Commit Graph

906 Commits (8d814b9b252df70125a1e69825db7d0deb1370ec)

Author SHA1 Message Date
chrisr3d 32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields 2020-11-13 15:49:58 +01:00
chrisr3d bd3fa3ea07
chg: [cpe] Added default limit to the results
- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
2020-11-13 15:46:41 +01:00
chrisr3d 3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields 2020-11-13 15:28:10 +01:00
chrisr3d fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
- Also updated the results parsing to check in
  each returned result for every field if they are
  included, to avoid key errors if any field is
  missing
2020-11-12 16:01:14 +01:00
chrisr3d 2a25cda026 Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main 2020-11-11 10:46:44 +01:00
chrisr3d bb7564dea9 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-11 10:45:06 +01:00
Jesse Hedden 0650126d6a fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data 2020-11-10 17:20:03 -08:00
chrisr3d b98562a75e
chg: [cpe] Support of the new CVE-Search API 2020-11-10 17:53:47 +01:00
chrisr3d d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests 2020-11-05 17:51:41 +01:00
chrisr3d c0440a0d33 chg: [farsight_passivedns] More context added to the results
- References between the passive-dns objects and
  the initial attribute
- Comment on object attributes mentioning whether
  the results come from an rrset or an rdata
  lookup
2020-11-05 15:55:30 +01:00
chrisr3d 7c5465e02b fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version 2020-11-05 15:55:15 +01:00
chrisr3d d9e576e605 chg: [farsight_passivedns] Rework of the module to return MISP objects
- All the results are parsed as passive-dns MISP
  objects
- More love to give to the parsing to add
  references between the passive-dns objects and
  the input attribute, depending on the type of
  the query (rrset or rdata), or the rrtype
  (to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d 260bddb3cf
chg: [cpe] Changed CVE-Search API default url 2020-11-02 19:03:26 +01:00
chrisr3d 54f7e604c8 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-11-02 19:03:16 +01:00
chrisr3d 6660e2fc11
add: Added documentation for the cpe module 2020-10-24 23:52:06 +02:00
chrisr3d 88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00
mokaddem 2be1d7a0cd new: [expansion] Added html_to_markdown module
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d 410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities 2020-10-23 21:19:26 +02:00
chrisr3d c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types 2020-10-22 23:25:20 +02:00
chrisr3d 2a2a908f09 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-10-22 22:59:21 +02:00
Jakub Onderka d0115e8b36 fix: [main] Disable duplicate JSON decoding 2020-10-22 18:03:29 +02:00
Jakub Onderka 7ad5eb0bfa chg: [clamav] Add reference to original attribute 2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy 0872bb820c
chg: [clamav] TCP port connection must be an integer 2020-10-20 10:17:52 +02:00
Jakub Onderka f2de7ab87f new: [clamav] Module for malware scan by ClamAV 2020-10-17 23:25:47 +02:00
chrisr3d 48635d8f1b
add: Added documentation for the socialscan new module
- Also quick fix of the message for an invalid
  result or response concerning the queried email
  address or username
2020-10-02 17:01:02 +02:00
chrisr3d d950b4d7ec
fix: Removed debugging print command 2020-10-02 01:50:49 +02:00
chrisr3d 9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms 2020-10-01 23:25:39 +02:00
chrisr3d 14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
- Adding objects as dictionaries in an event may
  cause issues in some cases. It is better to pass
  the MISP object as is, as it is already a valid
  object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer 38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot 2dde6e8757
fix: Typo in EMailObject
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d 3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
- The module no longer returns freetext, since the
  result returned to the freetext import as text
  only allowed MISP to parse the same AS number as
  the input attribute.
- The new result returned with the updated module
  is an asn object describing more precisely the
  AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d ae1016946b
fix: Making pep8 happy 2020-08-28 17:30:23 +02:00
chrisr3d 1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
- As expected with the misp_standard modules, the
  input is a full attribute and the module is able
  to return attributes and objects
- There was a lot of data that was parsed as regkey
  attributes by the freetext import, the module now
  parses properly the different field of the result
  of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh 8087c9a6a1 Add proxy support and User-Agent header 2020-08-24 11:19:15 +02:00
David André b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py 2020-08-24 10:11:08 +02:00
Jakub Onderka bd7f7fa1f3 fix: [virustotal] Resolve key error when user enrich hostname 2020-08-17 17:34:21 +02:00
Jesse Hedden 10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update 2020-08-10 08:08:06 -07:00
Jesse Hedden a3c01fa318 added comments 2020-08-10 07:53:24 -07:00
Jesse Hedden 91417d390b added comments 2020-08-09 20:41:52 -07:00
Jesse Hedden 0b576faa68 added comments 2020-08-09 20:36:47 -07:00
Jesse Hedden 2d464adfd6 added error checking 2020-08-09 20:29:37 -07:00
johannesh 85d319e85e Fix typo error introduced in commit: 3b7a5c4dc2 2020-08-07 10:36:40 +02:00
Jesse Hedden ee21a88127 updating to include metadata and alter type of trustar link generated 2020-08-06 21:59:13 -07:00
chrisr3d f1dac0c8df
fix: Fixed pep8 2020-07-28 15:23:24 +02:00
chrisr3d d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits 2020-07-28 15:06:25 +02:00
chrisr3d 3ab67b23b6
fix: Avoid issues with the attribute value field name
- The module setup allows 'value1' as attribute
  value field name, but we want to make sure that
  users passing standard misp format with 'value'
  instead, will not have issues, as well as
  keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d 3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
- Checking if the input format is respected and
  displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d 8180ecbfa8
chg: Making use of the Greynoise v2 API 2020-07-27 17:20:36 +02:00
johannesh c91a61110a Add Recorded Future expansion module 2020-07-23 12:28:56 +02:00
chrisr3d a4e9fe456e Merge branch 'main' of github.com:MISP/misp-modules into main 2020-07-03 10:24:45 +02:00
chrisr3d 8e4c688dce
fix: Fixed list of sigma backends 2020-07-03 10:10:24 +02:00
Jakub Onderka cda5feedaa fix: [virustotal] Subdomains is optional in VT response 2020-07-01 16:13:40 +02:00
chrisr3d f99174af2e
fix: Removed multiple spaces to comply with pep8 2020-07-01 11:27:36 +02:00
chrisr3d 26b0357ac7
fix: Making pep8 happy 2020-06-30 23:10:35 +02:00
chrisr3d c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues
(until it is submitted via PR?)
