silviacuenca
64b7ef1340
Update doc references
2024-07-10 17:04:48 +02:00
goodlandsecurity
f5ff7d37d8
add stairwell expansion module and update misp-objects to a193e03
2024-05-08 10:47:35 -05:00
Alexandre Dulaunoy
89d1691592
chg: [misp-objects] updated
2023-12-22 13:48:55 +01:00
Jens Thom
5f77a68ee3
fix optional field access
2023-07-19 12:54:27 +02:00
Dermott, Scott
7f5174efd5
* Fix if network_behavior_field doesn't exist in packet
2022-04-07 15:10:15 +01:00
chrisr3d
cba06ab372
fix: [joe parser] Some clean-up on the Joe parser
2022-03-07 17:53:43 +01:00
Alexandre Dulaunoy
db902275b3
chg: [joe] skip not existing system in behavior
2022-03-05 15:24:29 +01:00
Alexandre Dulaunoy
30287e3b03
chg: [lib] latest stix2misp.py updated
2022-02-14 09:35:40 +01:00
Michael Chisholm
923fd05eb3
Contribute a TAXII 2.1 import style misp-module.
2022-01-11 21:54:09 -05:00
Calvin Krzywiec
dc0660acd0
feature: add qintel qsentry expansion module
2021-11-22 15:46:46 -05:00
Aaron Kaplan
d1aeafb3ae
unit test for dnsdbflex in lib/cof.py
2021-06-17 14:33:15 +00:00
aaronkaplan
9813f7f7cb
Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp
2021-05-27 01:58:55 +02:00
aaronkaplan
4816844d16
Add a function to validate dnsdbflex output
...
add dnsdbflex parser. It's rather easy
Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:38:56 +02:00
aaronkaplan
5b41c82f78
Add a function to validate dnsdbflex output
...
Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:16:11 +02:00
Alexandre Dulaunoy
bcc05c3337
Merge pull request #497 from aaronkaplan/cof2misp
...
Cof2misp
2021-05-04 18:27:33 +02:00
aaronkaplan
09f0f3943a
Add license text. No logical changes in this commit
2021-05-04 09:44:47 +02:00
Alexandre Dulaunoy
8e55101dc8
chg: [cof2misp module] fix the import module/package "__init__.py" missing
2021-05-03 12:04:22 +02:00
aaronkaplan
5a3465844a
Make stub strict parser
2021-05-02 22:23:52 +00:00
aaronkaplan
85864dad2e
make flake8 happier
2021-05-02 21:39:39 +00:00
aaronkaplan
d5d207f0cb
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:22:22 +00:00
aaronkaplan
ff950bc50c
Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp
2021-05-02 21:11:00 +00:00
aaronkaplan
f1da1dd6fa
Version 0.2 of the cof2misp import module.
2021-05-02 20:51:07 +00:00
aaronkaplan
c06b8ff604
Version 0.2 of the cof2misp import module.
2021-05-02 16:45:55 +00:00
Jens Thom
0e4e432dc4
fix imports and unused variables
2020-11-30 12:48:01 +01:00
Jens Thom
2a870f2d97
* add parser for report version v1 and v2
...
* add summary JSON import module
2020-11-30 12:06:19 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
chrisr3d
35c438e6ee
fix: typo
2020-01-10 10:38:12 +01:00
chrisr3d
f5452055f6
fix: Fixed vt_graph imports
2020-01-10 10:31:52 +01:00
chrisr3d
70b3079aa3
fix: Fixed pep8 in the new module and related libraries
2020-01-09 16:01:18 +01:00
chrisr3d
7722e2cb93
fix: Fixed typo on function import
2020-01-09 15:28:33 +01:00
Alvaro Garcia
10b4e78704
add vt_graph export module
2020-01-09 09:57:46 +00:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
3367e47490
fix: Avoid issues when there is no pe field in a windows file sample analysis
...
- For instance: doc file
2019-07-25 17:57:36 +02:00
chrisr3d
3d41104d5b
fix: Avoid adding file object twice if a KeyError exception comes for some unexpected reasons
2019-07-25 17:47:08 +02:00
chrisr3d
ddeb04bd74
add: Parsing linux samples and their elf data
2019-07-25 17:46:21 +02:00
chrisr3d
41bbbeddfb
fix: Testing if file & registry activities fields exist before trying to parse it
2019-07-25 17:44:32 +02:00
chrisr3d
4c8fe9d8ef
fix: Testing if there is some screenshot data before trying to fetch it
2019-07-25 17:43:11 +02:00
chrisr3d
e2a0f27d75
fix: Fixed direction of the relationship between files, PEs and their sections
...
- The file object includes a PE, and the PE
includes sections, not the other way round
2019-07-24 14:58:45 +02:00
chrisr3d
42b95c4210
fix: Fixed variable names
2019-07-24 12:21:58 +02:00
chrisr3d
5602cf1759
add: Parsing apk samples and their permissions
2019-07-24 11:59:11 +02:00
chrisr3d
fc8a573ba7
fix: Changed the way references added at the end are saved
...
- Some references are saved until they are added
at the end, to make it easier when needed
- Here we changed the way they are saved, from a
dictionary with some keys to identify each part
to the actual dictionary with the keys the
function add_reference needs, so we can directly
use this dictionary as is when the references are
added to the different objects
2019-07-24 11:14:12 +02:00
chrisr3d
181e6383a3
fix: Added missing add_attribute function
2019-07-03 11:14:46 +02:00
chrisr3d
9a6d484188
add: Added screenshot of the behavior of the analyzed sample
2019-06-21 10:53:12 +02:00
chrisr3d
1ac85a4879
fix: We will display galaxies with tags
2019-06-15 08:05:14 +02:00
chrisr3d
de966eac51
fix: Returning tags & galaxies with results
...
- Tags may exist with the current version of the
parser
- Galaxies are not yet expected from the parser,
nevertheless the principle is we want to return
them as well if ever we have some galaxies from
parsing a JoeSandbox report. Can be removed if
we never galaxies at all
2019-06-07 15:22:11 +02:00
chrisr3d
b52e17fa8d
fix: Removed duplicate finalize_results function call
2019-06-07 11:38:50 +02:00
chrisr3d
07698e5c72
fix: Fixed references between domaininfo/ipinfo & their targets
...
- Fixed references when no target id is set
- Fixed domaininfo parsing when no ip is defined
2019-06-03 18:38:58 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00