bennyv
a32685df8a
Initial Build of SOPHOSLabs Intelix Product
2020-03-04 09:52:55 +11:00
chrisr3d
cda5004a0d
fix: Removed unused import
2020-02-26 14:18:09 +01:00
chrisr3d
c9c6f69bd4
fix: Making pep8 happy
2020-02-26 11:59:14 +01:00
Christian Studer
fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
...
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d
dea42d3929
chg: Catching missing config issue
2020-02-25 15:22:06 +01:00
Sean Whalen
f5af7faace
Create __init__.py
2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt
df3a6986ea
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls
2020-02-21 12:05:41 +01:00
chrisr3d
27717c0400
fix: Making the module config available so the module works
2020-02-13 11:40:22 +01:00
GlennHD
0ed0ceab9d
Update geoip_asn.py
2020-02-12 23:48:38 -06:00
GlennHD
bdb4185a0a
Update geoip_city.py
2020-02-12 23:48:20 -06:00
GlennHD
46f0f410e7
Added geoip_asn and geoip_city to load
2020-02-12 21:31:41 -06:00
GlennHD
0b9b6c4f41
Added GeoIP_ASN Enrichment module
2020-02-12 21:29:40 -06:00
GlennHD
7a3f9a422d
Added GeoIP_City Enrichment module
2020-02-12 21:28:41 -06:00
Jakub Onderka
acdc4b9d03
fix: [VT] Disable SHA512 query for VT
2020-02-07 12:20:12 +01:00
Hendrik
8f9940200b
Lastline verify_ssl option
...
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
chrisr3d
b2c8f79220
fix: Making pep8 happy
2020-01-24 15:17:35 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy
09cdc7277c
Merge pull request #365 from ostefano/analysis
...
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
Koen Van Impe
036933ea14
2nd fix for VT Public module
2020-01-17 11:26:35 +01:00
Koen Van Impe
610c99ce7b
Fix error message in Public VT module
2020-01-17 10:58:31 +01:00
chrisr3d
31a74a10c1
fix: Fixed ipasn test input format + module version updated
2020-01-10 15:37:54 +01:00
chrisr3d
b3bc533bc3
chg: Making ipasn module return asn object(s)
...
- Latest changes on the returned value as string
broke the freetext parser, because no asn number
could be parsed when we return the full json
blob as a freetext attribute
- Now returning asn object(s) with a reference to
the initial attribute
2020-01-10 15:02:59 +01:00
chrisr3d
f5452055f6
fix: Fixed vt_graph imports
2020-01-10 10:31:52 +01:00
chrisr3d
70b3079aa3
fix: Fixed pep8 in the new module and related libraries
2020-01-09 16:01:18 +01:00
Christian Studer
7c2b001df3
Merge pull request #361 from VirusTotal/master
...
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia
10b4e78704
add vt_graph export module
2020-01-09 09:57:46 +00:00
Erick Cheng
bfcba18e3c
Update ipasn.py
2020-01-07 18:58:40 +01:00
chrisr3d
cf5ad29f27
chg: Checking attributes category
...
- We check the category before adding the
attribute to the event
- Checking if the category is correct and if not,
doing a case insensitive check
- If the category is not correct after the 2 first
tests, we simply delete it from the attribute
and pymisp will give the attribute a default
category value based on the atttribute type, at
the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d
7945d060ff
new: Enrichment module for querying APIVoid with domain attributes
2019-12-18 17:11:13 +01:00
chrisr3d
2fc0b44b90
fix: Making pep8 happy with whitespace after ':'
2019-12-18 16:16:47 +01:00
chrisr3d
3007761a55
fix: Making pep8 happy by having spaces around '+' operators
2019-12-17 16:31:53 +01:00
chrisr3d
5f90ae776f
fix: Making pep8 happy
2019-12-17 14:29:29 +01:00
chrisr3d
b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects
2019-12-17 11:18:21 +01:00
chrisr3d
9c9f01b6ff
fix: Quick variable name fix
2019-12-17 11:17:56 +01:00
chrisr3d
6849daebfa
chg: Made circl_passivessl module able to return MISP objects
2019-12-17 10:26:43 +01:00
Raphaël Vinot
b70c32af7b
fix: Somewhat broken emails needed some love
2019-12-05 19:11:07 +01:00
Raphaël Vinot
6f95445143
chg: Update email import module, support objects
2019-12-04 15:25:01 +01:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
Raphaël Vinot
5d7a829583
chg: Use MISPObject in ransomcoindb
2019-11-26 13:27:02 +01:00
aaronkaplan
06025e63d0
oops , use relative import
2019-11-26 01:52:31 +01:00
aaronkaplan
d73a9b601a
use a helpful user-agent string
2019-11-26 01:08:28 +01:00
aaronkaplan
777483838b
Revert "fix url"
...
