Commit Graph

1325 Commits (96712da5e0dfa2f19d6f29a63d70ef315f571095)

Author SHA1 Message Date
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d 6dcba6c8ae
fix: Fixed AssemblyLine input description 2019-11-20 17:37:37 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00
chrisr3d 4e98c3efd0
fix: Added missing AssemblyLine logo 2019-11-20 09:52:35 -05:00
chrisr3d ef6542c629
add: Added documentation and description in readme for the AssemblyLine submit module 2019-11-20 09:48:27 -05:00
chrisr3d fb129106ab
add: Updated python dependencies to include the assemblyline_client library 2019-11-19 16:05:16 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 91d6f1baa0
fix: Fixed csv file parsing 2019-11-07 11:50:16 +01:00
chrisr3d 474307ac5b
chg: Using EQL module description from blaverick62 2019-11-07 09:57:18 +01:00
chrisr3d 204f59de13
add: Updated documentation with the EQL export module 2019-11-07 09:54:32 +01:00
chrisr3d 4608bcab45
Merge branch 'master' of github.com:blaverick62/misp-modules 2019-11-07 09:51:17 +01:00
chrisr3d 9068725322
add: Xforce Exchange module tests 2019-11-05 17:13:34 +01:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d 2b592ce267
fix: Avoiding empty config error on passivetotal module 2019-11-01 16:59:58 +01:00
Christian Studer 8135a3ceec
Merge pull request #347 from MISP/tests
More advanced expansion tests
2019-10-31 18:33:20 +01:00
Braden Laverick 26ab7f69e2 Added documentation json for new modules 2019-10-31 17:28:07 +00:00
Braden Laverick c4d333f8b9 Updated README to include EQL modules 2019-10-31 17:20:35 +00:00
chrisr3d 6b50c7718c Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-31 17:21:46 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00
chrisr3d 83227ba889
fix: Fixed results parsing for various module tests 2019-10-31 17:16:27 +01:00
chrisr3d 4fb65672e3
fix: Fixed variable name 2019-10-31 17:16:08 +01:00
chrisr3d 1ff695d437 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-31 14:42:26 +01:00
chrisr3d eb4e2312b2
fix: Bumped Pipfile.lock with the latest libraries versions 2019-10-31 14:30:59 +01:00
chrisr3d 86023fb67d
add: Updated documentation with the latest modules info 2019-10-31 14:16:20 +01:00
chrisr3d 189b4697ec
Updated README with new modules and fixed some links 2019-10-31 12:52:52 +01:00
chrisr3d 4411166b43
fix: Fixed config parsing and the associated error message 2019-10-31 11:52:34 +01:00
chrisr3d 4f70011edf
fix: Fixed config parsing + results parsing
- Avoiding errors with config field when it is
  empty or the apikey is not set
- Parsing all the results instead of only the
  first one
2019-10-31 11:48:59 +01:00
chrisr3d 604fac9690
add: Added test for vulners module 2019-10-31 11:47:47 +01:00
chrisr3d 2adba0bf83
fix: Fixed VT results 2019-10-31 11:46:58 +01:00
chrisr3d 969d8b627d
add: Added qrcode module test with its test image 2019-10-31 11:46:11 +01:00
chrisr3d 3277a23d92 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-31 09:02:40 +01:00
Alexandre Dulaunoy c3c6f1a6ea
Merge pull request #346 from blaverick62/master
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick 717be2b859 Removed extraneous comments and unused imports 2019-10-30 15:44:47 +00:00
chrisr3d b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d 393b33d02d
fix: Fixed config field parsing for various modules
- Same as previous commit
2019-10-30 16:31:57 +01:00
chrisr3d 4cabbe6334
add: [test expansion] Added various tests for modules with api authentication 2019-10-30 16:29:18 +01:00
Braden Laverick dc4c09f751 Fixed python links 2019-10-30 13:47:43 +00:00
Braden Laverick 62d25b1f76 Changed file name to mass eql export 2019-10-30 13:46:52 +00:00
Braden Laverick 08fc938acd Fixed comments 2019-10-30 13:41:40 +00:00
chrisr3d 1563be1100 Merge branch 'master' of github.com:MISP/misp-modules into tests 2019-10-30 09:11:51 +01:00
chrisr3d d0ddfb3355
fix: [expansion] Better config field handling for various modules
- Testing if config is present before trying to
  look whithin the config field
- The config field should be there when the module
  is called form MISP, but it is not always the
  case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
chrisr3d 7170ed6105
fix: [test expansion] Using CVE with lighter results 2019-10-29 21:36:07 +01:00
chrisr3d edb6bef628
add: [test expansion] New modules tests
- Starting testing some modules with api keys
- Testing new apiosintDS module
2019-10-29 21:35:45 +01:00
Braden Laverick 2a4c7ff150 Added ors for compound queries 2019-10-29 20:22:41 +00:00