Sebdraven
1e98f1d575
Update yeti.py
...
try typo
2021-04-19 12:20:25 +02:00
Sebdraven
53cc15adcd
Update yeti.py
...
remove print
2021-04-19 12:12:32 +02:00
Sebdraven
ef6596637d
Update yeti.py
...
remove tests
2021-04-19 11:49:24 +02:00
Sebdraven
e3fc3a3f38
Update yeti.py
...
test
2021-04-19 11:47:06 +02:00
Sebdraven
8a24ed7fd6
Update yeti.py
...
add logs
2021-04-19 11:27:33 +02:00
Sebdraven
559533ea78
Update yeti.py
...
try test
2021-04-19 11:25:50 +02:00
Sebdraven
a29779eff6
Update yeti.py
...
add check
2021-04-19 11:24:01 +02:00
Sebdraven
4634567b23
Update yeti.py
...
correct bug
2021-04-19 11:09:38 +02:00
Sebdraven
be212097a7
Update yeti.py
...
add log
2021-04-19 11:08:21 +02:00
Sebdraven
af01db860a
Update yeti.py
...
add log
2021-04-19 11:05:16 +02:00
Sebdraven
07f54c1b86
Update yeti.py
...
correct typo
2021-04-19 11:03:39 +02:00
Sebdraven
69a5584dfe
Update yeti.py
...
add relation
2021-04-19 11:00:55 +02:00
Sebdraven
6cd99c03e4
Update yeti.py
...
refactoring and add Url neighboors
2021-04-19 10:46:07 +02:00
chrisr3d
dbff9b3aa8
chg: [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed
2021-04-16 22:00:27 +02:00
chrisr3d
576dcca671
chg: [rbl] Small changes on the rbl list and the results handling
2021-04-16 16:45:38 +02:00
chrisr3d
300cdc7a4c
fix: [ocr_enrich] Making Pep8 happy
2021-04-15 16:41:15 +02:00
chrisr3d
611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
...
- It looks like the `image_to_string` method now
assumes RGB format and the `imdecode` method
seems to give BGR format, so we convert the
image array before
2021-04-15 16:12:00 +02:00
chrisr3d
729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions
2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy
577d0de500
chg: [farsight] make PEP happy
2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy
0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other
2021-04-08 19:14:13 +02:00
chrisr3d
a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
...
- The object_relation `time_first` is added as the
`first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d
505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
...
- With last_seen set we can easily get results
included in a certain time frame (between first
seen and last seen), but we do not get the
latest results. In order to get those ones, we
skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d
5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
...
- We get the datetime format instead of the raw
timestamp
2021-03-30 03:47:34 +02:00
chrisr3d
327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
...
- Getting generator as a list as it is already the
case for all the other results, so it avoids
issues to read the results by accidently looping
through the generator before it is actually
needed, which would lose the content of the
generator
- Also removed print that was accidently introduced
with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d
8935c4adc5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-29 20:10:28 +02:00
chrisr3d
25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields
2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy
521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
...
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta
5e20ea0dc0
update community api to released ver
2021-03-26 11:19:40 -04:00
Brad Chiappetta
714eb425c6
fix ver info
2021-03-23 13:41:05 -04:00
Brad Chiappetta
2855f7ff5f
updates for greynoise community api
2021-03-23 13:39:36 -04:00
Sebdraven
b42da0435b
Update yeti.py
...
add key results
2021-03-19 15:55:18 +01:00
Sebdraven
240d043f91
Update yeti.py
...
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven
ef2bf29621
Update yeti.py
...
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven
76133ace8b
Update yeti.py
...
change logs
2021-03-19 15:37:49 +01:00
Sebdraven
6b35a7ee4d
Update yeti.py
...
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven
ed3e0d56fd
Update yeti.py
...
change logs
2021-03-19 15:29:21 +01:00
Sebdraven
1be2c27131
Update yeti.py
...
add logs
2021-03-19 15:26:45 +01:00
Sebdraven
83c4b2f4b0
Update yeti.py
...
add relation
2021-03-19 15:22:53 +01:00
Sebdraven
cd97186776
Update yeti.py
...
remove add
2021-03-19 15:20:58 +01:00
Sebdraven
624f423264
Update yeti.py
...
add logs
2021-03-19 15:19:37 +01:00
Sebdraven
5176a36acf
Update yeti.py
...
change relations
2021-03-19 15:16:00 +01:00
Sebdraven
86275d7610
Update yeti.py
...
change modification
2021-03-19 14:38:34 +01:00
Sebdraven
0a364cf815
Update yeti.py
...
update relation
2021-03-19 14:32:00 +01:00
Sebdraven
9eb41f4022
Update yeti.py
...
