Commit Graph

716 Commits (63a2183411f9282c5c5a80f4cfd54a52d73c869d)

Author SHA1 Message Date
GlennHD 0ed0ceab9d
Update geoip_asn.py 2020-02-12 23:48:38 -06:00
GlennHD bdb4185a0a
Update geoip_city.py 2020-02-12 23:48:20 -06:00
GlennHD 46f0f410e7
Added geoip_asn and geoip_city to load 2020-02-12 21:31:41 -06:00
GlennHD 0b9b6c4f41
Added GeoIP_ASN Enrichment module 2020-02-12 21:29:40 -06:00
GlennHD 7a3f9a422d
Added GeoIP_City Enrichment module 2020-02-12 21:28:41 -06:00
Jakub Onderka acdc4b9d03 fix: [VT] Disable SHA512 query for VT 2020-02-07 12:20:12 +01:00
Hendrik 8f9940200b Lastline verify_ssl option
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
chrisr3d b2c8f79220
fix: Making pep8 happy 2020-01-24 15:17:35 +01:00
Georg Schölly 04685ea63e joe: (1) allow users to disable PE object import (2) set 'to_ids' to False 2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy 09cdc7277c
Merge pull request #365 from ostefano/analysis
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani 66bf650b79 change: migrate to analysis API when submitting tasks to Lastline 2020-01-21 11:32:05 +00:00
Koen Van Impe 036933ea14 2nd fix for VT Public module 2020-01-17 11:26:35 +01:00
Koen Van Impe 610c99ce7b Fix error message in Public VT module 2020-01-17 10:58:31 +01:00
chrisr3d 31a74a10c1
fix: Fixed ipasn test input format + module version updated 2020-01-10 15:37:54 +01:00
chrisr3d b3bc533bc3
chg: Making ipasn module return asn object(s)
- Latest changes on the returned value as string
  broke the freetext parser, because no asn number
  could be parsed when we return the full json
  blob as a freetext attribute
- Now returning asn object(s) with a reference to
  the initial attribute
2020-01-10 15:02:59 +01:00
chrisr3d f5452055f6
fix: Fixed vt_graph imports 2020-01-10 10:31:52 +01:00
chrisr3d 70b3079aa3
fix: Fixed pep8 in the new module and related libraries 2020-01-09 16:01:18 +01:00
Christian Studer 7c2b001df3
Merge pull request #361 from VirusTotal/master
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia 10b4e78704 add vt_graph export module 2020-01-09 09:57:46 +00:00
Erick Cheng bfcba18e3c
Update ipasn.py 2020-01-07 18:58:40 +01:00
chrisr3d cf5ad29f27
chg: Checking attributes category
- We check the category before adding the
  attribute to the event
- Checking if the category is correct and if not,
  doing a case insensitive check
- If the category is not correct after the 2 first
  tests, we simply delete it from the attribute
  and pymisp will give the attribute a default
  category value based on the atttribute type, at
  the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d 7945d060ff
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00
chrisr3d 2fc0b44b90
fix: Making pep8 happy with whitespace after ':' 2019-12-18 16:16:47 +01:00
chrisr3d 3007761a55
fix: Making pep8 happy by having spaces around '+' operators 2019-12-17 16:31:53 +01:00
chrisr3d 5f90ae776f
fix: Making pep8 happy 2019-12-17 14:29:29 +01:00
chrisr3d b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects 2019-12-17 11:18:21 +01:00
chrisr3d 9c9f01b6ff
fix: Quick variable name fix 2019-12-17 11:17:56 +01:00
chrisr3d 6849daebfa
chg: Made circl_passivessl module able to return MISP objects 2019-12-17 10:26:43 +01:00
Raphaël Vinot b70c32af7b fix: Somewhat broken emails needed some love 2019-12-05 19:11:07 +01:00
Raphaël Vinot 6f95445143 chg: Update email import module, support objects 2019-12-04 15:25:01 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
Raphaël Vinot 5d7a829583 chg: Use MISPObject in ransomcoindb 2019-11-26 13:27:02 +01:00
aaronkaplan 06025e63d0
oops , use relative import 2019-11-26 01:52:31 +01:00
aaronkaplan d73a9b601a
use a helpful user-agent string 2019-11-26 01:08:28 +01:00
aaronkaplan 777483838b
Revert "fix url"
This reverts commit 44130e2bf9.
2019-11-25 22:24:57 +01:00
aaronkaplan 44130e2bf9
fix url 2019-11-25 20:51:20 +01:00
aaronkaplan 24ec4a0e23
remove pprint 2019-11-25 18:56:12 +01:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d ccf12a225c
fix: Making pep8 happy 2019-11-21 17:50:49 -05:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 91d6f1baa0
fix: Fixed csv file parsing 2019-11-07 11:50:16 +01:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00