MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
1,612 Commits
6 Branches
54 Tags
18 MiB
Commit Graph

824 Commits (451531326d18a4b092a15778598529ad77f91043)

Author SHA1 Message Date
chrisr3d f1dac0c8df
fix: Fixed pep8 2020-07-28 15:23:24 +02:00
chrisr3d d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits 2020-07-28 15:06:25 +02:00
chrisr3d 3ab67b23b6
fix: Avoid issues with the attribute value field name 
- The module setup allows 'value1' as attribute
  value field name, but we want to make sure that
  users passing standard misp format with 'value'
  instead, will not have issues, as well as
  keeping the current setup
 2020-07-28 11:56:03 +02:00
chrisr3d 3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules 
- Checking if the input format is respected and
  displaying an error message if it is not
 2020-07-28 11:47:53 +02:00
chrisr3d 8180ecbfa8
chg: Making use of the Greynoise v2 API 2020-07-27 17:20:36 +02:00
johannesh c91a61110a Add Recorded Future expansion module 2020-07-23 12:28:56 +02:00
chrisr3d a4e9fe456e Merge branch 'main' of github.com:MISP/misp-modules into main 2020-07-03 10:24:45 +02:00
chrisr3d 8e4c688dce
fix: Fixed list of sigma backends 2020-07-03 10:10:24 +02:00
Jakub Onderka cda5feedaa fix: [virustotal] Subdomains is optional in VT response 2020-07-01 16:13:40 +02:00
chrisr3d f99174af2e
fix: Removed multiple spaces to comply with pep8 2020-07-01 11:27:36 +02:00
chrisr3d 26b0357ac7
fix: Making pep8 happy 2020-06-30 23:10:35 +02:00
chrisr3d c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues 
(until it is submitted via PR?)
 2020-06-30 18:08:34 +02:00
chrisr3d 3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp 2020-06-30 18:07:14 +02:00
chrisr3d cadcc8947c Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-06-30 17:14:38 +02:00
Jesse Hedden a70558945a removed obsolete file 2020-06-27 17:46:51 -07:00
Jesse Hedden a91d50b507 corrected variable name 2020-06-27 17:29:01 -07:00
Jesse Hedden 9e1bc5681b fixed indent 2020-06-25 15:22:54 -07:00
Jesse Hedden 2d31b4e037 fixed incorrect attribute name 2020-06-25 13:10:50 -07:00
Jesse Hedden 61fbb30e1c fixed metatag; convert summaries generator to list for error handling 2020-06-25 10:54:34 -07:00
Jesse Hedden b188d2da4e added strip to remove potential whitespace 2020-06-24 17:47:41 -07:00
Jesse Hedden b60d142d32 removed extra parameter 2020-06-22 15:06:39 -07:00
Jesse Hedden b9d191686f added try/except for TruSTAR API errors and additional comments 2020-06-22 14:54:37 -07:00
Jesse Hedden f13233d04c added comments and increased page size to max for get_indicator_summaries 2020-06-22 13:47:25 -07:00
Jesse Hedden f3b27ca9c0 updated client metatag and version 2020-06-22 12:58:10 -07:00
Jesse Hedden 68b4fbba09 added client metatag to trustar client 2020-06-22 12:15:28 -07:00
Jesse Hedden 341a569de5 ready for code review 2020-06-21 19:52:17 -07:00
Jakub Onderka fe1ea90b25 fix: [circl_passivessl] Return proper error for IPv6 addresses 2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port 
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
 2020-06-03 12:57:11 +02:00
Jakub Onderka b053e1c01b fix: [circl_passivessl] Return not found error 
If passivessl returns empty response, return Not found error instead of error in log
 2020-06-03 11:19:21 +02:00
Jakub Onderka 6e21893be4 fix: [circl_passivedns] Return not found error 
If passivedns returns empty response, return Not found error instead of error in log