This reverts commit 44130e2bf9
.
2019-11-25 22:24:57 +01:00
aaronkaplan
44130e2bf9
fix url
2019-11-25 20:51:20 +01:00
aaronkaplan
24ec4a0e23
remove pprint
2019-11-25 18:56:12 +01:00
aaronkaplan
5350003e3a
initial version of the ransomcoindb expansion module
2019-11-25 18:52:39 +01:00
chrisr3d
ccf12a225c
fix: Making pep8 happy
2019-11-21 17:50:49 -05:00
chrisr3d
96712da5e0
add: Module to query AssemblyLine and parse the results
...
- Takes an AssemblyLine submission link to query
the API and get the full submission report
- Parses the potentially malicious files and the
IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d
de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine
2019-11-20 17:35:37 -05:00
chrisr3d
dc9ea98d2c
fix: Making pep8 happy
2019-11-20 10:13:51 -05:00
chrisr3d
58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine
2019-11-19 15:41:35 -05:00
chrisr3d
f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain
2019-11-17 19:11:26 -05:00
chrisr3d
4990bcebd8
fix: Avoiding KeyError exception when no result is found
2019-11-17 18:00:19 -05:00
chrisr3d
91d6f1baa0
fix: Fixed csv file parsing
2019-11-07 11:50:16 +01:00
chrisr3d
0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
...
- Now able to return MISP objects
- Support of the xforce exchange authentication
with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d
852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list
2019-11-04 16:52:26 +01:00
chrisr3d
bfe227d555
fix: More clarity on the exception raised on the securitytrails module
2019-10-31 17:19:42 +01:00
chrisr3d
69e81b47d7
fix: Better exceptions handling on the passivetotal module
2019-10-31 17:18:23 +01:00
chrisr3d
4411166b43
fix: Fixed config parsing and the associated error message
2019-10-31 11:52:34 +01:00
chrisr3d
4f70011edf
fix: Fixed config parsing + results parsing
...
- Avoiding errors with config field when it is
empty or the apikey is not set
- Parsing all the results instead of only the
first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy
c3c6f1a6ea
Merge pull request #346 from blaverick62/master
...
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick
717be2b859
Removed extraneous comments and unused imports
2019-10-30 15:44:47 +00:00
chrisr3d
b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
...
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d
d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
...
- Avoiding securitytrails to fail with an unavailable
feature for free accounts
- Avoiding urlhaus to fail with input attribute
fields that are not critical for the query and
results
- Avoiding VT modules to fail when a certain
resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d
393b33d02d
fix: Fixed config field parsing for various modules
...
- Same as previous commit
2019-10-30 16:31:57 +01:00
Braden Laverick
dc4c09f751
Fixed python links
2019-10-30 13:47:43 +00:00
Braden Laverick
62d25b1f76
Changed file name to mass eql export
2019-10-30 13:46:52 +00:00
Braden Laverick
08fc938acd
Fixed comments
2019-10-30 13:41:40 +00:00
chrisr3d
d0ddfb3355
fix: [expansion] Better config field handling for various modules
...
- Testing if config is present before trying to
look whithin the config field
- The config field should be there when the module
is called form MISP, but it is not always the
case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick
2a4c7ff150
Added ors for compound queries
2019-10-29 20:22:41 +00:00
Braden Laverick
c1ca936910
Fixed syntax error
2019-10-29 20:14:07 +00:00
Braden Laverick
c06ceedfb8
Changed to single attribute EQL
2019-10-29 20:11:35 +00:00
Braden Laverick
a426ad249d
Added EQL enrichment module
2019-10-29 19:42:47 +00:00
Braden Laverick
5802575e44
Fixed string formatting
2019-10-29 16:29:36 +00:00
Braden Laverick
3142b0ab02
Fixed type error in JSON parsing
2019-10-29 16:08:58 +00:00
Braden Laverick
c3ccc9c577
Attempting to import endgame module
2019-10-29 15:52:49 +00:00
Braden Laverick
8ac4b610b8
Added endgame export to __all__
2019-10-29 15:11:31 +00:00
Braden Laverick
3e44181aed
Added EQL export test module
2019-10-29 15:02:08 +00:00
chrisr3d
dc7463a67e
fix: Avoid issues when some config fields are not set
2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy
dec2494a0a
chg: [apiosintds] make flake8 happy
2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy
fdbb0717e0
Merge pull request #344 from davidonzo/master
...
