MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
2,368 Commits
23 Branches
47 Tags
23 MiB
Commit Graph

1185 Commits (7c59af5eb5800d9fcdc0dde2c59e6ae2748e023a)

Author SHA1 Message Date
Usama015 2d3631cd41 updated 2023-06-13 18:58:04 +05:00
Usama015 ea2ccc1004 updated 2023-06-13 18:57:33 +05:00
Usama015 ee5d503fc4 resolved Exception 2023-06-13 17:47:50 +05:00
Usama015 5b5eaddf5e added Reverse API 2023-06-13 16:38:56 +05:00
Usama015 bb60e4742e updated 2023-06-13 15:47:07 +05:00
Usama015 91fce45f82 updated 2023-06-13 12:45:10 +05:00
Usama015 a90a70613b updated whoisfreaks module 2023-06-13 12:36:24 +05:00
Usama015 c0df182aa0 added whoisfreaks module in MISP 2023-06-12 19:00:41 +05:00
Christian Studer 51339c2a82
fix: [crowdsec] Kepping the original attribute used to query the module unchanged 2023-05-26 15:14:44 +02:00
Christian Studer 52ce2cf043
chg: [crowdsec] Added new attributes as describbed in the `crowdsec-ip-context` object template, and tags describbed in the crowdsec taxonomy to the IP address 2023-05-26 14:26:26 +02:00
Christian Studer 64d3a3e5a4
fix: [crowdsec] Typo 2023-05-23 13:34:52 +02:00
Christian Studer 6eea5f61d4
fix: [crowdsec] Fixed the `reverse_dns` field parsing & added the `background-noise` attribute 2023-05-23 13:20:52 +02:00
Christian Studer ddd8b8513e
add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__` 2023-05-16 16:09:04 +02:00
Christian Studer 196939d205
chg: [crowdsec] Updated the module to support the recently added `crowdsec-ip-context` object template 2023-05-12 12:16:22 +02:00
Christian Studer 51cf8524ad
fix: [crowdsec] Fixed the module input handling 
- Made the module an expansion module as it is the
  standard type, and `hover` usually is the option
- Better input handling, checking now for the
  `attribute` field as the information of the full
  attribute is passed in misp standard format and
  not only its type and value
- As for now only `v2` is supported as API version
  we removed the parameter to avoid confusion. It
  can be added back later when multiple versions
  are supported
 2023-05-11 16:12:07 +02:00
Alexandre Dulaunoy 98b766cbdc
fix: [crowdsec] more need to be fully supporting MISP standard format 2023-05-11 15:25:34 +02:00
Alexandre Dulaunoy 337dcf7acb
fix: [crowdsec] version 2 2023-05-11 15:21:31 +02:00
Alexandre Dulaunoy fe778dd576
fix: [crowdsec] set default version and expansion added 2023-05-11 15:18:26 +02:00
Alexandre Dulaunoy 113a112001
fix: [dbl_spamhaus] if you want to run local test, the dns module 
expansion is taking over from the original dnspython3 library.

The trick is just to get rid of the syspath to exclude the local
directory until the proper library is loaded.
