MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
1,122 Commits
7 Branches
55 Tags
20 MiB
Commit Graph

140 Commits (40c70c1a5370680b0dbfa14858d5f3ba4d1d67fe)

Author SHA1 Message Date
chrisr3d aa3e873845
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 11:33:42 +10:00
chrisr3d 0d40830a7f
fix: Some quick fixes 
- Fixed strptime matching because months are
  expressed in abbreviated format
- Made data loaded while the parsing function is
  called, in case it has to be called multiple
  times at some point
 2019-06-03 18:35:58 +10:00
chrisr3d 74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules 2019-05-29 11:26:14 +10:00
Georg Schölly 9377a892f4 support url analyses 2019-05-28 16:19:35 +02:00
Georg Schölly 380b8d46ba improve forwards-compatibility 2019-05-28 16:14:59 +02:00
chrisr3d 8ac651562e
fix: Making pep8 & travis happy 2019-05-23 16:13:49 +02:00
chrisr3d be05de62c0
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report 2019-05-23 15:59:52 +02:00
chrisr3d e608107a09
add: Parsing domains, urls & ips contacted by processes 2019-05-22 17:12:49 +02:00
chrisr3d cfec9a6b1c
fix: Added references between processes and the files they drop 2019-05-22 15:27:04 +02:00
chrisr3d 191034d311
add: Starting parsing dropped files 2019-05-21 23:37:53 +02:00
chrisr3d 417c306ace
fix: Avoiding network connection object duplicates 2019-05-20 15:59:18 +02:00
chrisr3d 72e5f0099d
fix: Avoid creating a signer info object when the pe is not signed 2019-05-20 10:52:34 +02:00
chrisr3d 54f5fa6fa9
fix: Avoiding dictionary indexes issues 
- Using tuples as a dictionary indexes is better
  than using generators...
 2019-05-20 09:19:38 +02:00
chrisr3d 0d5f867825
add: Starting parsing network behavior fields 2019-05-17 22:18:11 +02:00
chrisr3d f9515c14d0
fix: Avoiding attribute & reference duplicates 2019-05-16 16:14:25 +02:00
chrisr3d 2246fc0d02
add: Parsing registry activities under processes 2019-05-16 16:11:43 +02:00
chrisr3d 067b229224
fix: Handling case of multiple processes in behavior field 
- Also starting parsing file activities
 2019-05-15 22:06:55 +02:00
chrisr3d d195b554a5
fix: Testing if some fields exist before trying to import them 
- Testing for pe itself, pe versions and pe signature
 2019-05-15 22:05:03 +02:00
chrisr3d fc8a56d1d9
fix: Removed test print 2019-05-15 15:49:29 +02:00
chrisr3d df7047dff0
fix: Fixed output format to match with the recent changes on modules 2019-05-14 10:50:11 +02:00
chrisr3d 29e681ef81
add: Parsing processes called by the file analyzed in the joe sandbox report 2019-05-13 17:30:01 +02:00
chrisr3d d39fb7da18
add: Parsing some object references at the end of the process 2019-05-13 17:29:07 +02:00
chrisr3d 728386d8a0
add: [new_module] Module to import data from Joe sandbox reports 
- Parsing file, pe and pe-section objects from the
  report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
 2019-05-08 16:52:49 +02:00
chrisr3d 77db21cf18
fix: Making pep8 happy 2019-05-07 09:37:21 +02:00
chrisr3d f1b5f05bb3
fix: Checking not MISP header fields 
- Rejecting fields not recognizable by MISP
 2019-05-07 09:35:56 +02:00
chrisr3d 6608671a01 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-07 08:38:16 +02:00
chrisr3d 28eb92da53
fix: Using pymisp classes & methods to parse the module results 2019-05-06 22:16:14 +02:00
chrisr3d ae5bd8d06a
fix: Clearer user config messages displayed in the import view 2019-05-06 22:15:14 +02:00
Koen Van Impe 1cd60790fd Bugfix for "sources" ; do not include as IDS for "access" registry keys 
- Bugfix to query "operations" in files, mutex, registry
- Do not set IDS flag for registry 'access' operations
 2019-05-06 16:36:26 +02:00
chrisr3d 6f4b88606b
fix: Make pep8 happy 2019-05-02 14:07:36 +02:00
chrisr3d a5ff849950 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-02 13:23:24 +02:00
Steve Clement 559ed786ba
chg: [pep8] try/except # noqa 
Not sure how to make flake happy on this one.
 2019-05-02 11:44:32 +09:00
Steve Clement 9af06fd24c
fix: [pep8] More fixes 2019-05-02 11:23:49 +09:00
Steve Clement 81ffabd621
fix: [pep8] More pep8 happiness 2019-05-02 11:06:32 +09:00
Koen Van Impe c8a4d8d76f New VMRay modules 
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
 2019-05-01 22:44:24 +02:00
root c886247a64
fix: Fixed standard MISP csv format header 
- The csv header we can find in data produced from
  MISP restSearch csv format is the one to use to
  recognize a csv file produced by MISP
 2019-05-01 22:32:06 +02:00
root f900cb7c68
fix: Fixed introspection fields for csvimport & goamlimport 
- Added format field for goaml so the module is
  known as returning MISP attributes & objects
- Fixed introspection to make the format, user
  config and input source fields visible from
  MISP (format also added at the same time)
 2019-05-01 22:28:19 +02:00
root db74c5f49a
fix: Fixed libraries import that changed with the latest merge 2019-05-01 22:26:53 +02:00
chrisr3d 55e494c9ed Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport 2019-04-30 17:16:31 +02:00
Raphaël Vinot 454c9e0f43 fix: Pep8 related fixes. 2019-02-04 11:05:51 +01:00
Raphaël Vinot 8fc5b1fd1f fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
Christophe Vandeplas 8817de4765 fix: threatanalyzer_import - bugfix for TA6.1 behavior 2018-11-16 13:29:47 +01:00
chrisr3d fcc18cbd73 Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport 2018-09-03 15:40:19 +02:00
Christophe Vandeplas 7deeb95820 fix: ta_import - bugfixes 2018-08-21 11:13:08 +02:00
Christophe Vandeplas 8d4e2025f7 ta_import - bugfixes for TA 6.1 2018-08-03 13:58:53 +02:00
chrisr3d 8b4d24ba63
fix: Fixed fields parsing to support files from csv export with additional context 2018-08-02 15:42:59 +02:00
chrisr3d 7980aa045a
fix: Handling the case of Context included in the csv file exported from MISP 2018-08-01 17:59:00 +02:00
chrisr3d 92fbcaeff6
fix: Fixed changes omissions in handler function 2018-07-28 00:07:02 +02:00
chrisr3d 63ba7580d3
chg: Updated csvimport to support files from csv export + import MISP objects 2018-07-27 23:13:47 +02:00
Christophe Vandeplas 2f27ff1244 ta_import - support for TheatAnalyzer 6.1 2018-07-27 14:44:06 +02:00