MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
2,534 Commits
7 Branches
55 Tags
20 MiB
Commit Graph

1317 Commits (c7c3f7f628ef3ecfd5d233cee4eac63be2449d6d)

Author SHA1 Message Date
Stefano Ortolani 308c5fb3ce Improve compatibility and upgrade python to 3.12 
Changes:
* Remove vysion (not compatible with python 3.12 and no public repository)
* Remove stiximport (requires archaic version of pymisp)
* Update Python to 3.12
* Pin Numpy to 1.X
* Add missing dependencies
* Commit lock file
* Update requirements file
 2024-07-12 17:09:19 +01:00
Alexandre Dulaunoy d49d8ececf
Merge pull request #669 from VirusTotal/update_doc_references 
chore: Update virustotal documentation references
 2024-07-11 08:19:13 +01:00
silviacuenca 64b7ef1340 Update doc references 2024-07-10 17:04:48 +02:00
Christian Studer 2423bc7ade
fix: [vulnerability_lookup] Avoiding issues with `Iterator` in python3.8 2024-07-08 11:52:26 +02:00
Christian Studer 7d7dc1e633
fix: [vulnerability_lookup] Avoiding KeyError exceptions on some fields 2024-07-02 11:09:26 +02:00
Christian Studer 42fb1bcf14
new: [vulnerability_lookup] New module to query Vulnerability Lookup 
- Reusing the `variotdbs` code to parse the
  vulnerability description from VariotDB
 2024-07-01 23:25:37 +02:00
Alexandre Dulaunoy cd435c0565
fix: [ipasn] add support for `ip` type 2024-06-06 09:54:20 +02:00
Daniel Pascual a9dda347bb Add web doc and fix logo for the Google Threat Intelligence module 2024-05-14 12:47:20 +02:00
Daniel Pascual 636dc3cdfa merge 2024-05-13 20:28:41 +02:00
Daniel Pascual 3af14a7f6e Logo and desc 2024-05-13 20:00:14 +02:00
Daniel Pascual da072cc38a Remove debug traces 2024-05-13 19:50:46 +02:00
Daniel Pascual bb42e5d9c1 Google Threat Intelligence MISP module 2024-05-13 10:59:21 +02:00
Alexandre Dulaunoy b5579e5e42
chg: [virustotal] support ip-src/ip-dst|port attribute type 
Fix #632
 2024-05-09 17:43:24 +02:00
Alexandre Dulaunoy 8b25af853f
fix: [virustotal] fix the typo for the VT link 
Fix #644
Fix #595
 2024-05-09 17:32:29 +02:00
Alexandre Dulaunoy e4d93173a7
fix: [core] the default buffer size in Tornado HTTP server is not enough 
for large MISP event.

Fix #662
 2024-05-09 17:15:27 +02:00
Alexandre Dulaunoy 55d7fc95dc
fix: [dns] add the exception in the error message 
As there are still distribution installing old version of dnspython,
it's easier to debug if we receive the exception directly in misp-module.
 2024-05-09 17:03:18 +02:00
goodlandsecurity 80a5bd1e77
add slack action module 2024-05-09 08:57:25 -05:00
goodlandsecurity f5ff7d37d8
add stairwell expansion module and update misp-objects to a193e03 2024-05-08 10:47:35 -05:00
Sami Mokaddem 28a9381216
chg: [action:mattermost] Added support of jinja_supported config 2024-02-19 15:45:19 +01:00
Jakub Onderka 8663db0152 chg: [server] Cache module list JSON 2024-01-09 12:43:42 +01:00
Jakub Onderka 5b57b8b296 fix: [server] Serializing PyMISP objects 2024-01-09 12:19:48 +01:00
Jakub Onderka 9446fd2ac6 chg: [server] Fail if server could not be started 2024-01-09 12:19:23 +01:00
Jakub Onderka 80eae92093 new: [log] Enable access log 2024-01-08 22:07:51 +01:00
Jakub Onderka 938e30007b chg: [internal] Resolve deprecation warning in btc_spam_check 2024-01-08 21:36:34 +01:00
Jakub Onderka 19d5f367a3 chg: [internal] Resolve deprecation warning in dbl_spamhaus 2024-01-08 21:36:14 +01:00
Jakub Onderka 13e48821c6 chg: [internal] Resolve deprecation warning in dns 2024-01-08 21:35:55 +01:00
Jakub Onderka bfe7fddf72 chg: [internal] Resolve deprecation warning in reversedns 2024-01-08 21:35:37 +01:00
Jakub Onderka fa744c72e5 chg: [internal] Resolve deprecation warning in qrcode 2024-01-08 21:35:18 +01:00
Jakub Onderka 658ae11941 chg: [internal] Optimise email_import 2024-01-06 23:30:21 +01:00
Jakub Onderka 4596d76887 chg: [internal] Optimise csvimport 2024-01-06 22:27:36 +01:00
Jakub Onderka 193d7fd0bc new: [internal] Avoid double JSON decoding 2024-01-06 19:13:36 +01:00
