Commit Graph

267 Commits (e9c18b3d5fe01dcad008d04831f50e7d860c7efa)

Author SHA1 Message Date
Alexandre Dulaunoy 2d9b0cd172
Merge branch 'master' of github.com:MISP/misp-modules 2018-05-29 21:59:25 +02:00
Alexandre Dulaunoy 9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset. 2018-05-29 21:54:22 +02:00
chrisr3d 2b509a2fd3
Updated delimiter finder function 2018-05-18 11:38:13 +02:00
chrisr3d 1fb72f3c7a
add: Added user config to specify if there is a header in the csv to import 2018-05-18 11:33:53 +02:00
chrisr3d dba8bd8c5b
fix: Avoid trying to build attributes with not intended fields
- Previously: if the header field is not an attribute type, then
              it was added as an attribute field.
              PyMISP then used to skip it if needed

- Now: Those fields are discarded before they are put in an attribute
2018-05-17 16:24:11 +02:00
chrisr3d c088b13f03
fix: Using userConfig to define the header instead of moduleconfig 2018-05-17 13:47:49 +02:00
Christophe Vandeplas 0593dbb408 ta import - more filter for pollution 2018-05-16 11:50:47 +02:00
Christophe Vandeplas 67cecc89d0 threatanalyzer_import - minor generic noise removal 2018-05-15 13:02:17 +02:00
Christophe Vandeplas 27a22e5d86 threatanalyzer_import - loads sample info + pollution fix 2018-05-03 09:42:38 +02:00
Christophe Vandeplas 370011c081 threatanalyzer_import - fix regkey issue 2018-05-02 12:43:34 +02:00
Nick Driver 252d190714
fix missing comma
fix ip-dst and vulnerability input
2018-03-30 14:27:37 -04:00
Koen Van Impe 6d23d4f4c7 Fix VMRay API access error
hotfix for the "Unable to access VMRay API" error
2018-03-30 15:11:25 +02:00
Fred Morris d0f618b648 Add exception blocks for query errors. 2018-03-08 15:26:39 -08:00
x41\x43 0436118747
Improving regex (validating e-mail)
Line 48:
The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom) and needed to be with start (^) and end ($).
This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete. 

Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14.
2018-03-06 18:12:36 +01:00
chrisr3d d885286792
Clarified functions arguments using a class 2018-03-05 19:59:30 +01:00
chrisr3d 4d7642ac91
add: Added Object References in the objects imported 2018-03-05 14:58:31 +01:00
chrisr3d 82fe8ba78c
fix: Fixed input & output of the module 2018-03-02 11:03:21 +01:00
chrisr3d 70436b7ddb Merge branch 'csvimport' of github.com:chrisr3d/misp-modules into goaml 2018-03-02 09:40:46 +01:00
chrisr3d c9ef578262
Removed print 2018-03-02 09:09:12 +01:00
chrisr3d 8d345d8cf5 Merge branch 'master' of github.com:MISP/misp-modules into csvimport 2018-03-02 09:05:46 +01:00
chrisr3d e6c55f5dde
fix: Fixed input & output of the module
Also updated some functions
2018-03-02 09:03:51 +01:00
chrisr3d 03d20856d9
add: added goamlimport 2018-02-28 22:46:39 +01:00
chrisr3d 323f71cdd3
Fixed some details about the module output 2018-02-28 17:41:45 +01:00
chrisr3d 8f5c08e2c6
Converting GoAML into MISPEvent 2018-02-28 15:07:55 +01:00
chrisr3d cad62464c5
Now parsing all the transaction attributes 2018-02-27 11:08:37 +01:00
chrisr3d a02dbd6a8d
fix: Fixed typo of the aml type for country codes 2018-02-26 18:52:28 +01:00
chrisr3d 478cd53912
add: Added dictionary to map aml types into MISP types 2018-02-26 18:13:43 +01:00
chrisr3d 5df2d309a0
typo 2018-02-26 15:58:53 +01:00
chrisr3d 81a6be17d3
chg: Structurded data 2018-02-26 11:47:35 +01:00
chrisr3d 359ac9100e
fix: typo in references mapping dictionary 2018-02-23 15:58:04 +01:00
Christian Studer 983b7da7b7
fix: Added an object checking
- Checking if there are objects in the event, and then if there is at least 1 transaction object
- This prevents the module from crashing, but does not guaranty having a valid GoAML file (depending on objects and their relations)
2018-02-22 16:55:52 +01:00
chrisr3d b2b0fccd47
fix: Added an object checking
- Checking if there are objects in the event, and then
  if there is at least 1 transaction object
- This prevents the module from crashing, but does not
  guaranty having a valid GoAML file (depending on
  objects and their relations)
2018-02-22 16:37:27 +01:00
chrisr3d 53b4a43448 Merge branch 'master' of github.com:chrisr3d/misp-modules into aml_import 2018-02-22 14:29:36 +01:00
chrisr3d c942013812
chg: Modified the mapping dictionary to support misp-objects updates 2018-02-22 01:23:08 +01:00
chrisr3d 5995458aab
fix: Added the moduleinfo field need to have MISP event in standard format 2018-02-21 17:14:26 +01:00
Alexandre Dulaunoy c3ac53a069
fix: goamlexport added 2018-02-20 17:18:36 +01:00
chrisr3d f361fb4ee3
Reading the entire document, to create a big dictionary containing the data, as a beginning 2018-02-20 17:00:13 +01:00
chrisr3d 02b8938b2a
typo 2018-02-20 16:57:27 +01:00
chrisr3d 11dddb974b Merge branch 'master' of github.com:MISP/misp-modules 2018-02-20 15:18:45 +01:00
chrisr3d eb9e06f1cc
explicit name
Avoiding confusion with the coming import module for goaml
2018-02-20 15:18:12 +01:00
Andras Iklody 978903f911
Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162 2018-02-20 14:08:14 +01:00
chrisr3d 92ab1d5c23
Added "t_to" and "t_from" required fields: funds code & country 2018-02-14 21:30:48 +01:00
chrisr3d be1b541966
Added a required field & the latest attributes in transaction 2018-02-14 12:18:12 +01:00
chrisr3d 43e9010858
Added report expected information fields 2018-02-13 16:39:19 +01:00
chrisr3d d4538382d0
Simplified ObjectReference dictionary reading 2018-02-13 13:41:22 +01:00
chrisr3d b7098d1cff Merge branch 'master' of github.com:MISP/misp-modules 2018-02-13 11:58:56 +01:00
chrisr3d a97eeb44fe
Added some report information
Also changed the ObjectReference parser to replace
all the if conditions by a dictionary reading
2018-02-13 11:51:34 +01:00
Dennis Rand 43db92dbe6 Added Yara syntax validation expansion module 2018-02-12 19:11:54 +00:00
chrisr3d 8569c3d702
Suporting the recent objects added to misp-objects
- Matching the aml documents structure
- Some parts of the document still need to be added
2018-02-12 13:40:49 +01:00
chrisr3d 8983ebc4b2
wip: added location & signatory information 2018-02-05 15:51:03 +01:00
chrisr3d 54ebb8a96f Merge branch 'master' of github.com:MISP/misp-modules into test 2018-02-04 17:16:25 +01:00
Thomas Gardner 69d733bb35 added csvimport to __init__.py 2018-02-01 10:22:28 -07:00
chrisr3d 8dce7935ae
Outputting xml format
Also mapping MISP and GoAML types
2018-02-01 14:55:48 +01:00
chrisr3d 48869335ee
first tests for the GoAML export module 2018-01-31 18:09:45 +01:00
chrisr3d 71c00954d0
fix: Solved reading problems for some files 2018-01-30 11:20:28 +01:00
chrisr3d b2ec186ccb
Updated delimiter finder method 2018-01-29 17:04:32 +01:00
chrisr3d 529d22cca8
fix: skipping empty lines 2018-01-29 09:19:58 +01:00
chrisr3d 56cbd72b65
Fixed data treatment & other updates 2018-01-28 18:12:40 +01:00
chrisr3d 4d846f968f
Updated delimiter parsing & data reading functions 2018-01-26 17:11:01 +01:00
chrisr3d b9d72bb043
First version of csv import module
- If more than 1 misp type is recognized, for each one an
  attribute is created

