MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
1,540 Commits
7 Branches
55 Tags
19 MiB
Commit Graph

525 Commits (9f315f1728d54796bb05db52839333643c313b2b)

Author SHA1 Message Date
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework 
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
 2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00
chrisr3d 4411166b43
fix: Fixed config parsing and the associated error message 2019-10-31 11:52:34 +01:00
chrisr3d 4f70011edf
fix: Fixed config parsing + results parsing 
- Avoiding errors with config field when it is
  empty or the apikey is not set
- Parsing all the results instead of only the
  first one
 2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy c3c6f1a6ea
Merge pull request #346 from blaverick62/master 
EQL Query Generation Modules
 2019-10-30 22:08:07 +01:00
Braden Laverick 717be2b859 Removed extraneous comments and unused imports 2019-10-30 15:44:47 +00:00
chrisr3d b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes 
- As expected in the the handler function
 2019-10-30 16:39:07 +01:00
chrisr3d d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues 
- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
 2019-10-30 16:34:15 +01:00
chrisr3d 393b33d02d
fix: Fixed config field parsing for various modules 
- Same as previous commit
 2019-10-30 16:31:57 +01:00
chrisr3d d0ddfb3355
fix: [expansion] Better config field handling for various modules 
- Testing if config is present before trying to
  look whithin the config field
- The config field should be there when the module
  is called form MISP, but it is not always the
  case when the module is queried from somewhere else
 2019-10-30 09:09:55 +01:00
Braden Laverick c1ca936910 Fixed syntax error 2019-10-29 20:14:07 +00:00
Braden Laverick c06ceedfb8 Changed to single attribute EQL 2019-10-29 20:11:35 +00:00
Braden Laverick a426ad249d Added EQL enrichment module 2019-10-29 19:42:47 +00:00
chrisr3d dc7463a67e
fix: Avoid issues when some config fields are not set 2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy dec2494a0a
chg: [apiosintds] make flake8 happy 2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy fdbb0717e0
Merge pull request #344 from davidonzo/master 
Added apiosintDS module to query OSINT.digitalside.it services
 2019-10-29 08:56:29 +01:00
chrisr3d 204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules 2019-10-28 16:45:50 +01:00
chrisr3d 7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management 2019-10-28 16:39:08 +01:00
milkmix bdc5282e09 updated to geoip2 to support mmdb format 2019-10-25 18:09:44 +02:00
Davide 56e16dbaf5 Added apiosintDS module to query OSINT.digitalside.it services 2019-10-24 12:49:29 +02:00
chrisr3d e1602fdca9
fix: Updates following the latest CVE-search version 
- Support of the new vulnerable configuration
  field for CPE version > 2.2
- Support of different 'unknown CWE' message
 2019-10-23 11:55:36 +02:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d d740abe74b
fix: Making pep8 happy 2019-10-17 10:45:51 +02:00
chrisr3d a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError 2019-10-17 10:42:34 +02:00
chrisr3d 5f7b127713
chg: Avoids returning empty values + easier results parsing 2019-10-15 23:30:39 +02:00
chrisr3d 8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration 2019-10-15 11:25:30 +02:00
chrisr3d 6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true 2019-10-13 20:23:02 +02:00
chrisr3d b560347d5d
fix: Considering the case of empty results 2019-10-08 15:49:09 +02:00
chrisr3d 8bcb630340
fix: Catching results exceptions properly 2019-10-08 15:48:26 +02:00
chrisr3d 2850d6f690
fix: Catching exceptions and results properly depending on the cases 2019-10-08 15:45:06 +02:00
chrisr3d 5d4a0bff98
fix: Handling cases where there is no result from the query 2019-10-08 13:28:23 +02:00
chrisr3d 662e58da88
fix: Fixed pattern parsing + made the module hover only 2019-10-07 16:46:32 +02:00
chrisr3d b9b78d1606
fix: Travis tests should be happy now 2019-10-04 17:22:32 +02:00
chrisr3d 6801289175
fix: Returning results in text format 
- Makes the hover functionality display the full
  result instead of skipping the records list
 2019-10-04 15:54:25 +02:00
chrisr3d 09590ca451
fix: Making pep8 happy 2019-09-17 14:13:05 +02:00
Christian Studer 205342996a
Merge pull request #335 from FafnerKeyZee/patch-2 
Travis should not be complaining with the tests after the latest update on "test_cve"
 2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_] dc84c9f972
adding custom API 
Adding the possibility to have our own API server.
 2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_] 5c09b66706
Cleaning the error message 
The original message can be confusing is the user change to is own API.
