Commit Graph

751 Commits (a91d50b5073ec8890d3eec1c704d6e4626584bc9)

Author SHA1 Message Date
chrisr3d f5452055f6
fix: Fixed vt_graph imports 2020-01-10 10:31:52 +01:00
chrisr3d 70b3079aa3
fix: Fixed pep8 in the new module and related libraries 2020-01-09 16:01:18 +01:00
Christian Studer 7c2b001df3
Merge pull request #361 from VirusTotal/master
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia 10b4e78704 add vt_graph export module 2020-01-09 09:57:46 +00:00
Erick Cheng bfcba18e3c
Update ipasn.py 2020-01-07 18:58:40 +01:00
chrisr3d cf5ad29f27
chg: Checking attributes category
- We check the category before adding the
  attribute to the event
- Checking if the category is correct and if not,
  doing a case insensitive check
- If the category is not correct after the 2 first
  tests, we simply delete it from the attribute
  and pymisp will give the attribute a default
  category value based on the atttribute type, at
  the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d 7945d060ff
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00
chrisr3d 2fc0b44b90
fix: Making pep8 happy with whitespace after ':' 2019-12-18 16:16:47 +01:00
chrisr3d 3007761a55
fix: Making pep8 happy by having spaces around '+' operators 2019-12-17 16:31:53 +01:00
chrisr3d 5f90ae776f
fix: Making pep8 happy 2019-12-17 14:29:29 +01:00
chrisr3d b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects 2019-12-17 11:18:21 +01:00
chrisr3d 9c9f01b6ff
fix: Quick variable name fix 2019-12-17 11:17:56 +01:00
chrisr3d 6849daebfa
chg: Made circl_passivessl module able to return MISP objects 2019-12-17 10:26:43 +01:00
Raphaël Vinot b70c32af7b fix: Somewhat broken emails needed some love 2019-12-05 19:11:07 +01:00
Raphaël Vinot 6f95445143 chg: Update email import module, support objects 2019-12-04 15:25:01 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
Raphaël Vinot 5d7a829583 chg: Use MISPObject in ransomcoindb 2019-11-26 13:27:02 +01:00
aaronkaplan 06025e63d0
oops , use relative import 2019-11-26 01:52:31 +01:00
aaronkaplan d73a9b601a
use a helpful user-agent string 2019-11-26 01:08:28 +01:00
aaronkaplan 777483838b
Revert "fix url"
This reverts commit 44130e2bf9.
2019-11-25 22:24:57 +01:00
aaronkaplan 44130e2bf9
fix url 2019-11-25 20:51:20 +01:00
aaronkaplan 24ec4a0e23
remove pprint 2019-11-25 18:56:12 +01:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d ccf12a225c
fix: Making pep8 happy 2019-11-21 17:50:49 -05:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 91d6f1baa0
fix: Fixed csv file parsing 2019-11-07 11:50:16 +01:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00
chrisr3d 4411166b43
fix: Fixed config parsing and the associated error message 2019-10-31 11:52:34 +01:00
chrisr3d 4f70011edf
fix: Fixed config parsing + results parsing
- Avoiding errors with config field when it is
  empty or the apikey is not set
- Parsing all the results instead of only the
  first one
2019-10-31 11:48:59 +01:00
Alexandre Dulaunoy c3c6f1a6ea
Merge pull request #346 from blaverick62/master
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick 717be2b859 Removed extraneous comments and unused imports 2019-10-30 15:44:47 +00:00
chrisr3d b63a0d1eb8
fix: Making urlscan module available in MISP for ip attributes
- As expected in the the handler function
2019-10-30 16:39:07 +01:00
chrisr3d d4eb88c66a
fix: Avoiding various modules to fail with uncritical issues
- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
