Commit Graph

2135 Commits (e8cb47a8c79cd5bdab7c8c416a24080a18a0dd71)

Author SHA1 Message Date
Alexandre Dulaunoy a9900a6fe9
Merge pull request #443 from trustar/main
fixed typo causing firstSeen and lastSeen to not be pulled from enric…
2020-11-11 08:55:19 +01:00
Jesse Hedden 0650126d6a fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data 2020-11-10 17:20:03 -08:00
chrisr3d b98562a75e
chg: [cpe] Support of the new CVE-Search API 2020-11-10 17:53:47 +01:00
Alexandre Dulaunoy ab23547844
Merge pull request #440 from MISP/chrisr3d_patch
Farsight passivedns module update
2020-11-10 08:33:34 +01:00
chrisr3d d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests 2020-11-05 17:51:41 +01:00
chrisr3d 87db6f04aa
fix: [tests] Small fixes on the expansion tests 2020-11-05 15:56:01 +01:00
chrisr3d a357243d31 chg: [doc] Updated the farsight_passivedns module documentation 2020-11-05 15:55:46 +01:00
chrisr3d c0440a0d33 chg: [farsight_passivedns] More context added to the results
- References between the passive-dns objects and
  the initial attribute
- Comment on object attributes mentioning whether
  the results come from an rrset or an rdata
  lookup
2020-11-05 15:55:30 +01:00
chrisr3d 7c5465e02b fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version 2020-11-05 15:55:15 +01:00
chrisr3d d9e576e605 chg: [farsight_passivedns] Rework of the module to return MISP objects
- All the results are parsed as passive-dns MISP
  objects
- More love to give to the parsing to add
  references between the passive-dns objects and
  the input attribute, depending on the type of
  the query (rrset or rdata), or the rrtype
  (to be determined)
2020-11-05 15:55:00 +01:00
Alexandre Dulaunoy 900fe56fbb
Merge pull request #437 from chrisr3d/main
New expansion module to get the vulnerabilities related to a CPE
2020-11-02 20:35:38 +01:00
chrisr3d 260bddb3cf
chg: [cpe] Changed CVE-Search API default url 2020-11-02 19:03:26 +01:00
chrisr3d 54f7e604c8 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-11-02 19:03:16 +01:00
chrisr3d 08d648e2f4
fix: [documentation] Updated links to the scripts, with the default branch no longer being master, but main 2020-10-29 18:29:04 +01:00
chrisr3d bb8c616b6d
fix: Typo 2020-10-29 18:25:57 +01:00
chrisr3d e4d2f90767
fix: Updated Pipfile 2020-10-29 18:22:07 +01:00
chrisr3d 04abdb3f59 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-10-29 18:04:02 +01:00
chrisr3d 06d93101b1
add: Documentation for the html_to_markdown expansion module 2020-10-29 18:03:25 +01:00
Christian Studer 2779ed7331
Merge pull request #436 from MISP/new-html-to-markdown
new: [expansion] Added html_to_markdown module
2020-10-27 14:43:31 +01:00
chrisr3d 6660e2fc11
add: Added documentation for the cpe module 2020-10-24 23:52:06 +02:00
chrisr3d 88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00
mokaddem 2be1d7a0cd new: [expansion] Added html_to_markdown module
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d 410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities 2020-10-23 21:19:26 +02:00
chrisr3d c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types 2020-10-22 23:25:20 +02:00
chrisr3d 2a2a908f09 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-10-22 22:59:21 +02:00
Jakub Onderka d0115e8b36 fix: [main] Disable duplicate JSON decoding 2020-10-22 18:03:29 +02:00
Alexandre Dulaunoy 4b1b1820d2
Merge pull request #432 from JakubOnderka/clamav
chg: [clamav] Add reference to original attribute
2020-10-20 20:18:33 +02:00
Jakub Onderka 7ad5eb0bfa chg: [clamav] Add reference to original attribute 2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy 0872bb820c
chg: [clamav] TCP port connection must be an integer 2020-10-20 10:17:52 +02:00
Alexandre Dulaunoy 8b8ac581e5
Merge pull request #431 from JakubOnderka/clamav
new: [clamav] Module for malware scan by ClamAV
2020-10-20 09:58:55 +02:00
Jakub Onderka f2de7ab87f new: [clamav] Module for malware scan by ClamAV 2020-10-17 23:25:47 +02:00
Raphaël Vinot 095fbfd75f chg: Bump deps 2020-10-09 14:41:38 +02:00
Raphaël Vinot 608bad1542 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-10-09 14:24:30 +02:00
Raphaël Vinot a907613ce2 chg: Bump deps 2020-10-09 14:24:19 +02:00
chrisr3d 48635d8f1b
add: Added documentation for the socialscan new module
- Also quick fix of the message for an invalid
  result or response concerning the queried email
  address or username
2020-10-02 17:01:02 +02:00
chrisr3d 95f5df7a91 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-10-02 16:46:27 +02:00
chrisr3d 0072e04627
chg: Updated expansion modules documentation
- Added documentation for the missing modules
- Renamed some of the documentation files to match
  with the module names and avoid issues within
  the documentation file (README.md) with the link
  of the miss-spelled module names
2020-10-02 16:41:47 +02:00
chrisr3d d950b4d7ec
fix: Removed debugging print command 2020-10-02 01:50:49 +02:00
chrisr3d 39904b7f6c
chg: Added socialscan library in Pipfile and updated the lock file 2020-10-01 23:27:43 +02:00
chrisr3d 9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms 2020-10-01 23:25:39 +02:00
chrisr3d 14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
- Adding objects as dictionaries in an event may
  cause issues in some cases. It is better to pass
  the MISP object as is, as it is already a valid
  object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer 38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot 2dde6e8757
fix: Typo in EMailObject
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d 9f315f1728
chg: Updated the bgpranking expansion module test 2020-09-08 16:24:41 +02:00
chrisr3d 589a0a0321
chg: Updated documentation for the recently updated bgpranking module 2020-09-08 16:15:23 +02:00
chrisr3d 3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
- The module no longer returns freetext, since the
  result returned to the freetext import as text
  only allowed MISP to parse the same AS number as
  the input attribute.
- The new result returned with the updated module
  is an asn object describing more precisely the
  AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d ae1016946b
fix: Making pep8 happy 2020-08-28 17:30:23 +02:00
chrisr3d 1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
- As expected with the misp_standard modules, the
  input is a full attribute and the module is able
  to return attributes and objects
- There was a lot of data that was parsed as regkey
  attributes by the freetext import, the module now
  parses properly the different field of the result
  of the query returned by Shodan
2020-08-28 16:55:50 +02:00
Alexandre Dulaunoy dedce3da28
Merge pull request #426 from hildenjohannes/main
Recorded Future module: Add proxy support and User-Agent header
2020-08-28 11:06:12 +02:00