 2019-09-17 10:42:29 +02:00
chrisr3d 8d33d6c18c
add: New parameter to specify a custom CVE API to query 
- Any API specified here must return the same
  format as the CIRCL CVE search one in order to
  be supported by the parsing functions, and
  ideally provide response to the same kind of
  requests (so the CWE search works as well)
 2019-09-16 14:19:20 +02:00
chrisr3d 415fa55fff
fix: Avoiding issues when no CWE id is provided 2019-08-06 15:55:50 +02:00
chrisr3d 0b603fc5d3
fix: Fixed unnecessary dictionary field call 
- No longer necessary to go under 'Event' field
  since PyMISP does not contain it since the
  latest update
 2019-08-05 11:33:04 +02:00
chrisr3d 4df528c331
add: Added initial event to reference it from the vulnerability object created out of it 2019-08-02 15:35:33 +02:00
chrisr3d 034222d7b3
fix: Using the attack-pattern object template (copy-paste typo) 2019-08-02 10:10:44 +02:00
chrisr3d 7eb4f034c0
fix: Making pep8 happy 2019-08-01 17:17:16 +02:00
chrisr3d 5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects 2019-08-01 15:37:10 +02:00
chrisr3d c4302aa35e
add: Parsing CAPEC information related to the CVE 2019-08-01 15:21:18 +02:00
chrisr3d 7445d7336e
add: Parsing CWE related to the CVE 2019-08-01 14:55:53 +02:00
chrisr3d 7b1c35d583
fix: Fixed cvss-score object relation name 2019-07-30 09:55:36 +02:00
chrisr3d 27f5c9ceeb Merge branch 'master' of github.com:MISP/misp-modules 2019-07-24 12:08:28 +02:00
chrisr3d 4ee0cbe4c5
add: Added virustotal_public to the list of available modules 2019-07-24 11:10:25 +02:00
Raphaël Vinot 80ce0a58b5 fix: Skip tests on haveibeenpwned.com if 403. Make pep8 happy. 2019-07-24 09:49:05 +02:00
chrisr3d 92d90e8e1c
add: TODO comment for the next improvement 2019-07-23 09:42:10 +02:00
chrisr3d 14cf39d8b6
chg: Updated the module to work with the updated VirusTotal API 
- Parsing functions updated to support the updated
  format of the VirusTotal API responses
- The module can now return objects
- /!\ This module requires a high number of
  requests limit rate to work as expected /!\
 2019-07-22 16:22:29 +02:00
chrisr3d 1fa37ea712
fix: Avoiding issues with non existing sample types 2019-07-22 11:43:35 +02:00
chrisr3d 675e0815ff
add: Parsing communicating samples returned by domain reports 2019-07-22 11:42:52 +02:00
chrisr3d c9c2027a57
fix: Undetected urls are represented in lists 2019-07-22 11:39:46 +02:00
chrisr3d 6fdfcb0a29
fix: Changed function name to avoid confusion with the same variable name 2019-07-22 09:53:19 +02:00
chrisr3d 729c86c336
fix: Quick fix on siblings & url parsing 2019-07-22 09:16:04 +02:00
chrisr3d 9aa721bc37
fix: typo 2019-07-19 16:20:24 +02:00
chrisr3d 641dda0103
add: Parsing downloaded samples as well as the referrer ones 2019-07-18 21:38:17 +02:00
chrisr3d 795edb7457
chg: Adding references between a domain and their siblings 2019-07-17 20:40:56 +02:00
chrisr3d 8de350744b
chg: Getting domain siblings attributes uuid for further references 2019-07-16 22:39:35 +02:00
chrisr3d a61d09db8b
fix: Parsing detected & undetected urls 2019-07-15 23:44:25 +02:00
chrisr3d d9b03a7aa5
fix: Various fixes about typo, variable names, data types and so on 2019-07-12 10:59:19 +02:00
chrisr3d f862a14ce6
add: Object for VirusTotal public API queries 
- Lighter analysis of the report to avoid reaching
  the limit of queries per minute while recursing
  on the different elements
 2019-07-11 22:59:07 +02:00
chrisr3d 3edc323836
fix: Making pep8 happy 2019-07-10 15:29:31 +02:00