2020-06-30 18:08:34 +02:00
chrisr3d 3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp 2020-06-30 18:07:14 +02:00
chrisr3d cadcc8947c Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-06-30 17:14:38 +02:00
Jesse Hedden a70558945a removed obsolete file 2020-06-27 17:46:51 -07:00
Jesse Hedden a91d50b507 corrected variable name 2020-06-27 17:29:01 -07:00
Jesse Hedden 9e1bc5681b fixed indent 2020-06-25 15:22:54 -07:00
Jesse Hedden 2d31b4e037 fixed incorrect attribute name 2020-06-25 13:10:50 -07:00
Jesse Hedden 61fbb30e1c fixed metatag; convert summaries generator to list for error handling 2020-06-25 10:54:34 -07:00
Jesse Hedden b188d2da4e added strip to remove potential whitespace 2020-06-24 17:47:41 -07:00
Jesse Hedden b60d142d32 removed extra parameter 2020-06-22 15:06:39 -07:00
Jesse Hedden b9d191686f added try/except for TruSTAR API errors and additional comments 2020-06-22 14:54:37 -07:00
Jesse Hedden f13233d04c added comments and increased page size to max for get_indicator_summaries 2020-06-22 13:47:25 -07:00
Jesse Hedden f3b27ca9c0 updated client metatag and version 2020-06-22 12:58:10 -07:00
Jesse Hedden 68b4fbba09 added client metatag to trustar client 2020-06-22 12:15:28 -07:00
Jesse Hedden 341a569de5 ready for code review 2020-06-21 19:52:17 -07:00
Jakub Onderka fe1ea90b25 fix: [circl_passivessl] Return proper error for IPv6 addresses 2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka b053e1c01b fix: [circl_passivessl] Return not found error
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka 6e21893be4 fix: [circl_passivedns] Return not found error
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka 31d15056f9 new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port 2020-06-03 11:12:47 +02:00
Jesse Hedden 67bdb38fc8 WIP: initial push 2020-05-29 17:41:13 -07:00
Jesse Hedden 8a95a000ee initial commit. not a working product. need to create a class to manage the MISP event and TruStar client 2020-05-29 17:21:20 -07:00
chrisr3d 1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2020-05-05 11:53:09 +02:00
Steve Clement 3fd6633c01
fix: [pep] Comply to PEP E261 2020-05-01 12:12:33 +09:00
Matthias Meidinger ebf71a371b Update vmray_submit
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark fd3c62c460 Fix variable issue in the loop 2020-04-08 01:07:46 -07:00
Golbark 500f0301a9 Adding support for more input types, including multi-types 2020-04-07 06:53:42 -07:00
Golbark b79636ccfa new: usr: Censys Expansion module 2020-04-03 03:15:03 -07:00
chrisr3d 48b381d704
fix: Making pep8 happy 2020-03-18 18:58:11 +01:00
chrisr3d 0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute 2020-03-18 18:05:57 +01:00
chrisr3d 824c0031b3
fix: Catching errors in the reponse of the query to URLhaus 2020-03-18 17:57:55 +01:00
chrisr3d 422f654988
fix: Making pep8 happy with indentation 2020-03-18 10:24:06 +01:00
Jakub Onderka fe34023866
csvimport: Return error if input is not valid UTF-8 2020-03-12 11:02:43 +01:00
Koen Van Impe 2713d3c655 Update __init__ 2020-03-10 19:50:00 +01:00
Koen Van Impe c86f4a4180 Make Travis (a little bit) happy 2020-03-10 18:48:25 +01:00
Koen Van Impe e023f0b470 Cytomic Orion MISP Module
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
2020-03-10 18:25:30 +01:00
chrisr3d 0b4d6738de
fix: Making pep8 happy 2020-03-10 11:15:16 +01:00
bennyv 6c00f02e42 Removed Unused Import 2020-03-04 11:54:55 +11:00
bennyv 0a8a829ac1 Fixed handler error handling for missing config 2020-03-04 11:30:44 +11:00
bennyv a32685df8a Initial Build of SOPHOSLabs Intelix Product 2020-03-04 09:52:55 +11:00
chrisr3d cda5004a0d
fix: Removed unused import 2020-02-26 14:18:09 +01:00
chrisr3d c9c6f69bd4
fix: Making pep8 happy 2020-02-26 11:59:14 +01:00
Christian Studer fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d dea42d3929
chg: Catching missing config issue 2020-02-25 15:22:06 +01:00
Sean Whalen f5af7faace
Create __init__.py 2020-02-22 19:44:31 -05:00