 2023-04-02 10:11:24 +02:00
Christian Studer 9892c8db88 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2023-03-27 17:46:42 +02:00
Alexandre Dulaunoy 494c7bbef1
Merge pull request #605 from maikwuerth/main 
Updated Defender export module
 2023-03-12 09:06:11 +01:00
Brad Chiappetta b3865b33b7 refactor for sdk and expansion 2023-03-10 12:56:26 -05:00
Maik Würth ff92b2c5cc updated moduleInfo 2023-03-10 16:17:56 +01:00
Maik Würth db5e56c7b2 Added support for SHA256 and MISPObject attributes to Defender export module. 2023-03-10 16:08:49 +01:00
Maik Würth 8cc4774be5 Export object attributes with Defender export module. 2023-03-10 15:48:28 +01:00
Christian Studer 69deb8d10b
add: [ipinfo] First version of a new module to query ipinfo.io 
- First version addressing the request from #600
- Straight forward parsing of the `geolocation`,
  `domain-ip` and `asn` information returned by
  the standard API endpoint (ipinfo.io/{ip_address})
 2023-02-21 13:04:24 +01:00
Shivam Sandbhor 2c9b953f23 Set user agent of crowdsec misp module to crowdsec-misp/v1.0.0 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2023-02-20 10:11:38 +05:30
Alexandre Dulaunoy b7bd679b1c
fix: [url_import/url] added in __init__ 2022-11-08 06:23:40 +01:00
Christian Studer cb8f55425c
fix: [crowdsec] Fixed the __init__ files 2022-11-07 23:44:40 +01:00
Sami Mokaddem 9bf7e15053
new: [expansion] Added extract_url_components module to create an object from an URL attribute 2022-11-06 17:28:00 +01:00
Sami Mokaddem 359e3cc21f
Merge branch 'main' of github.com:MISP/misp-modules into main 2022-11-06 17:22:58 +01:00
Sami Mokaddem 4e25a6c126
new: [import] import_blueprint to facilitate an easy-to-use blueprint for data import 2022-11-06 17:21:50 +01:00
Sami Mokaddem 8c053d90b1
new: [import] Url_import module to convert batch of URLs into url objects 2022-11-06 17:21:24 +01:00
Shivam Sandbhor 382d8036d9 Add crowdsec module 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-10-28 12:19:35 +05:30
Christian Studer e18ac776bb
fix: [variodbs] Fixed indentation issue 
- if `exploit_results` is empty, we should not go
  any further in the query for next values exploit
  results
 2022-10-27 09:50:24 +02:00
Christian Studer 5526c2c195
add: [variotdbs] Updated the exploit object mapping to support the object attributes recently added to the `exploit` template 2022-10-26 11:35:59 +02:00
Christian Studer 8e97bf9938
chg: [cve_advanced] Updated the module to use cvepremium & a few improvements 2022-10-25 22:20:30 +02:00
Christian Studer 38a6dc810e
fix: [variodbs] Properly handling the exploit results when there is more that 10 results 
- We keep querying the VARIoT db API with the link
  of the next content until there is no next result
 2022-10-24 16:18:22 +02:00
Christian Studer b964b5e2a6
fix: [variodbs] Fixed the empty vulnerability results case handling, to avoid the module to stop before looking for related exploits 2022-10-24 15:43:04 +02:00
Christian Studer 153ca8d3d4
add: [variotdbs] Added the exploit information parsing 
- Following a recent change on the variotdbs API
  allowing requests to get exploits information
  base on a CVE number
 2022-10-24 15:01:54 +02:00
Christian Studer 98031beeae
fix: [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process 2022-10-24 14:53:00 +02:00
Christian Studer f5cb8d0f57
fix: [variotdbs] Added the reference between the resulting vulnerability object and the initial vulnerability attribute 2022-10-21 14:18:47 +02:00
Christian Studer 81375e1628 add: [variotdbs] Added module to query the variotdbs API with a vulnerabliity, to get additional info about it 2022-10-19 00:06:04 +02:00
Rambatla Venkat Rao d00fee3ba0
Update hyasinsight.py 2022-10-11 08:26:12 +05:30
Rambatla Venkat Rao 66eb82cf1a
Added few more endpoints 2022-10-11 08:24:53 +05:30
Alexandre Dulaunoy b1759e1e8e
Merge pull request #579 from szopin/patch-2 
Fix for ocr import
 2022-09-20 16:14:07 +02:00
Jeroen Pinoy 340b9c0954
fix: [expansion:apivoid] add missing email attribute input types 2022-09-20 06:05:06 -07:00
szopin 79e067188e
Fix for ocr import 
Currently works only for .pdf files, with this .png and .jpg should also work (fixes #512)
 2022-09-16 10:12:46 +02:00
szopin e10826aafc
Fix for hashdd 
Endpoint has changed, now only accepts md5 and the format of the reply is also different
 2022-09-15 10:09:21 +02:00
Rambatla Venkat Rao 03af649d06
fixed lgtm issues 2022-09-06 17:05:22 +05:30
Rambatla Venkat Rao f3b2ea7c41
Added HYAS Insight Module 2022-09-06 16:07:52 +05:30
Rambatla Venkat Rao 3afcd825b9
Added Hyas Insight Module 2022-09-06 15:54:35 +05:30
Sami Mokaddem a6930be862
new: [expansion:jinja_template_rendering] Added new module to rendre a jinja template based on the provided data 2022-08-25 10:57:17 +02:00
Benni0 de1687c11a
Add __init__.py to action_mod/_utils 
As _utils is currently not a package, this folder is missing in a built wheel from this package.