chrisr3d 5703253961
new: First version of an advanced CVE parser module 
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
 2019-07-10 15:20:22 +02:00
chrisr3d 9e45d302b1
fix: Testing if an object is not empty before adding it the the event 2019-06-18 09:45:59 +02:00
chrisr3d 9fdd6c5e58
fix: Making travis happy 2019-06-15 08:17:29 +02:00
chrisr3d 2f3ce1b615
fix: Support of the latest version of sigmatools 2019-06-15 08:06:47 +02:00
Georg Schölly efb0a88eeb joesandbox_query.py: improve behavior in unexpected circumstances 2019-06-04 11:29:40 +02:00
chrisr3d aa3e873845
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 11:33:42 +10:00
chrisr3d 42bc6f8d2b
fix: Fixed variable name typo 2019-06-04 11:32:21 +10:00
chrisr3d ee48d99845
add: New expansion module to query Joe Sandbox API with a report link 2019-06-04 09:48:50 +10:00
chrisr3d f541b1f4ba Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-29 10:50:39 +10:00
Georg Schölly 1745d33ee4 add expansion for joe sandbox 2019-05-21 21:14:21 +02:00
chrisr3d d4bc85259d
fix: Removed unused library 2019-05-02 14:15:12 +02:00
chrisr3d a5ff849950 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-02 13:23:24 +02:00
Steve Clement 553cf44337
fix: [pep8] Fixes 2019-05-02 10:37:48 +09:00
Koen Van Impe c8a4d8d76f New VMRay modules 
New JSON output format of VMRay
Prepare for automation (via PyMISP) with workflow taxonomy tags
 2019-05-01 22:44:24 +02:00
root 92351e6679
add: Added urlhaus in the expansion modules init list 2019-05-01 22:22:10 +02:00
root 9d3741aeb9 Merge branch 'master' of https://github.com/MISP/misp-modules into new_module 2019-04-30 08:59:05 +02:00
Alexandre Dulaunoy ec766f571c
chg: [init] cleanup for pep 2019-04-26 13:36:53 +02:00
Alexandre Dulaunoy 63c12f34e6
chg: [pdf-enrich] updated 2019-04-26 13:36:07 +02:00
Sascha Rommelfangen fc339c888d removed trailing whitespaces 2019-04-26 12:14:56 +02:00
Sascha Rommelfangen 1d4f8a6989 new modules added 2019-04-26 12:09:16 +02:00
Sascha Rommelfangen f55d7946df introduction of new modules 2019-04-26 12:07:55 +02:00
Sascha Rommelfangen 06036b7fe5 Merge branch 'master' of https://github.com/MISP/misp-modules 2019-04-24 15:01:03 +02:00
Sascha Rommelfangen 07f759b07a renamed file 2019-04-24 14:53:16 +02:00
Sascha Rommelfangen 5104bce451 renamed module 2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy 81b0082ae5
chg: [init] removed trailing whitespace 2019-04-24 14:01:48 +02:00
Alexandre Dulaunoy 614fc1354b
chg: [ocr] re module not used - removed 2019-04-24 14:01:08 +02:00
Sascha Rommelfangen 7171c8ce92 initial version of OCR expansion module 2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy 18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo 
Expansion module - File/URL submission to Cuckoo Sandbox
 2019-04-23 19:36:28 +02:00
Sascha Rommelfangen 2d8aaf09c2
brackets are difficult... 2019-04-23 15:40:22 +02:00
Alexandre Dulaunoy e55ae11a1e
chg: [qrcode] added to the __init__ 2019-04-23 14:45:12 +02:00
Alexandre Dulaunoy 44050ec4da
chg: [qrcode] flake8 needs some drugs 2019-04-23 14:44:00 +02:00
Alexandre Dulaunoy d5180e7e79
chg: [qrcode] various fixes to make it PEP compliant 2019-04-23 14:37:27 +02:00
Alexandre Dulaunoy a0fce1bc90
Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module 2019-04-23 14:33:06 +02:00
Sascha Rommelfangen c85ab8d93c
initial version of QR code reader 
Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code.
Identified values can be inserted into the event.