Jakub Onderka 92d7076243 fix: [internal] Code style 2024-01-06 14:20:10 +01:00
Jakub Onderka 479ac05bdf fix: [log] Disable duplicate logging to stderr and stdout, keep stderr only 2024-01-06 14:12:48 +01:00
Jakub Onderka 1764b24647 fix: [apiosintds] Try to fix tests 2024-01-06 13:40:39 +01:00
Jakub Onderka c65c65621f new: [internal] Add /healthcheck endpoint 2024-01-06 13:37:23 +01:00
Jakub Onderka 57e04d6b6c chg: [internal] Optimise clamav to avoid JSON decoding/encoding 2024-01-06 13:37:23 +01:00
Jakub Onderka cbaa2f85a2 chg: [internal] Add support for orjson 2024-01-06 13:37:23 +01:00
Jakub Onderka ea2697c5ce chg: [internal] Code style 2024-01-06 11:59:22 +01:00
Alexandre Dulaunoy 89d1691592
chg: [misp-objects] updated 2023-12-22 13:48:55 +01:00
Germán Esteban López 0a654f6394 Fix vysion.py return error 2023-12-20 16:11:56 +01:00
Germán Esteban López 21c6bcbb2c Added vysion.py 2023-12-15 10:45:16 +01:00
Germán Esteban López cd0f1654c5 Added vysion expansion and documentation 2023-12-13 12:06:40 +01:00
ip2location 59116b4769 Removed ip2locationio from joe_parser lib. 2023-12-11 10:14:33 +08:00
ip2location f0b610907d Update ip2locationiopy and add documentations 2023-12-08 10:01:14 +08:00
ip2location 58265dc925 Add IP2Location.io module 2023-12-07 10:40:04 +08:00
Milo Volpicelli 52f53f81d0 cluster25_expand: handles related items and more 2023-11-07 15:23:33 +00:00
Milo Volpicelli a4bcc15db0 enriches with c25 MISP objects 2023-10-26 15:47:22 +00:00
Milo Volpicelli ce7d1175e7 remove addition of cluster25 import module 2023-10-26 15:33:16 +00:00
Milo Volpicelli 0b167df5b0 actual expand implementation 2023-10-20 13:22:26 +00:00
Milo Volpicelli a4893d997d adds cluster25 import module 2023-10-20 12:36:22 +00:00
Milo Volpicelli 4c7637237f renamed cluster25.py to cluster25_expand.py, module implementation 2023-10-20 08:37:21 +00:00
Milo Volpicelli f77baec63b adds cluster25.py expansion module and entry in expansion/__init__.py 2023-10-18 14:18:29 +00:00
Sid Odgers 0f5532b2a1 Rename `files_iterator` and related variables to avoid overwriting `file_object` in virustotal enrichments 2023-10-13 15:59:47 +11:00
Daniel Pascual e7e173eb86 Fix export url in VirusTotal Collection module 2023-09-12 14:49:30 +02:00
Alexandre Dulaunoy 4003691a2e
Merge pull request #630 from jthom-vmray/fix-optional-field-access 
fix optional field access
 2023-08-22 11:16:36 +02:00
Luciano Righetti 1bbe16eabc fix: remove unused import 2023-08-03 11:57:53 +02:00
Luciano Righetti 10c333cd1c
Merge pull request #628 from righel/add-sigmf-expand-module 
new: add sigmf module to expand a sigmf recording object template
 2023-08-03 09:37:50 +02:00
Luciano Righetti 23069a7c5d add: support extracting sigmf archives into sigmf recordings 2023-08-03 09:25:46 +02:00
Jens Thom 5f77a68ee3 fix optional field access 2023-07-19 12:54:27 +02:00
Sami Mokaddem 296c7fb16a
Merge branch 'main' of github.com:MISP/misp-modules into main 2023-07-13 10:15:14 -04:00
Sami Mokaddem fb86bb0510
chg: [expansion:extract_url_components] Better support in case attributes are not defined 2023-07-13 10:14:04 -04:00
Sami Mokaddem b01dc1d22b
chg: [action:mattermost] Improved support of hostname/url 2023-07-13 10:13:01 -04:00
Sami Mokaddem fa9854e6cd
Merge pull request #629 from TinyHouseHippos/abuseipdb_googlesafebrowsing 
Added the new attribute and tags for AbuseIPDB and added the google s…
 2023-07-13 10:08:00 -04:00
Steph S 43e1eb07d0 Added the new attribute and tags for AbuseIPDB and added the google safe browsing expansion module 2023-07-13 09:33:59 -04:00
Luciano Righetti df2183ce54 fix: properly read samples in different datatypes 2023-07-13 11:06:25 +02:00
Luciano Righetti e26bfef477 fix: remove debug 2023-07-12 15:51:50 +02:00
Luciano Righetti 3f0fa14545 new: add waterfall plot to the expanded object 2023-07-12 15:34:44 +02:00