 2022-08-19 09:19:38 +02:00
Christian Studer 71d8745b91
fix: [shodan] The input attribute is actually already added to the event at the beginning 2022-08-10 16:17:08 +02:00
chrisr3d 90a1644c8c
fix: [shodan] Fixed wrong asset used to add attribute to 
- This caused the input `ip-src` or `ip-dst` input
  attribute to be added to the `ip-api-addres`
  which does not have these attributes in their
  template, where they should be added to the
  Event instead
 2022-08-10 14:07:00 +02:00
Sami Mokaddem 7e482315ad
Merge branch 'geekweek' into main 2022-08-05 15:39:57 +02:00
Sami Mokaddem 89bc8bf19c
new: [action_mod] Added MatterMost module and deleted test modules 2022-08-05 15:39:12 +02:00
Raphaël Vinot 81ec6fe415 fix: fix vulnerable_configuration object ref, rely on template. 
Related #853
 2022-07-28 14:41:36 +02:00
iglocska cac0c19eed
new: [action module] samples added for testing 2022-05-04 01:26:56 +02:00
iglocska 0c0b40e26f
new: [action] module wip 2022-05-03 16:10:07 +02:00
Daniel Pascual d08bb5c365 Add more relations and attributes to VT modules 2022-04-18 10:20:33 +02:00
Alexandre Dulaunoy 8f3cc42082
Merge branch 'main' of github.com:MISP/misp-modules into main 2022-04-15 08:27:53 +02:00
Alexandre Dulaunoy c384c3a2a5
fix: [expansion] clamav module was missing from the __init__ 2022-04-15 08:27:19 +02:00
Dermott, Scott f73b961330 * Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable` 2022-04-07 14:44:22 +01:00
Daniel Pascual ac704c8c99 VirusTotal modules migration to API v3 2022-03-16 18:05:13 +01:00
chrisr3d 38047f2718
chg: [joe_import] Changed the user configuration param `Import PE` into `Import Executable` 2022-03-07 23:04:37 +01:00
chrisr3d c5b6d218bb
chg: [joesandbox_query] Changed the `import_pe` param to `import_executable` 2022-03-07 23:01:49 +01:00
Jakub Onderka 79de89657c fix: [wiki] Change User-Agent to avoid 403 error 2022-03-04 10:07:53 +01:00
Alexandre Dulaunoy c33a1fea22
Merge pull request #556 from Wachizungu/chg-add-edit-mmdb-lookup-documentation 
chg:[doc] update mmdb_lookup documentation
 2022-02-23 06:43:28 +01:00
Jeroen Pinoy c5a9a97354
chg:[doc] update mmdb_lookup documentation 2022-02-23 00:54:13 +01:00
Jeroen Pinoy a1e468f7bf
fix: Allow email-src and email-dst as input for apivoid module 2022-02-22 23:33:55 +01:00
Alexandre Dulaunoy beb463bdab
Merge branch 'main' into main 2022-02-15 15:16:13 +01:00
Rambatla Venkat Rao 4a19d35da0
updated to add the latest modules 2022-02-15 19:19:51 +05:30
Rambatla Venkat Rao 82eee0074b
Update __init__.py 2022-02-15 19:11:36 +05:30
Rambatla Venkat Rao 9b4b1a1c4f
Update __init__.py 2022-02-15 19:01:13 +05:30