2019-10-30 16:34:15 +01:00
chrisr3d 393b33d02d
fix: Fixed config field parsing for various modules
- Same as previous commit
2019-10-30 16:31:57 +01:00
Braden Laverick dc4c09f751 Fixed python links 2019-10-30 13:47:43 +00:00
Braden Laverick 62d25b1f76 Changed file name to mass eql export 2019-10-30 13:46:52 +00:00
Braden Laverick 08fc938acd Fixed comments 2019-10-30 13:41:40 +00:00
chrisr3d d0ddfb3355
fix: [expansion] Better config field handling for various modules
- Testing if config is present before trying to
  look whithin the config field
- The config field should be there when the module
  is called form MISP, but it is not always the
  case when the module is queried from somewhere else
2019-10-30 09:09:55 +01:00
Braden Laverick 2a4c7ff150 Added ors for compound queries 2019-10-29 20:22:41 +00:00
Braden Laverick c1ca936910 Fixed syntax error 2019-10-29 20:14:07 +00:00
Braden Laverick c06ceedfb8 Changed to single attribute EQL 2019-10-29 20:11:35 +00:00
Braden Laverick a426ad249d Added EQL enrichment module 2019-10-29 19:42:47 +00:00
Braden Laverick 5802575e44 Fixed string formatting 2019-10-29 16:29:36 +00:00
Braden Laverick 3142b0ab02 Fixed type error in JSON parsing 2019-10-29 16:08:58 +00:00
Braden Laverick c3ccc9c577 Attempting to import endgame module 2019-10-29 15:52:49 +00:00
Braden Laverick 8ac4b610b8 Added endgame export to __all__ 2019-10-29 15:11:31 +00:00
Braden Laverick 3e44181aed Added EQL export test module 2019-10-29 15:02:08 +00:00
chrisr3d dc7463a67e
fix: Avoid issues when some config fields are not set 2019-10-29 11:04:29 +01:00
Alexandre Dulaunoy dec2494a0a
chg: [apiosintds] make flake8 happy 2019-10-29 09:33:39 +01:00
Alexandre Dulaunoy fdbb0717e0
Merge pull request #344 from davidonzo/master
Added apiosintDS module to query OSINT.digitalside.it services
2019-10-29 08:56:29 +01:00
chrisr3d 204e5a7de9
Merge branch 'master' of github.com:MISP/misp-modules 2019-10-28 16:45:50 +01:00
chrisr3d 7a56174c40
fix: Fixed Geoip with the supported python library + fixed Geolite db path management 2019-10-28 16:39:08 +01:00
milkmix bdc5282e09 updated to geoip2 to support mmdb format 2019-10-25 18:09:44 +02:00
Davide 56e16dbaf5 Added apiosintDS module to query OSINT.digitalside.it services 2019-10-24 12:49:29 +02:00
chrisr3d e1602fdca9
fix: Updates following the latest CVE-search version
- Support of the new vulnerable configuration
  field for CPE version > 2.2
- Support of different 'unknown CWE' message
2019-10-23 11:55:36 +02:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d d740abe74b
fix: Making pep8 happy 2019-10-17 10:45:51 +02:00
chrisr3d a228e2505d
fix: Avoiding empty values + Fixed empty types error + Fixed filename KeyError 2019-10-17 10:42:34 +02:00
chrisr3d 5f7b127713
chg: Avoids returning empty values + easier results parsing 2019-10-15 23:30:39 +02:00
chrisr3d 8aca19ba68
chg: Taking into consideration if a user agent is specified in the module configuration 2019-10-15 11:25:30 +02:00
chrisr3d 6d19549184
fix: Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true 2019-10-13 20:23:02 +02:00
chrisr3d b560347d5d
fix: Considering the case of empty results 2019-10-08 15:49:09 +02:00
chrisr3d 8bcb630340
fix: Catching results exceptions properly 2019-10-08 15:48:26 +02:00
chrisr3d 2850d6f690
fix: Catching exceptions and results properly depending on the cases 2019-10-08 15:45:06 +02:00
chrisr3d 5d4a0bff98
fix: Handling cases where there is no result from the query 2019-10-08 13:28:23 +02:00