 2020-06-03 11:15:46 +02:00
Jakub Onderka 31d15056f9 new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port 2020-06-03 11:12:47 +02:00
Jesse Hedden 67bdb38fc8 WIP: initial push 2020-05-29 17:41:13 -07:00
Jesse Hedden 8a95a000ee initial commit. not a working product. need to create a class to manage the MISP event and TruStar client 2020-05-29 17:21:20 -07:00
chrisr3d 1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2020-05-05 11:53:09 +02:00
Steve Clement 3fd6633c01
fix: [pep] Comply to PEP E261 2020-05-01 12:12:33 +09:00
Matthias Meidinger ebf71a371b Update vmray_submit 
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
 2020-04-23 14:47:48 +02:00
Golbark fd3c62c460 Fix variable issue in the loop 2020-04-08 01:07:46 -07:00
Golbark 500f0301a9 Adding support for more input types, including multi-types 2020-04-07 06:53:42 -07:00
Golbark b79636ccfa new: usr: Censys Expansion module 2020-04-03 03:15:03 -07:00
chrisr3d 48b381d704
fix: Making pep8 happy 2020-03-18 18:58:11 +01:00
chrisr3d 0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute 2020-03-18 18:05:57 +01:00
chrisr3d 824c0031b3
fix: Catching errors in the reponse of the query to URLhaus 2020-03-18 17:57:55 +01:00
chrisr3d 422f654988
fix: Making pep8 happy with indentation 2020-03-18 10:24:06 +01:00
Jakub Onderka fe34023866
csvimport: Return error if input is not valid UTF-8 2020-03-12 11:02:43 +01:00
Koen Van Impe 2713d3c655 Update __init__ 2020-03-10 19:50:00 +01:00
Koen Van Impe c86f4a4180 Make Travis (a little bit) happy 2020-03-10 18:48:25 +01:00
Koen Van Impe e023f0b470 Cytomic Orion MISP Module 
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
 2020-03-10 18:25:30 +01:00
chrisr3d 0b4d6738de
fix: Making pep8 happy 2020-03-10 11:15:16 +01:00
bennyv 6c00f02e42 Removed Unused Import 2020-03-04 11:54:55 +11:00
bennyv 0a8a829ac1 Fixed handler error handling for missing config 2020-03-04 11:30:44 +11:00
bennyv a32685df8a Initial Build of SOPHOSLabs Intelix Product 2020-03-04 09:52:55 +11:00
chrisr3d cda5004a0d
fix: Removed unused import 2020-02-26 14:18:09 +01:00
chrisr3d c9c6f69bd4
fix: Making pep8 happy 2020-02-26 11:59:14 +01:00
Christian Studer fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt 
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
 2020-02-26 11:53:11 +01:00
chrisr3d dea42d3929
chg: Catching missing config issue 2020-02-25 15:22:06 +01:00
Sean Whalen f5af7faace
Create __init__.py 2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt df3a6986ea Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls 2020-02-21 12:05:41 +01:00
chrisr3d 27717c0400
fix: Making the module config available so the module works 2020-02-13 11:40:22 +01:00
GlennHD 0ed0ceab9d
Update geoip_asn.py 2020-02-12 23:48:38 -06:00
GlennHD bdb4185a0a
Update geoip_city.py 2020-02-12 23:48:20 -06:00
GlennHD 46f0f410e7
Added geoip_asn and geoip_city to load 2020-02-12 21:31:41 -06:00
GlennHD 0b9b6c4f41
Added GeoIP_ASN Enrichment module 2020-02-12 21:29:40 -06:00
GlennHD 7a3f9a422d
Added GeoIP_City Enrichment module 2020-02-12 21:28:41 -06:00
Jakub Onderka acdc4b9d03 fix: [VT] Disable SHA512 query for VT 2020-02-07 12:20:12 +01:00
Hendrik 8f9940200b Lastline verify_ssl option 
Helps people with on-prem boxes
 2020-01-27 07:46:48 +01:00
chrisr3d b2c8f79220
fix: Making pep8 happy 2020-01-24 15:17:35 +01:00
Georg Schölly 04685ea63e joe: (1) allow users to disable PE object import (2) set 'to_ids' to False 2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy 09cdc7277c
