chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00
chrisr3d
74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules
2019-05-29 11:26:14 +10:00
Georg Schölly
9377a892f4
support url analyses
2019-05-28 16:19:35 +02:00
Georg Schölly
380b8d46ba
improve forwards-compatibility
2019-05-28 16:14:59 +02:00
chrisr3d
8ac651562e
fix: Making pep8 & travis happy
2019-05-23 16:13:49 +02:00
chrisr3d
be05de62c0
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report
2019-05-23 15:59:52 +02:00
chrisr3d
e608107a09
add: Parsing domains, urls & ips contacted by processes
2019-05-22 17:12:49 +02:00
chrisr3d
cfec9a6b1c
fix: Added references between processes and the files they drop
2019-05-22 15:27:04 +02:00
chrisr3d
191034d311
add: Starting parsing dropped files
2019-05-21 23:37:53 +02:00
chrisr3d
417c306ace
fix: Avoiding network connection object duplicates
2019-05-20 15:59:18 +02:00
chrisr3d
72e5f0099d
fix: Avoid creating a signer info object when the pe is not signed
2019-05-20 10:52:34 +02:00
chrisr3d
54f5fa6fa9
fix: Avoiding dictionary indexes issues
...
- Using tuples as a dictionary indexes is better
than using generators...
2019-05-20 09:19:38 +02:00
chrisr3d
0d5f867825
add: Starting parsing network behavior fields
2019-05-17 22:18:11 +02:00
chrisr3d
f9515c14d0
fix: Avoiding attribute & reference duplicates
2019-05-16 16:14:25 +02:00
chrisr3d
2246fc0d02
add: Parsing registry activities under processes
2019-05-16 16:11:43 +02:00
chrisr3d
067b229224
fix: Handling case of multiple processes in behavior field
...
- Also starting parsing file activities
2019-05-15 22:06:55 +02:00
chrisr3d
d195b554a5
fix: Testing if some fields exist before trying to import them
...
- Testing for pe itself, pe versions and pe signature
2019-05-15 22:05:03 +02:00
chrisr3d
fc8a56d1d9
fix: Removed test print
2019-05-15 15:49:29 +02:00
chrisr3d
df7047dff0
fix: Fixed output format to match with the recent changes on modules
2019-05-14 10:50:11 +02:00
chrisr3d
29e681ef81
add: Parsing processes called by the file analyzed in the joe sandbox report
2019-05-13 17:30:01 +02:00
chrisr3d
d39fb7da18
add: Parsing some object references at the end of the process
2019-05-13 17:29:07 +02:00
chrisr3d
728386d8a0
add: [new_module] Module to import data from Joe sandbox reports
...
- Parsing file, pe and pe-section objects from the
report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
2019-05-08 16:52:49 +02:00
chrisr3d
77db21cf18
fix: Making pep8 happy
2019-05-07 09:37:21 +02:00
chrisr3d
f1b5f05bb3
fix: Checking not MISP header fields
...
- Rejecting fields not recognizable by MISP
2019-05-07 09:35:56 +02:00
chrisr3d
6608671a01
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-07 08:38:16 +02:00
chrisr3d
28eb92da53
fix: Using pymisp classes & methods to parse the module results
2019-05-06 22:16:14 +02:00
chrisr3d
ae5bd8d06a
fix: Clearer user config messages displayed in the import view
2019-05-06 22:15:14 +02:00
Koen Van Impe
1cd60790fd
Bugfix for "sources" ; do not include as IDS for "access" registry keys
...
- Bugfix to query "operations" in files, mutex, registry
- Do not set IDS flag for registry 'access' operations
2019-05-06 16:36:26 +02:00
chrisr3d
6f4b88606b
fix: Make pep8 happy
2019-05-02 14:07:36 +02:00
chrisr3d
a5ff849950
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2019-05-02 13:23:24 +02:00
Steve Clement
559ed786ba
chg: [pep8] try/except # noqa
...
Not sure how to make flake happy on this one.
2019-05-02 11:44:32 +09:00
Steve Clement
9af06fd24c
fix: [pep8] More fixes
2019-05-02 11:23:49 +09:00
Steve Clement
81ffabd621
fix: [pep8] More pep8 happiness
2019-05-02 11:06:32 +09:00
Koen Van Impe
c8a4d8d76f
New VMRay modules
...
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
2019-05-01 22:44:24 +02:00
root
c886247a64
fix: Fixed standard MISP csv format header
...