chrisr3d 662e58da88
fix: Fixed pattern parsing + made the module hover only 2019-10-07 16:46:32 +02:00
chrisr3d b9b78d1606
fix: Travis tests should be happy now 2019-10-04 17:22:32 +02:00
chrisr3d 6801289175
fix: Returning results in text format
- Makes the hover functionality display the full
  result instead of skipping the records list
2019-10-04 15:54:25 +02:00
chrisr3d fe1987101d
fix: Making pep8 happy 2019-10-03 17:10:47 +02:00
chrisr3d c5c5c16ff1
fix: Avoiding errors with uncommon lines
- Excluding first from data parsed all lines that
  are comments or empty
- Skipping lines with failing indexes
2019-10-03 16:03:30 +02:00
chrisr3d 3d7de2dc22
fix: Fixed unassigned variable name 2019-10-03 16:02:25 +02:00
chrisr3d ffe43acd89
fix: Removed no longer used variables 2019-09-20 09:22:20 +02:00
chrisr3d cfc6438c47
fix: csv import rework & improvement
- More efficient parsing
- Support of multiple csv formats
- Possibility to customise headers
- More improvement to come for external csv file
2019-09-19 23:19:57 +02:00
chrisr3d 09590ca451
fix: Making pep8 happy 2019-09-17 14:13:05 +02:00
Christian Studer 205342996a
Merge pull request #335 from FafnerKeyZee/patch-2
Travis should not be complaining with the tests after the latest update on "test_cve"
2019-09-17 14:11:03 +02:00
Fafner [_KeyZee_] dc84c9f972
adding custom API
Adding the possibility to have our own API server.
2019-09-17 11:07:23 +02:00
Fafner [_KeyZee_] 5c09b66706
Cleaning the error message
The original message can be confusing is the user change to is own API.
2019-09-17 10:42:29 +02:00
chrisr3d 5ebd0bd4fc Merge branch 'master' of github.com:MISP/misp-modules 2019-09-16 14:31:01 +02:00
chrisr3d 8d33d6c18c
add: New parameter to specify a custom CVE API to query
- Any API specified here must return the same
  format as the CIRCL CVE search one in order to
  be supported by the parsing functions, and
  ideally provide response to the same kind of
  requests (so the CWE search works as well)
2019-09-16 14:19:20 +02:00
Pierre-Jean Grenier b2ab727f9b fix: prevent symlink attacks 2019-08-22 11:23:37 +02:00
Pierre-Jean Grenier 413cc2469f chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API 2019-08-21 16:35:11 +02:00
Alexandre Dulaunoy c019e4d997
Merge pull request #322 from zaphodef/cuckooimport
Rewrite cuckooimport
2019-08-13 14:32:48 +02:00
Pierre-Jean Grenier 6ba6f8bb1f new: Rewrite cuckooimport 2019-08-09 15:44:47 +02:00
chrisr3d 415fa55fff
fix: Avoiding issues when no CWE id is provided 2019-08-06 15:55:50 +02:00
chrisr3d 0b603fc5d3
fix: Fixed unnecessary dictionary field call
- No longer necessary to go under 'Event' field
  since PyMISP does not contain it since the
  latest update
2019-08-05 11:33:04 +02:00
chrisr3d 4df528c331
add: Added initial event to reference it from the vulnerability object created out of it 2019-08-02 15:35:33 +02:00
chrisr3d 034222d7b3
fix: Using the attack-pattern object template (copy-paste typo) 2019-08-02 10:10:44 +02:00
chrisr3d 7eb4f034c0
fix: Making pep8 happy 2019-08-01 17:17:16 +02:00
chrisr3d 5c15c0ff93
add: Making vulnerability object reference to its related capec & cwe objects 2019-08-01 15:37:10 +02:00
chrisr3d c4302aa35e
add: Parsing CAPEC information related to the CVE 2019-08-01 15:21:18 +02:00
chrisr3d 7445d7336e
add: Parsing CWE related to the CVE 2019-08-01 14:55:53 +02:00
chrisr3d 7b1c35d583
fix: Fixed cvss-score object relation name 2019-07-30 09:55:36 +02:00