chrisr3d
32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields
2020-11-13 15:49:58 +01:00
chrisr3d
bd3fa3ea07
chg: [cpe] Added default limit to the results
...
- Results returned by CVE-search are sorted by
cvss score and limited in number to avoid
potential massive amount of data retuned back
to MISP.
- Users can overwrite the default limit with the
configuration already present as optional, and
can also set the limit to 0 to get the full list
of results
2020-11-13 15:46:41 +01:00
chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
d0115e8b36
fix: [main] Disable duplicate JSON decoding
2020-10-22 18:03:29 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer
38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
...
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot
2dde6e8757
fix: Typo in EMailObject
...
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d
3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
...
- The module no longer returns freetext, since the
result returned to the freetext import as text
only allowed MISP to parse the same AS number as
the input attribute.
- The new result returned with the updated module
is an asn object describing more precisely the
AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d
ae1016946b
fix: Making pep8 happy
2020-08-28 17:30:23 +02:00
chrisr3d
1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
...
- As expected with the misp_standard modules, the
input is a full attribute and the module is able
to return attributes and objects
- There was a lot of data that was parsed as regkey
attributes by the freetext import, the module now
parses properly the different field of the result
of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh
8087c9a6a1
Add proxy support and User-Agent header
2020-08-24 11:19:15 +02:00
David André
b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py
2020-08-24 10:11:08 +02:00
Jakub Onderka
bd7f7fa1f3
fix: [virustotal] Resolve key error when user enrich hostname
2020-08-17 17:34:21 +02:00
Jesse Hedden
10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update
2020-08-10 08:08:06 -07:00
Jesse Hedden
a3c01fa318
added comments
2020-08-10 07:53:24 -07:00
Jesse Hedden
91417d390b
added comments
2020-08-09 20:41:52 -07:00
Jesse Hedden
0b576faa68
added comments
2020-08-09 20:36:47 -07:00
Jesse Hedden
2d464adfd6
added error checking
2020-08-09 20:29:37 -07:00
johannesh
85d319e85e
Fix typo error introduced in commit: 3b7a5c4dc2
2020-08-07 10:36:40 +02:00
Jesse Hedden
ee21a88127
updating to include metadata and alter type of trustar link generated
2020-08-06 21:59:13 -07:00
chrisr3d
f1dac0c8df
fix: Fixed pep8
2020-07-28 15:23:24 +02:00
chrisr3d
d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits
2020-07-28 15:06:25 +02:00
chrisr3d
3ab67b23b6
fix: Avoid issues with the attribute value field name
...
- The module setup allows 'value1' as attribute
value field name, but we want to make sure that
users passing standard misp format with 'value'
instead, will not have issues, as well as
keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d
3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
...
- Checking if the input format is respected and
displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d
8180ecbfa8
chg: Making use of the Greynoise v2 API
2020-07-27 17:20:36 +02:00
johannesh
c91a61110a
Add Recorded Future expansion module
2020-07-23 12:28:56 +02:00
chrisr3d
a4e9fe456e
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-07-03 10:24:45 +02:00
chrisr3d
8e4c688dce
fix: Fixed list of sigma backends
2020-07-03 10:10:24 +02:00
Jakub Onderka
cda5feedaa
fix: [virustotal] Subdomains is optional in VT response
2020-07-01 16:13:40 +02:00
chrisr3d
f99174af2e
fix: Removed multiple spaces to comply with pep8
2020-07-01 11:27:36 +02:00
chrisr3d
26b0357ac7
fix: Making pep8 happy
2020-06-30 23:10:35 +02:00
chrisr3d
c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues
...
(until it is submitted via PR?)