- The csv header we can find in data produced from
MISP restSearch csv format is the one to use to
recognize a csv file produced by MISP
2019-05-01 22:32:06 +02:00
root
f900cb7c68
fix: Fixed introspection fields for csvimport & goamlimport
...
- Added format field for goaml so the module is
known as returning MISP attributes & objects
- Fixed introspection to make the format, user
config and input source fields visible from
MISP (format also added at the same time)
2019-05-01 22:28:19 +02:00
root
db74c5f49a
fix: Fixed libraries import that changed with the latest merge
2019-05-01 22:26:53 +02:00
chrisr3d
55e494c9ed
Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport
2019-04-30 17:16:31 +02:00
Raphaël Vinot
454c9e0f43
fix: Pep8 related fixes.
2019-02-04 11:05:51 +01:00
Raphaël Vinot
8fc5b1fd1f
fix: Make pep8 happy
2018-12-11 15:29:09 +01:00
Christophe Vandeplas
8817de4765
fix: threatanalyzer_import - bugfix for TA6.1 behavior
2018-11-16 13:29:47 +01:00
chrisr3d
fcc18cbd73
Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport
2018-09-03 15:40:19 +02:00
Christophe Vandeplas
7deeb95820
fix: ta_import - bugfixes
2018-08-21 11:13:08 +02:00
Christophe Vandeplas
8d4e2025f7
ta_import - bugfixes for TA 6.1
2018-08-03 13:58:53 +02:00
chrisr3d
8b4d24ba63
fix: Fixed fields parsing to support files from csv export with additional context
2018-08-02 15:42:59 +02:00
chrisr3d
7980aa045a
fix: Handling the case of Context included in the csv file exported from MISP
2018-08-01 17:59:00 +02:00
chrisr3d
92fbcaeff6
fix: Fixed changes omissions in handler function
2018-07-28 00:07:02 +02:00
chrisr3d
63ba7580d3
chg: Updated csvimport to support files from csv export + import MISP objects
2018-07-27 23:13:47 +02:00
Christophe Vandeplas
2f27ff1244
ta_import - support for TheatAnalyzer 6.1
2018-07-27 14:44:06 +02:00
Steve Clement
562a6b1308
- Removed test modules from view
...
- Moved skeleton expansion module to it's proper place
2018-07-03 08:27:54 +02:00
Steve Clement
549f32547d
- Reverted to <3.6 compatibility
2018-07-01 22:09:02 +08:00
Steve Clement
9f0313a97e
- Fixed log output
2018-06-30 12:01:21 +08:00
Steve Clement
184065cf74
- Forgot to import sys
2018-06-30 11:58:44 +08:00
Steve Clement
ffce2aa5cc
- Added logger functionality for debug sessions
2018-06-30 11:52:12 +08:00
Steve Clement
2f5dd9928e
- content was already a wand.obj
2018-06-30 11:38:26 +08:00
Steve Clement
90f2fe9d19
Merge remote-tracking branch 'upstream/master'
2018-06-30 01:05:01 +08:00
Steve Clement
f97359de6a
Merge branch 'master' of github.com:SteveClement/misp-modules
2018-06-30 01:04:30 +08:00
Steve Clement
ef3837077e
- Some more comments
...
- Removed libmagic, wand can handle it better
2018-06-30 00:58:25 +08:00
Christophe Vandeplas
ff793bc221
threatanalyzer_import - order of category tuned
2018-06-29 11:17:03 +02:00
Alexandre Dulaunoy
d8eeb73a4a
Merge branch 'master' into master
2018-06-29 06:49:40 +02:00
Steve Clement
fbb3617f25
- Quick comment ToDo: Avoid using Magic in future releases
2018-06-29 12:01:17 +08:00
Steve Clement
60a3fbe282
- added wand requirement
...
- fixed missing return png byte-stream
- move module import to handler to catch and report errorz
2018-06-28 23:20:38 +08:00
Steve Clement
7885017981
- fixed typo move image back in scope
2018-06-28 16:59:03 +08:00
chrisr3d
7dd8e988c0
Updated the list of modules (removed stiximport)
2018-06-28 10:51:40 +02:00
Steve Clement
59b7688bdc
- Added initial PDF support, nothing is processed yet
...
- Test to replace PIL with wand
2018-06-28 16:00:14 +08:00
chrisr3d
2b509a2fd3
Updated delimiter finder function
2018-05-18 11:38:13 +02:00
chrisr3d
1fb72f3c7a
add: Added user config to specify if there is a header in the csv to import
2018-05-18 11:33:53 +02:00
chrisr3d
dba8bd8c5b
fix: Avoid trying to build attributes with not intended fields
...