Merge pull request #365 from ostefano/analysis 
change: migrate to analysis API when submitting files to Lastline
 2020-01-21 14:15:22 +01:00
Stefano Ortolani 66bf650b79 change: migrate to analysis API when submitting tasks to Lastline 2020-01-21 11:32:05 +00:00
Koen Van Impe 036933ea14 2nd fix for VT Public module 2020-01-17 11:26:35 +01:00
Koen Van Impe 610c99ce7b Fix error message in Public VT module 2020-01-17 10:58:31 +01:00
chrisr3d 31a74a10c1
fix: Fixed ipasn test input format + module version updated 2020-01-10 15:37:54 +01:00
chrisr3d b3bc533bc3
chg: Making ipasn module return asn object(s) 
- Latest changes on the returned value as string
  broke the freetext parser, because no asn number
  could be parsed when we return the full json
  blob as a freetext attribute
- Now returning asn object(s) with a reference to
  the initial attribute
 2020-01-10 15:02:59 +01:00
chrisr3d f5452055f6
fix: Fixed vt_graph imports 2020-01-10 10:31:52 +01:00
chrisr3d 70b3079aa3
fix: Fixed pep8 in the new module and related libraries 2020-01-09 16:01:18 +01:00
Christian Studer 7c2b001df3
Merge pull request #361 from VirusTotal/master 
add vt_graph export module
 2020-01-09 14:51:09 +01:00
Alvaro Garcia 10b4e78704 add vt_graph export module 2020-01-09 09:57:46 +00:00
Erick Cheng bfcba18e3c
Update ipasn.py 2020-01-07 18:58:40 +01:00
chrisr3d cf5ad29f27
chg: Checking attributes category 
- We check the category before adding the
  attribute to the event
- Checking if the category is correct and if not,
  doing a case insensitive check
- If the category is not correct after the 2 first
  tests, we simply delete it from the attribute
  and pymisp will give the attribute a default
  category value based on the atttribute type, at
  the creation of the attribute
 2020-01-07 17:03:10 +01:00
chrisr3d 7945d060ff
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00
chrisr3d 2fc0b44b90
fix: Making pep8 happy with whitespace after ':' 2019-12-18 16:16:47 +01:00
chrisr3d 3007761a55
fix: Making pep8 happy by having spaces around '+' operators 2019-12-17 16:31:53 +01:00
chrisr3d 5f90ae776f
fix: Making pep8 happy 2019-12-17 14:29:29 +01:00
chrisr3d b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects 2019-12-17 11:18:21 +01:00
chrisr3d 9c9f01b6ff
fix: Quick variable name fix 2019-12-17 11:17:56 +01:00
chrisr3d 6849daebfa
chg: Made circl_passivessl module able to return MISP objects 2019-12-17 10:26:43 +01:00
Raphaël Vinot b70c32af7b fix: Somewhat broken emails needed some love 2019-12-05 19:11:07 +01:00
Raphaël Vinot 6f95445143 chg: Update email import module, support objects 2019-12-04 15:25:01 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
Raphaël Vinot 5d7a829583 chg: Use MISPObject in ransomcoindb 2019-11-26 13:27:02 +01:00
aaronkaplan 06025e63d0
oops , use relative import 2019-11-26 01:52:31 +01:00
aaronkaplan d73a9b601a
use a helpful user-agent string 2019-11-26 01:08:28 +01:00
aaronkaplan 777483838b
Revert "fix url" 
This reverts commit 44130e2bf9.
 2019-11-25 22:24:57 +01:00
aaronkaplan 44130e2bf9
fix url 2019-11-25 20:51:20 +01:00
aaronkaplan 24ec4a0e23
remove pprint 2019-11-25 18:56:12 +01:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d ccf12a225c
fix: Making pep8 happy 2019-11-21 17:50:49 -05:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results 
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
 2019-11-21 13:25:50 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00