Commit Graph

887 Commits (5214bbded6c3f4a06faa64153f8d234b8b54d18a)

Author SHA1 Message Date
chrisr3d 9f80d69e64 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 19:34:18 +01:00
chrisr3d 458e432bb7
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
chrisr3d aea7e247a5 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 18:45:41 +01:00
chrisr3d c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
- Since flex queries input may be email addresses,
  we nake sure we replace '@' by '.' in the flex
  queries input.
- We also run the flex queries with the input as
  is first, before runnning them as second time
  with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy bd38fabba5
Merge pull request #481 from cocaman/main
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
- Standard types still supported as before
  - Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
  queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel a13184b078
adding additional tags 2021-03-13 20:59:54 +01:00
Corsin Camichel d14d3d585f
first version of ThreatFox enrichment module 2021-03-13 20:36:49 +01:00
Corsin Camichel d913ae4b36
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00
Jürgen Löhel 9e8d01b6c8
fix: google.py module
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel c1700cc955
fix: google.py module
Corrects import for gh.com/abenassi/Google-Search-API.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Jakub Onderka 38457f0a7b
fix: Consider mail body as UTF-8 encoded 2021-03-02 15:03:15 +01:00
adammchugh 2832466f7f
Update assemblyline_submit.py 2021-02-02 22:56:02 +10:30
adammchugh 6f5c77ef08
Update assemblyline_query.py 2021-02-02 22:55:09 +10:30
adammchugh 07b8968b7d
Update assemblyline_submit.py 2021-02-02 22:52:27 +10:30
Cory Kennedy 774b2f37a6 Corrected VMray rest API import
When loading misp-modules,  the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy ff9ac60bbd
Merge pull request #457 from trustar/main
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden bad538653d added more explicit error messages for indicators that return no enrichment data 2020-12-04 11:59:57 -08:00
Jens Thom 0e4e432dc4 fix imports and unused variables 2020-11-30 12:48:01 +01:00
Jens Thom a404202d1d Merge remote-tracking branch 'upstream/main' into main 2020-11-30 12:23:11 +01:00
Jens Thom 2a870f2d97 * add parser for report version v1 and v2
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix 2544218899 fixed error reported by LGTM analysis 2020-11-23 16:28:23 +01:00
milkmix 47980ef2eb added missing quotes 2020-11-21 08:52:18 +01:00
milkmix 30d9ae6032 added URL support 2020-11-20 18:56:28 +01:00
milkmix 71d2aeaacd typo in python src name 2020-11-20 16:31:48 +01:00
milkmix 451531326d initial work on Defender for Endpoint export module 2020-11-20 16:29:08 +01:00
chrisr3d 575bed0da8 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-18 11:52:53 +01:00
chrisr3d 2464172e1a Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-11-18 11:34:33 +01:00
chrisr3d c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue 2020-11-15 20:15:06 +01:00
chrisr3d d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name 2020-11-15 20:11:08 +01:00
chrisr3d dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
- The rrset and rdata queries remain the same but
  with the parameter `flex_queries`, users can
  also get the results of the flex rrnames & flex
  rdata regex queries about their domain, hostname
  or ip address
- Results can thus include passive-dns objects
  containing the `raw_rdata` object_relation added
  with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d 993a614a20 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-13 16:47:07 +01:00
chrisr3d 32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields 2020-11-13 15:49:58 +01:00
chrisr3d bd3fa3ea07
chg: [cpe] Added default limit to the results
- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
2020-11-13 15:46:41 +01:00
chrisr3d 3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields 2020-11-13 15:28:10 +01:00
chrisr3d fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
- Also updated the results parsing to check in
  each returned result for every field if they are
  included, to avoid key errors if any field is
  missing
2020-11-12 16:01:14 +01:00
chrisr3d 2a25cda026 Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main 2020-11-11 10:46:44 +01:00
chrisr3d bb7564dea9 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-11 10:45:06 +01:00
Jesse Hedden 0650126d6a fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data 2020-11-10 17:20:03 -08:00
chrisr3d b98562a75e
chg: [cpe] Support of the new CVE-Search API 2020-11-10 17:53:47 +01:00
chrisr3d d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests 2020-11-05 17:51:41 +01:00
chrisr3d c0440a0d33 chg: [farsight_passivedns] More context added to the results
- References between the passive-dns objects and
  the initial attribute
- Comment on object attributes mentioning whether
  the results come from an rrset or an rdata
  lookup
2020-11-05 15:55:30 +01:00
chrisr3d 7c5465e02b fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version 2020-11-05 15:55:15 +01:00
chrisr3d d9e576e605 chg: [farsight_passivedns] Rework of the module to return MISP objects
- All the results are parsed as passive-dns MISP
  objects
- More love to give to the parsing to add
  references between the passive-dns objects and
  the input attribute, depending on the type of
  the query (rrset or rdata), or the rrtype
  (to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d 260bddb3cf
chg: [cpe] Changed CVE-Search API default url 2020-11-02 19:03:26 +01:00
chrisr3d 54f7e604c8 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-11-02 19:03:16 +01:00
chrisr3d 6660e2fc11
add: Added documentation for the cpe module 2020-10-24 23:52:06 +02:00
chrisr3d 88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00
mokaddem 2be1d7a0cd new: [expansion] Added html_to_markdown module
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d 410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities 2020-10-23 21:19:26 +02:00