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d
204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules
2019-10-28 16:45:50 +01:00
chrisr3d
7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management
2019-10-28 16:39:08 +01:00
milkmix
bdc5282e09
updated to geoip2 to support mmdb format
2019-10-25 18:09:44 +02:00
Davide
56e16dbaf5
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-24 12:49:29 +02:00
chrisr3d
e1602fdca9
fix: Updates following the latest CVE-search version
...
- Support of the new vulnerable configuration
field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d
63dba29c52
fix: Fixed module names with - to avoid errors with python paths
2019-10-18 11:09:10 +02:00
chrisr3d
d740abe74b
fix: Making pep8 happy
2019-10-17 10:45:51 +02:00
chrisr3d
a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError
2019-10-17 10:42:34 +02:00
chrisr3d
5f7b127713
chg: Avoids returning empty values + easier results parsing
2019-10-15 23:30:39 +02:00
chrisr3d
8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration
2019-10-15 11:25:30 +02:00
chrisr3d
6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true
2019-10-13 20:23:02 +02:00
chrisr3d
b560347d5d
fix: Considering the case of empty results
2019-10-08 15:49:09 +02:00
chrisr3d
8bcb630340
fix: Catching results exceptions properly
2019-10-08 15:48:26 +02:00
chrisr3d
2850d6f690
fix: Catching exceptions and results properly depending on the cases
2019-10-08 15:45:06 +02:00
chrisr3d
5d4a0bff98
fix: Handling cases where there is no result from the query
2019-10-08 13:28:23 +02:00
chrisr3d
662e58da88
fix: Fixed pattern parsing + made the module hover only
2019-10-07 16:46:32 +02:00
chrisr3d
b9b78d1606
fix: Travis tests should be happy now
2019-10-04 17:22:32 +02:00
chrisr3d
6801289175
fix: Returning results in text format
...
- Makes the hover functionality display the full
result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d
fe1987101d
fix: Making pep8 happy
2019-10-03 17:10:47 +02:00
chrisr3d
c5c5c16ff1
fix: Avoiding errors with uncommon lines
...
- Excluding first from data parsed all lines that
are comments or empty
- Skipping lines with failing indexes
2019-10-03 16:03:30 +02:00
chrisr3d
3d7de2dc22
fix: Fixed unassigned variable name
2019-10-03 16:02:25 +02:00
chrisr3d
ffe43acd89
fix: Removed no longer used variables
2019-09-20 09:22:20 +02:00
chrisr3d
cfc6438c47
fix: csv import rework & improvement
...
- More efficient parsing
- Support of multiple csv formats
- Possibility to customise headers
- More improvement to come for external csv file
2019-09-19 23:19:57 +02:00
chrisr3d
09590ca451
fix: Making pep8 happy
2019-09-17 14:13:05 +02:00
Christian Studer
205342996a
Merge pull request #335 from FafnerKeyZee/patch-2
...
Travis should not be complaining with the tests after the latest update on "test_cve"
2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_]
dc84c9f972
adding custom API
...
Adding the possibility to have our own API server.
2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_]
5c09b66706
Cleaning the error message
...
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d
5ebd0bd4fc
Merge branch 'master' of github.com:MISP/misp-modules
2019-09-16 14:31:01 +02:00
chrisr3d
8d33d6c18c
add: New parameter to specify a custom CVE API to query
...
- Any API specified here must return the same
format as the CIRCL CVE search one in order to
be supported by the parsing functions, and
ideally provide response to the same kind of
requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
Pierre-Jean Grenier
b2ab727f9b
fix: prevent symlink attacks
2019-08-22 11:23:37 +02:00
Pierre-Jean Grenier
413cc2469f
chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API
2019-08-21 16:35:11 +02:00
Alexandre Dulaunoy
c019e4d997
Merge pull request #322 from zaphodef/cuckooimport
...