2020-06-30 18:08:34 +02:00
chrisr3d
3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp
2020-06-30 18:07:14 +02:00
chrisr3d
cadcc8947c
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-06-30 17:14:38 +02:00
Jesse Hedden
a70558945a
removed obsolete file
2020-06-27 17:46:51 -07:00
Jesse Hedden
a91d50b507
corrected variable name
2020-06-27 17:29:01 -07:00
Jesse Hedden
9e1bc5681b
fixed indent
2020-06-25 15:22:54 -07:00
Jesse Hedden
2d31b4e037
fixed incorrect attribute name
2020-06-25 13:10:50 -07:00
Jesse Hedden
61fbb30e1c
fixed metatag; convert summaries generator to list for error handling
2020-06-25 10:54:34 -07:00
Jesse Hedden
b188d2da4e
added strip to remove potential whitespace
2020-06-24 17:47:41 -07:00
Jesse Hedden
b60d142d32
removed extra parameter
2020-06-22 15:06:39 -07:00
Jesse Hedden
b9d191686f
added try/except for TruSTAR API errors and additional comments
2020-06-22 14:54:37 -07:00
Jesse Hedden
f13233d04c
added comments and increased page size to max for get_indicator_summaries
2020-06-22 13:47:25 -07:00
Jesse Hedden
f3b27ca9c0
updated client metatag and version
2020-06-22 12:58:10 -07:00
Jesse Hedden
68b4fbba09
added client metatag to trustar client
2020-06-22 12:15:28 -07:00
Jesse Hedden
341a569de5
ready for code review
2020-06-21 19:52:17 -07:00
Jakub Onderka
fe1ea90b25
fix: [circl_passivessl] Return proper error for IPv6 addresses
2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy
ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
...
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka
b053e1c01b
fix: [circl_passivessl] Return not found error
...
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka
6e21893be4
fix: [circl_passivedns] Return not found error
...
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka
31d15056f9
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 11:12:47 +02:00
Jesse Hedden
67bdb38fc8
WIP: initial push
2020-05-29 17:41:13 -07:00
Jesse Hedden
8a95a000ee
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client
2020-05-29 17:21:20 -07:00
chrisr3d
1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2020-05-05 11:53:09 +02:00
Steve Clement
3fd6633c01
fix: [pep] Comply to PEP E261
2020-05-01 12:12:33 +09:00
Matthias Meidinger
ebf71a371b
Update vmray_submit
...
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark
fd3c62c460
Fix variable issue in the loop
2020-04-08 01:07:46 -07:00
Golbark
500f0301a9
Adding support for more input types, including multi-types
2020-04-07 06:53:42 -07:00
Golbark
b79636ccfa
new: usr: Censys Expansion module
2020-04-03 03:15:03 -07:00
chrisr3d
48b381d704
fix: Making pep8 happy
2020-03-18 18:58:11 +01:00
chrisr3d
0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute
2020-03-18 18:05:57 +01:00
chrisr3d
824c0031b3
fix: Catching errors in the reponse of the query to URLhaus
2020-03-18 17:57:55 +01:00
chrisr3d
422f654988
fix: Making pep8 happy with indentation
2020-03-18 10:24:06 +01:00
Jakub Onderka
fe34023866
csvimport: Return error if input is not valid UTF-8
2020-03-12 11:02:43 +01:00
Koen Van Impe
2713d3c655
Update __init__
2020-03-10 19:50:00 +01:00
Koen Van Impe
c86f4a4180
Make Travis (a little bit) happy
2020-03-10 18:48:25 +01:00
Koen Van Impe
e023f0b470
Cytomic Orion MISP Module
...
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
2020-03-10 18:25:30 +01:00
chrisr3d
0b4d6738de
fix: Making pep8 happy
2020-03-10 11:15:16 +01:00
bennyv
6c00f02e42
Removed Unused Import
2020-03-04 11:54:55 +11:00
bennyv
0a8a829ac1
Fixed handler error handling for missing config
2020-03-04 11:30:44 +11:00
bennyv
a32685df8a
Initial Build of SOPHOSLabs Intelix Product
2020-03-04 09:52:55 +11:00
chrisr3d
cda5004a0d
fix: Removed unused import
2020-02-26 14:18:09 +01:00
chrisr3d
c9c6f69bd4
fix: Making pep8 happy
2020-02-26 11:59:14 +01:00
Christian Studer
fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
...
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d
dea42d3929
chg: Catching missing config issue
2020-02-25 15:22:06 +01:00
Sean Whalen
f5af7faace
Create __init__.py
2020-02-22 19:44:31 -05:00