 2019-04-23 11:38:56 +02:00
Ricardo van Zutphen e6326185d5 Use double quotes and provide headers correctly 2019-04-19 16:24:30 +02:00
Ricardo van Zutphen 49acb53745 Update Cuckoo module to support files and URLs 2019-04-19 14:06:35 +02:00
Evert0x e243edb503
Update __init__.py 2019-04-18 14:25:05 +02:00
Evert0x eefa35c65d
Create cuckoo_submit.py 2019-04-18 00:23:38 +02:00
Raphaël Vinot f82933779f fix: pep8 foobar. 2019-04-02 16:01:36 +02:00
Raphaël Vinot 9cb21f98e1 fix: Add the new module sin the list of modules availables. 2019-04-02 15:46:17 +02:00
Raphaël Vinot c64f514a6f fix: Typos in variable names 2019-04-02 15:39:27 +02:00
Raphaël Vinot b89d068c04 new: Modules for greynoise, haveibeenpwned and macvendors 
Source: https://github.com/src7/misp-modules
 2019-04-02 15:30:11 +02:00
root 38fc479d12 Merge branch 'master' of https://github.com/MISP/misp-modules into new_module 2019-04-01 16:29:10 +02:00
root 2439d5f75d
fix: Fixed object_id variable name typo 2019-04-01 16:28:19 +02:00
Raphaël Vinot 1c0984eaec fix: Remove unused import 2019-03-15 11:06:11 +01:00
chrisr3d d87a67c6f3 Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-03-14 19:04:32 +01:00
chrisr3d 0b92fd5a53
fix: Making json_decode even happier with full json format 
- Using MISPEvent because it is cleaner & easier
- Also cleaner implementation globally
 2019-03-14 18:48:13 +01:00
Sascha Rommelfangen 5af667edff Merge branch 'master' of https://github.com/MISP/misp-modules 2019-03-14 14:41:24 +01:00
Sascha Rommelfangen eb2dcca12b fixed a bug when checking malformed BTC addresses 2019-03-14 14:39:58 +01:00
chrisr3d 62bc45e03a
fix: Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part 2019-03-14 14:31:38 +01:00
chrisr3d 9c8ee1f3d7
new: Expansion module to query urlhaus API 
- Using the next version of modules, taking a
  MISP attribute as input and able to return
  attributes and objects
- Work still in process in the core part
 2019-03-13 09:57:28 +01:00
Alexandre Dulaunoy 0bf27c1b69
chg: [btc_scam_check] fix spacing for making flake 8 happy 2019-02-11 14:23:18 +01:00
chrisr3d 74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-02-11 09:28:49 +01:00
Alexandre Dulaunoy f0ccfd2027
chg: [backscatter.io] blind fix regarding undefined value 2019-02-10 16:56:01 +01:00
Alexandre Dulaunoy 7b1a837b10
chg: [backscatter.io] remove blank line at the end of the file 2019-02-10 16:40:06 +01:00
Alexandre Dulaunoy acc35e3a02
chg: [backscatter.io] Exception handler fixed for recent version of Python 2019-02-10 16:33:09 +01:00
9b c8b410161a Use the write var on return 2019-02-08 12:29:43 -05:00
9b e4c1468968 Stubbed module 2019-02-08 12:27:20 -05:00
chrisr3d 08fe0cbe09
fix: Description fixed 2019-02-05 14:54:22 +01:00
chrisr3d d1000d82c4
add: New module to check if a bitcoin address has been abused 
- Also related update of documentation
 2019-02-05 14:46:42 +01:00
Raphaël Vinot 454c9e0f43 fix: Pep8 related fixes. 2019-02-04 11:05:51 +01:00
Raphaël Vinot 3d47eb7420 fix: make flake8 happy 2019-01-25 10:45:07 +01:00
Sascha Rommelfangen c52b95cdbe sometimes server doesn't return expected values. fixed. 2019-01-24 09:51:46 +01:00
Raphaël Vinot 0189a117a3 fix: Change in the imports in other sigma module 2019-01-21 14:14:19 +01:00
Raphaël Vinot b791b177c3 fix: Change in the imports 2019-01-21 14:06:38 +01:00
Raphaël Vinot d5ec09fe4a fix: Change module name 2019-01-21 13:57:45 +01:00
Raphaël Vinot 55f05e0524 chg: Use pipenv, update bgpranking/ipasn modules 2019-01-21 13:31:52 +01:00
Raphaël Vinot 8fc5b1fd1f fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
Raphaël Vinot d0aec62f1a new: Intel471 module 2018-12-11 13:30:52 +01:00
Sascha Rommelfangen d5eb34270a Merge branch 'master' of https://github.com/MISP/misp-modules 2018-11-26 15:56:33 +01:00
Sascha Rommelfangen 96570caece cosmetic output change 2018-11-26 15:56:11 +01:00
chrisr3d e30a5d2502 fix: Removed not valid input type 2018-11-22 12:30:12 +01:00
chrisr3d 7cfc7a730b fix: Cleaned up not used variables 2018-11-22 12:27:45 +01:00
chrisr3d 627420ca43 fix: Updated rbl module result format 
- More readable as str than dumped json
 2018-11-22 12:27:16 +01:00
chrisr3d 547985b8ce fix: Added Macaddress.io module in the init list 2018-11-22 12:26:27 +01:00
chrisr3d be3063f3c6 fix: Typo on input type 2018-11-22 12:24:47 +01:00
chrisr3d 22173c249e add: Update to support sha1 & sha256 attributes 2018-11-22 12:23:40 +01:00
chrisr3d b778dd5e67 fix: Fixed type of the result in case of exception 
- Set as str since some exception types are not
  jsonable
 2018-11-21 16:06:22 +01:00
chrisr3d 1b44668094 fix: Added hostname attribute support as it is intended 2018-11-21 16:05:38 +01:00
chrisr3d 651f69126d Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch 2018-11-13 16:05:24 +01:00