:21 +01:00
Raphaël Vinot
2e3119b5f4
Add domaintools to the import list
2016-12-01 17:36:40 +01:00
Raphaël Vinot
0f8fa4aaec
Fix Typo
2016-12-01 16:44:29 +01:00
Raphaël Vinot
17205a1913
Add domain profile and reputation
2016-12-01 16:41:50 +01:00
Raphaël Vinot
7db1216efb
Add more comments
2016-12-01 13:45:14 +01:00
Raphaël Vinot
9dbd241e63
fix typo
2016-12-01 12:14:16 +01:00
Raphaël Vinot
6db5436c62
remove json.dumps
2016-12-01 11:54:04 +01:00
Raphaël Vinot
afd8b71349
Avoid passing None in comments
2016-12-01 10:26:40 +01:00
Raphaël Vinot
7c6153478e
Add comments to fields when possible
2016-11-30 18:09:11 +01:00
Raphaël Vinot
48d38c2821
Add initial Domain Tools module
2016-11-28 18:12:31 +01:00
Koen Van Impe
3253d92b42
Submit malware samples
...
_submit now includes malware samples (zipped content from misp)
_import checks when no vti_results are returned + bugfix
2016-11-18 18:23:52 +01:00
Raphaël Vinot
c676587461
Multiple clanges in the vmray modules.
...
* Generic fix to load modules requiring a local library
* Fix python3 support
* PEP8 related cleanups
2016-11-15 16:43:11 +01:00
Koen Van Impe
adda9562c0
VMRay Import & Submit module
...
* First commit
* No support for archives (yet) submit
2016-11-13 21:43:59 +01:00
Roman Graf
03b6fd7b74
label replaced by text, which is existing attribute
2016-10-11 14:48:59 +02:00
Alexandre Dulaunoy
d7137221db
Chg: wikidata module added
2016-10-07 16:21:54 +02:00
Roman Graf
d4370fc0e3
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term.
2016-10-07 12:57:01 +02:00
Andreas Muehlemann
a568d1a1b3
updated geoip_country to __init__.py
2016-09-28 14:06:18 +02:00
Andreas Muehlemann
4bc76acd37
added geoip_country.py
2016-09-28 14:05:43 +02:00
Andreas Muehlemann
985f9de800
added new module reversedns.py, added reversedns to __init__.py
2016-09-22 11:42:52 +02:00
Raphaël Vinot
a0cce11964
Dump host info as text
2016-09-15 15:59:08 +02:00
Raphaël Vinot
ea2f106b00
Fix typo
2016-09-15 15:32:13 +02:00
Raphaël Vinot
43834b6d51
Add simple Shodan module
2016-09-15 15:11:04 +02:00
Alexandre Dulaunoy
2df8bf970e
Merge pull request #47 from FloatingGhost/CEF_Export
...
CEF export, fixes in CountryCode, virustotal
2016-09-01 19:39:16 +02:00
Hannah Ward
4f923d6606
Removed silly subdomain module
2016-09-01 16:14:25 +01:00
Hannah Ward
a492d975c4
Now searches within observable_compositions
2016-08-19 17:21:12 +01:00
Hannah Ward
9db9247e55
Removed calls to print
2016-08-17 13:04:30 +01:00
Hannah Ward
232014f221
Added virustotal tests
2016-08-17 13:01:11 +01:00
Alexandre Dulaunoy
062f2dfd30
New modules added to __init__
2016-08-17 11:27:07 +02:00
Hannah Ward
4ba86d4fa3
CountryCode JSON now is only grabbed once per server run
2016-08-17 09:51:16 +01:00
Hannah Ward
042bf2bb2f
Added virustotal module
2016-08-17 09:30:15 +01:00
Hannah Ward
0f9221229a
Improved virustotal module
2016-08-15 11:09:40 +01:00