Rewrite cuckooimport
2019-08-13 14:32:48 +02:00
Pierre-Jean Grenier
6ba6f8bb1f
new: Rewrite cuckooimport
2019-08-09 15:44:47 +02:00
chrisr3d
415fa55fff
fix: Avoiding issues when no CWE id is provided
2019-08-06 15:55:50 +02:00
chrisr3d
0b603fc5d3
fix: Fixed unnecessary dictionary field call
...
- No longer necessary to go under 'Event' field
since PyMISP does not contain it since the
latest update
2019-08-05 11:33:04 +02:00
chrisr3d
4df528c331
add: Added initial event to reference it from the vulnerability object created out of it
2019-08-02 15:35:33 +02:00
chrisr3d
034222d7b3
fix: Using the attack-pattern object template (copy-paste typo)
2019-08-02 10:10:44 +02:00
chrisr3d
7eb4f034c0
fix: Making pep8 happy
2019-08-01 17:17:16 +02:00
chrisr3d
5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects
2019-08-01 15:37:10 +02:00
chrisr3d
c4302aa35e
add: Parsing CAPEC information related to the CVE
2019-08-01 15:21:18 +02:00
chrisr3d
7445d7336e
add: Parsing CWE related to the CVE
2019-08-01 14:55:53 +02:00
chrisr3d
7b1c35d583
fix: Fixed cvss-score object relation name
2019-07-30 09:55:36 +02:00
chrisr3d
27f5c9ceeb
Merge branch 'master' of github.com:MISP/misp-modules
2019-07-24 12:08:28 +02:00
chrisr3d
4ee0cbe4c5
add: Added virustotal_public to the list of available modules
2019-07-24 11:10:25 +02:00
Raphaël Vinot
80ce0a58b5
fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy.
2019-07-24 09:49:05 +02:00
chrisr3d
92d90e8e1c
add: TODO comment for the next improvement
2019-07-23 09:42:10 +02:00
chrisr3d
14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API
...
- Parsing functions updated to support the updated
format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
requests limit rate to work as expected /!\
2019-07-22 16:22:29 +02:00
chrisr3d
1fa37ea712
fix: Avoiding issues with non existing sample types
2019-07-22 11:43:35 +02:00
chrisr3d
675e0815ff
add: Parsing communicating samples returned by domain reports
2019-07-22 11:42:52 +02:00
chrisr3d
c9c2027a57
fix: Undetected urls are represented in lists
2019-07-22 11:39:46 +02:00
chrisr3d
6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name
2019-07-22 09:53:19 +02:00
chrisr3d
729c86c336
fix: Quick fix on siblings & url parsing
2019-07-22 09:16:04 +02:00
chrisr3d
9aa721bc37
fix: typo
2019-07-19 16:20:24 +02:00
chrisr3d
641dda0103
add: Parsing downloaded samples as well as the referrer ones
2019-07-18 21:38:17 +02:00
chrisr3d
795edb7457
chg: Adding references between a domain and their siblings
2019-07-17 20:40:56 +02:00
chrisr3d
8de350744b
chg: Getting domain siblings attributes uuid for further references
2019-07-16 22:39:35 +02:00
chrisr3d
a61d09db8b
fix: Parsing detected & undetected urls
2019-07-15 23:44:25 +02:00
chrisr3d
d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on
2019-07-12 10:59:19 +02:00
chrisr3d
f862a14ce6
add: Object for VirusTotal public API queries
...
- Lighter analysis of the report to avoid reaching
the limit of queries per minute while recursing
on the different elements
2019-07-11 22:59:07 +02:00
chrisr3d
3edc323836
fix: Making pep8 happy
2019-07-10 15:29:31 +02:00
chrisr3d
5703253961
new: First version of an advanced CVE parser module
...
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d
9e45d302b1
fix: Testing if an object is not empty before adding it the the event
2019-06-18 09:45:59 +02:00
chrisr3d
9fdd6c5e58
fix: Making travis happy
2019-06-15 08:17:29 +02:00
chrisr3d
2f3ce1b615
fix: Support of the latest version of sigmatools
2019-06-15 08:06:47 +02:00
Georg Schölly
efb0a88eeb
joesandbox_query.py: improve behavior in unexpected circumstances
2019-06-04 11:29:40 +02:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
42bc6f8d2b
fix: Fixed variable name typo
2019-06-04 11:32:21 +10:00
chrisr3d
ee48d99845
add: New expansion module to query Joe Sandbox API with a report link
2019-06-04 09:48:50 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00