Luciano Righetti 5e2957b13f new: add sigmf module to expand a sigmf recording object template 2023-07-11 16:42:33 +02:00
Alexandre Dulaunoy 93bae11e33
Merge pull request #627 from hyasinfosec/main 
Added User Agent
 2023-07-11 06:35:41 +02:00
Alexandre Dulaunoy 8401470359
Merge pull request #626 from GeekWeekSteph/abuseipdb2 
Fixed object reference issue for the AbuseIPDB expansion module
 2023-07-11 06:35:05 +02:00
Rambatla Venkat Rao 7d006566cf
Added User Agent 2023-07-11 08:26:16 +05:30
Steph S 513d292994 Fixed object reference issue for the AbuseIPDB expansion module 2023-07-10 17:14:15 -04:00
Alexandre Dulaunoy ea0c6f9ac2
Merge pull request #625 from GeekWeekSteph/abuseipdb 
Added AbuseIPDB expansion module
 2023-07-10 21:56:50 +02:00
Steph S 53b7a76824 Added AbuseIPDB expansion module 2023-07-10 15:08:47 -04:00
Davide 702158ab16 Bug fix 2023-07-09 13:37:19 +02:00
Davide 4e00e60951 Bug fix 2023-07-09 13:35:47 +02:00
Davide 80dba63a8b Module updated to apiosintDSv2.0 2023-07-09 12:42:59 +02:00
maikwuerth b074801b00
add ip-src and ip-dst to types_to_use 2023-07-07 10:40:54 +02:00
maikwuerth a6db0b163f
add period to query and changed query for url and domain hunts 2023-07-06 16:18:46 +02:00
Koen Van Impe 436ed0cea9 Small bug fix for vulners - vulners_ai_score 2023-07-04 16:17:05 +02:00
Usama015 15728bb801 updated Description and removed redundant comments 2023-06-14 12:23:04 +05:00
Usama015 2d3631cd41 updated 2023-06-13 18:58:04 +05:00
Usama015 ea2ccc1004 updated 2023-06-13 18:57:33 +05:00
Usama015 ee5d503fc4 resolved Exception 2023-06-13 17:47:50 +05:00
Usama015 5b5eaddf5e added Reverse API 2023-06-13 16:38:56 +05:00
Usama015 bb60e4742e updated 2023-06-13 15:47:07 +05:00
Usama015 91fce45f82 updated 2023-06-13 12:45:10 +05:00
Usama015 a90a70613b updated whoisfreaks module 2023-06-13 12:36:24 +05:00
Usama015 c0df182aa0 added whoisfreaks module in MISP 2023-06-12 19:00:41 +05:00
Christian Studer 51339c2a82
fix: [crowdsec] Kepping the original attribute used to query the module unchanged 2023-05-26 15:14:44 +02:00
Christian Studer 52ce2cf043
chg: [crowdsec] Added new attributes as describbed in the `crowdsec-ip-context` object template, and tags describbed in the crowdsec taxonomy to the IP address 2023-05-26 14:26:26 +02:00
Christian Studer 64d3a3e5a4
fix: [crowdsec] Typo 2023-05-23 13:34:52 +02:00
Christian Studer 6eea5f61d4
fix: [crowdsec] Fixed the `reverse_dns` field parsing & added the `background-noise` attribute 2023-05-23 13:20:52 +02:00
Christian Studer ddd8b8513e
add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__` 2023-05-16 16:09:04 +02:00
Christian Studer 196939d205
chg: [crowdsec] Updated the module to support the recently added `crowdsec-ip-context` object template 2023-05-12 12:16:22 +02:00
Christian Studer 51cf8524ad
fix: [crowdsec] Fixed the module input handling 
- Made the module an expansion module as it is the
  standard type, and `hover` usually is the option
- Better input handling, checking now for the
  `attribute` field as the information of the full
  attribute is passed in misp standard format and
  not only its type and value
- As for now only `v2` is supported as API version
  we removed the parameter to avoid confusion. It
  can be added back later when multiple versions
  are supported
 2023-05-11 16:12:07 +02:00
Alexandre Dulaunoy 98b766cbdc
fix: [crowdsec] more need to be fully supporting MISP standard format 2023-05-11 15:25:34 +02:00
Alexandre Dulaunoy 337dcf7acb
fix: [crowdsec] version 2 2023-05-11 15:21:31 +02:00
Alexandre Dulaunoy fe778dd576
fix: [crowdsec] set default version and expansion added 2023-05-11 15:18:26 +02:00
Alexandre Dulaunoy 113a112001
fix: [dbl_spamhaus] if you want to run local test, the dns module 
expansion is taking over from the original dnspython3 library.

The trick is just to get rid of the syspath to exclude the local
directory until the proper library is loaded.
 2023-04-02 10:11:24 +02:00