Rambatla Venkat Rao 2f1d35774d
Update ipqs_fraud_and_risk_scoring.py 2022-02-15 18:52:14 +05:30
Alexandre Dulaunoy c100924eb6
Merge branch 'main' of github.com:MISP/misp-modules into main 2022-02-14 09:38:14 +01:00
Alexandre Dulaunoy b6c339f6aa
Merge branch 'taxii21_import_contrib' of https://github.com/chisholm/misp-modules into chisholm-taxii21_import_contrib 2022-02-14 09:32:19 +01:00
Rambatla Venkat Rao 3856f9fe1d
Update ipqs_fraud_and_risk_scoring.py 2022-02-12 10:38:48 +05:30
Rambatla Venkat Rao 430a838332
Update ipqs_fraud_and_risk_scoring.py 2022-02-12 10:20:48 +05:30
Rambatla Venkat Rao fedf731e07
added ipqs_fraud_and_risk_scoring to modules list 2022-02-09 10:22:16 +05:30
Rambatla Venkat Rao 85bd1b69ad
Initial Commit for IPQualityScore Expansion Module 2022-02-09 10:21:40 +05:30
Rambatla Venkat Rao 47dde7943b
delete 2022-02-09 10:20:42 +05:30
Jeroen Pinoy 0072a45aab
chg:[apivoid] Add handling with email verify API 2022-02-07 17:41:15 +01:00
Jeroen Pinoy 4408f24714
chg: [mmdb_lookup] Add handling of ASN details. 2022-02-06 15:51:54 +01:00
Jeroen Pinoy 267824a6df
new: Add mmdb lookup expansion module 2022-02-05 20:23:28 +01:00
Rambatla Venkat Rao 17541e2938
Added ipqualityscore to All list 2022-02-05 11:33:43 +05:30
Rambatla Venkat Rao cf7b8318a4
Initial Commit for IPQualityScore Expansion Module 2022-02-05 11:32:46 +05:30
Daniel Pascual 323ca67a6c MISP exportmodule to create a VT Collection form an event 2022-02-03 13:25:29 +01:00
Jeroen Pinoy ed2d14c956
Add hashlookup to expansion init.py 2022-02-03 10:44:13 +01:00
Raphaël Vinot 2874c41f7f
fix: required parameters for Recorded Future object 2022-01-14 10:23:08 +01:00
Michael Chisholm 24070bfab7 Add workaround for PyMISP bug regarding conversion of objects 
to JSON-serializable values.
 2022-01-11 21:54:09 -05:00
Michael Chisholm 923fd05eb3 Contribute a TAXII 2.1 import style misp-module. 2022-01-11 21:54:09 -05:00
Silvian I 23ff0348ed [crowdstrike_falcon] fix imports warning 2022-01-11 15:25:39 +01:00
Silvian I 13cb1f472d [crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module to new api version & add attribute creation on enrichment functionality 2022-01-11 13:59:59 +01:00
Silvian I 950a76a3ad Upgrade censys_enrich module to new api version - fix test error 2022-01-07 19:26:02 +01:00
Silvian I ef543a3fa8 Upgrade censys_enrich module to new api version - fix test error 2022-01-07 19:05:05 +01:00
Silvian I b9d9df4dd0 Upgrade censys_enrich module to new api version 2022-01-07 14:46:10 +01:00
Derek LaHousse 6c4e788110 It seems alright to leave the field empty, just have to check that it is empty 2021-12-30 09:25:44 -05:00