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven
0d035c0292
Update yeti.py
...
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven
b9ce6d689c
Update yeti.py
...
add ref
2021-03-19 13:56:02 +01:00
Sebdraven
28b554d975
Update yeti.py
...
add test
2021-03-19 12:24:15 +01:00
Sebdraven
bc1bea0ec4
Update yeti.py
...
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven
7255a1eddc
Update yeti.py
...
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven
65d8bb6b07
Update yeti.py
...
log json
2021-03-19 11:51:55 +01:00
Sebdraven
633f5efd56
Update yeti.py
...
log object
2021-03-19 11:48:55 +01:00
Sebdraven
bd5c1b0b53
Update yeti.py
...
add logs
2021-03-19 11:40:23 +01:00
Sebdraven
1dfdb5a2a2
Update yeti.py
...
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven
347d12c78c
Update yeti.py
...
add logs
2021-03-19 11:27:23 +01:00
Sebdraven
d868373c5a
Update yeti.py
...
add logs
2021-03-19 11:24:10 +01:00
Sebdraven
bd4a4b87fc
Update yeti.py
...
add logs
2021-03-19 11:18:01 +01:00
Sebdraven
c9bc97c9f9
Update yeti.py
...
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven
0618e288d3
Update yeti.py
...
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven
48f56b0690
Update yeti.py
...
add object
2021-03-19 10:52:48 +01:00
chrisr3d
9f80d69e64
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 19:34:18 +01:00
chrisr3d
458e432bb7
fix: Making pep8 happy
2021-03-18 19:22:26 +01:00
chrisr3d
aea7e247a5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 18:45:41 +01:00
chrisr3d
c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
...
- Since flex queries input may be email addresses,
we nake sure we replace '@' by '.' in the flex
queries input.
- We also run the flex queries with the input as
is first, before runnning them as second time
with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy
bd38fabba5
Merge pull request #481 from cocaman/main
...
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d
f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
...
- Standard types still supported as before
- Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel
a13184b078
adding additional tags
2021-03-13 20:59:54 +01:00
Corsin Camichel
d14d3d585f
first version of ThreatFox enrichment module
2021-03-13 20:36:49 +01:00
Corsin Camichel
d913ae4b36
updating "hibp" for API version 3
2021-03-13 17:44:27 +01:00
Jürgen Löhel
9e8d01b6c8
fix: google.py module
...
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel
c1700cc955
fix: google.py module
...
Corrects import for gh.com/abenassi/Google-Search-API.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven
6fc3b2a860
Update yeti.py
...
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven
294bdee51a
Update yeti.py
...
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven
33bba708bf
Update yeti.py
...
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven
bf617807df
Update yeti.py
...
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven
9de5dd89ee
Update yeti.py
...
add logs
2021-03-05 15:14:25 +01:00
Sebdraven
7e1bf41d47
Update yeti.py
...
add logs
2021-03-05 15:08:32 +01:00
Sebdraven
cb008124c3
Update yeti.py
...
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven
e3f23793e0
Update yeti.py
...
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven
6aff43cf99
Update yeti.py
...
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven
800020d6a2
Update yeti.py
...
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven
e2a1ade14a
Update yeti.py
...
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven
3fdce84ff7
Update yeti.py
...
add log
2021-03-05 11:24:43 +01:00
Sebdraven
e7cb15a0c4
Update yeti.py
...
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven
0f31893fdb
Update yeti.py
...
add logs
2021-03-05 11:06:12 +01:00
Sebdraven
1209cd3a75
yeti pluggin
...
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Sebdraven
1def6e3f06
Update yeti.py
...
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven
b29b3ded28
Update yeti.py
...
add method version
2021-02-05 11:47:27 +01:00
Sebdraven
619d648084
Update yeti.py
...
correct import
2021-02-05 11:37:34 +01:00
Sebdraven
66fc121dbe
Update yeti.py
...