- Previously: if the header field is not an attribute type, then
it was added as an attribute field.
PyMISP then used to skip it if needed
- Now: Those fields are discarded before they are put in an attribute
2018-05-17 16:24:11 +02:00
chrisr3d
c088b13f03
fix: Using userConfig to define the header instead of moduleconfig
2018-05-17 13:47:49 +02:00
Christophe Vandeplas
0593dbb408
ta import - more filter for pollution
2018-05-16 11:50:47 +02:00
Christophe Vandeplas
67cecc89d0
threatanalyzer_import - minor generic noise removal
2018-05-15 13:02:17 +02:00
Christophe Vandeplas
27a22e5d86
threatanalyzer_import - loads sample info + pollution fix
2018-05-03 09:42:38 +02:00
Christophe Vandeplas
370011c081
threatanalyzer_import - fix regkey issue
2018-05-02 12:43:34 +02:00
Koen Van Impe
6d23d4f4c7
Fix VMRay API access error
...
hotfix for the "Unable to access VMRay API" error
2018-03-30 15:11:25 +02:00
chrisr3d
d885286792
Clarified functions arguments using a class
2018-03-05 19:59:30 +01:00
chrisr3d
4d7642ac91
add: Added Object References in the objects imported
2018-03-05 14:58:31 +01:00
chrisr3d
82fe8ba78c
fix: Fixed input & output of the module
2018-03-02 11:03:21 +01:00
chrisr3d
70436b7ddb
Merge branch 'csvimport' of github.com:chrisr3d/misp-modules into goaml
2018-03-02 09:40:46 +01:00
chrisr3d
c9ef578262
Removed print
2018-03-02 09:09:12 +01:00
chrisr3d
e6c55f5dde
fix: Fixed input & output of the module
...
Also updated some functions
2018-03-02 09:03:51 +01:00
chrisr3d
03d20856d9
add: added goamlimport
2018-02-28 22:46:39 +01:00
chrisr3d
323f71cdd3
Fixed some details about the module output
2018-02-28 17:41:45 +01:00
chrisr3d
8f5c08e2c6
Converting GoAML into MISPEvent
2018-02-28 15:07:55 +01:00
chrisr3d
cad62464c5
Now parsing all the transaction attributes
2018-02-27 11:08:37 +01:00
chrisr3d
478cd53912
add: Added dictionary to map aml types into MISP types
2018-02-26 18:13:43 +01:00
chrisr3d
81a6be17d3
chg: Structurded data
2018-02-26 11:47:35 +01:00
chrisr3d
f361fb4ee3
Reading the entire document, to create a big dictionary containing the data, as a beginning
2018-02-20 17:00:13 +01:00
Thomas Gardner
69d733bb35
added csvimport to __init__.py
2018-02-01 10:22:28 -07:00
chrisr3d
71c00954d0
fix: Solved reading problems for some files
2018-01-30 11:20:28 +01:00
chrisr3d
b2ec186ccb
Updated delimiter finder method
2018-01-29 17:04:32 +01:00
chrisr3d
529d22cca8
fix: skipping empty lines
2018-01-29 09:19:58 +01:00
chrisr3d
56cbd72b65
Fixed data treatment & other updates
2018-01-28 18:12:40 +01:00
chrisr3d
4d846f968f
Updated delimiter parsing & data reading functions
2018-01-26 17:11:01 +01:00
chrisr3d
b9d72bb043
First version of csv import module
...
- If more than 1 misp type is recognized, for each one an
attribute is created
- Needs to have header set by user as parameters of the module atm
- Review needed to see the feasibility with fields that can create
confusion and be interpreted both as misp type or attribute field
(for instance comment is a misp type and an attribute field)
2018-01-25 15:44:08 +01:00
Christophe Vandeplas
46975f4f16
Added ThreatAnalyzer sandbox import
...
Experimental module - some parts should be migrated to
2018-01-16 11:05:26 +01:00
Raphaël Vinot
951a0f974b
fix: OpenIOC importer
2017-10-25 11:27:59 -04:00
seamus tuohy
40c71af637
Added support for malformed internationalized email headers
...
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93 )
To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.
This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
2017-07-02 18:03:14 -04:00
Raphaël Vinot
c42c8a800e
Update travis, fix open ioc import
2017-05-24 07:39:18 +02:00
Tristan METAYER
75c02058e6
replace tab by space
2017-05-11 09:56:43 +02:00