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven
7781a0cae7
add new module
...
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh
2832466f7f
Update assemblyline_submit.py
2021-02-02 22:56:02 +10:30
adammchugh
6f5c77ef08
Update assemblyline_query.py
2021-02-02 22:55:09 +10:30
adammchugh
07b8968b7d
Update assemblyline_submit.py
2021-02-02 22:52:27 +10:30
Cory Kennedy
774b2f37a6
Corrected VMray rest API import
...
When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy
ff9ac60bbd
Merge pull request #457 from trustar/main
...
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden
bad538653d
added more explicit error messages for indicators that return no enrichment data
2020-12-04 11:59:57 -08:00
Jens Thom
0e4e432dc4
fix imports and unused variables
2020-11-30 12:48:01 +01:00
Jens Thom
a404202d1d
Merge remote-tracking branch 'upstream/main' into main
2020-11-30 12:23:11 +01:00
Jens Thom
2a870f2d97
* add parser for report version v1 and v2
...
* add summary JSON import module
2020-11-30 12:06:19 +01:00
chrisr3d
575bed0da8
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-18 11:52:53 +01:00
chrisr3d
2464172e1a
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-11-18 11:34:33 +01:00
chrisr3d
c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue
2020-11-15 20:15:06 +01:00
chrisr3d
d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name
2020-11-15 20:11:08 +01:00
chrisr3d
dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
...
- The rrset and rdata queries remain the same but
with the parameter `flex_queries`, users can
also get the results of the flex rrnames & flex
rdata regex queries about their domain, hostname
or ip address
- Results can thus include passive-dns objects
containing the `raw_rdata` object_relation added
with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d
993a614a20
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-13 16:47:07 +01:00
chrisr3d
32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields
2020-11-13 15:49:58 +01:00
chrisr3d
bd3fa3ea07
chg: [cpe] Added default limit to the results
...
- Results returned by CVE-search are sorted by
cvss score and limited in number to avoid
potential massive amount of data retuned back
to MISP.
- Users can overwrite the default limit with the
configuration already present as optional, and
can also set the limit to 0 to get the full list
of results
2020-11-13 15:46:41 +01:00
chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer
38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
...
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
chrisr3d
3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
...
- The module no longer returns freetext, since the
result returned to the freetext import as text
only allowed MISP to parse the same AS number as
the input attribute.
- The new result returned with the updated module
is an asn object describing more precisely the
AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d
ae1016946b
fix: Making pep8 happy
2020-08-28 17:30:23 +02:00
chrisr3d
1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
...
- As expected with the misp_standard modules, the
input is a full attribute and the module is able
to return attributes and objects
- There was a lot of data that was parsed as regkey
attributes by the freetext import, the module now
parses properly the different field of the result
of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh
8087c9a6a1
Add proxy support and User-Agent header
2020-08-24 11:19:15 +02:00
David André
b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py
2020-08-24 10:11:08 +02:00
Jakub Onderka
bd7f7fa1f3
fix: [virustotal] Resolve key error when user enrich hostname
2020-08-17 17:34:21 +02:00
Jesse Hedden
10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update
2020-08-10 08:08:06 -07:00
Jesse Hedden
a3c01fa318
added comments
2020-08-10 07:53:24 -07:00
Jesse Hedden
91417d390b
added comments
2020-08-09 20:41:52 -07:00
Jesse Hedden
0b576faa68
added comments
2020-08-09 20:36:47 -07:00
Jesse Hedden
2d464adfd6
added error checking
2020-08-09 20:29:37 -07:00
johannesh
85d319e85e
Fix typo error introduced in commit: 3b7a5c4dc2
2020-08-07 10:36:40 +02:00
Jesse Hedden
ee21a88127
updating to include metadata and alter type of trustar link generated
2020-08-06 21:59:13 -07:00
chrisr3d
f1dac0c8df
fix: Fixed pep8
2020-07-28 15:23:24 +02:00
chrisr3d
d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits
2020-07-28 15:06:25 +02:00
chrisr3d
3ab67b23b6
fix: Avoid issues with the attribute value field name
...
- The module setup allows 'value1' as attribute
value field name, but we want to make sure that
users passing standard misp format with 'value'
instead, will not have issues, as well as
keeping the current setup
2020-07-28 11:56:03 +02:00