- Needs to have header set by user as parameters of the module atm

- Review needed to see the feasibility with fields that can create
  confusion and be interpreted both as misp type or attribute field
  (for instance comment is a misp type and an attribute field)
2018-01-25 15:44:08 +01:00
Christophe Vandeplas 8a1a860cda added CrowdStrike Falcon Intel Indicators expansion module 2018-01-19 14:42:25 +01:00
chrisr3d d045cf7d5f
chg: Modified output format 2018-01-16 19:46:52 +01:00
chrisr3d dcab9aa150 Merge github.com:MISP/misp-modules 2018-01-16 17:15:36 +01:00
Alexandre Dulaunoy c3823b74cf
Merge pull request #149 from cvandeplas/master
Added ThreatAnalyzer sandbox import
2018-01-16 17:11:38 +01:00
chrisr3d 18523c4ada
Check an IPv4 address against known RBLs 2018-01-16 17:08:44 +01:00
Christophe Vandeplas 0be1886444
fix farsight_passivedns - rdata 404 not found 2018-01-16 15:13:17 +01:00
Christophe Vandeplas 46975f4f16 Added ThreatAnalyzer sandbox import
Experimental module - some parts should be migrated to
2018-01-16 11:05:26 +01:00
Alexandre Dulaunoy 5c4df3075e
Fix the __init__ import 2018-01-08 20:31:26 +01:00
Robert Nixon 85f1a9bd91
Update threatStream_misp_export.py 2018-01-08 12:09:23 -05:00
Robert Nixon 1d2f3d9c3c
Updated __init__.py
Added reference to new ThreatStream export module
2018-01-08 11:03:42 -05:00
Robert Nixon 49d5520fa3
Added threatStream_misp_export.py 2018-01-08 11:01:16 -05:00
Christophe Vandeplas 4cdb143733 fixes missing init file in dnsdb library folder 2017-12-06 09:23:44 +01:00
Christophe Vandeplas 0ec8339d7a New Farsight DNSDB Passive DNS expansion module 2017-12-05 16:41:41 +01:00
Raphaël Vinot 02253e5a87 Merge branch 'master' of github.com:MISP/misp-modules 2017-11-20 14:57:18 +01:00
Jericho 32958324ca
minor touch-ups on error messages for user friendliness 2017-11-16 23:04:41 -07:00
Koen Van Impe 74e660d61b VulnDB Queries
Search on CVE at https://vulndb.cyberriskanalytics.com/
    https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
2017-11-06 14:23:03 +01:00
Raphaël Vinot 37d9b3831c Add quick and dirty pdf export 2017-10-26 16:54:20 -04:00
Raphaël Vinot c09135d251 Merge pull request #139 from Rafiot/master
fix: OpenIOC importer
2017-10-25 11:41:46 -04:00
Raphaël Vinot 951a0f974b fix: OpenIOC importer 2017-10-25 11:27:59 -04:00
Alexandre Dulaunoy 03baa0b84d
fix: #137 when a CVE is not found, a return message is given 2017-10-21 19:52:19 +02:00
Thomas Gardner 72c52da7ed added threat_connect_export to export_mod.__init__ 2017-08-06 08:15:17 -06:00
Thomas Gardner 529719d9d8 added threat_connect_export.py 2017-08-03 16:21:26 -06:00
Raphaël Vinot 4c2cda9903 Merge pull request #129 from seamustuohy/utf_hate
Added support for malformed internationalized email headers
2017-07-18 10:06:08 +02:00
Chris Doman c4fe78b39d Add AlienVault OTX and ThreatCrowd Expansions 2017-07-11 18:16:45 +01:00
seamus tuohy 40c71af637 Added support for malformed internationalized email headers
When an emails contains headers that use Unicode without properly crafing
them to comform to RFC-6323 the email import module would crash.
(See issue #119 & issue #93)

To address this I have added additional layers of encoding/decoding to
any possibly internationalized email headers. This decodes properly
formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately.
When an unknown encoding is encountered it is returned as an 'encoded-word'
per RFC2047.

This commit also adds unit-tests that tests properly formed and malformed
UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8,
UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers
and attachment file names.
2017-07-02 18:03:14 -04:00
Raphaël Vinot c42c8a800e Update travis, fix open ioc import 2017-05-24 07:39:18 +02:00
Tristan METAYER 75c02058e6 replace tab by space 2017-05-11 09:56:43 +02:00
Tristan METAYER ba1d715ad1 Add a field for user to add tag for this import 2017-05-11 09:54:25 +02:00
Tristan METAYER 96f9cb4699 typo correction 2017-05-02 15:07:33 +02:00
Tristan METAYER 4ef7261168 Add user config to not add file as attachement in a box 2017-05-02 15:04:40 +02:00
Tristan METAYER 79f48eccfe If filename add iocfilename as attachment 2017-05-02 14:41:22 +02:00
Alexandre Dulaunoy 3cb12d6962 Merge pull request #118 from truckydev/master
Add indent field for export
2017-04-23 12:21:16 +02:00
Tristan METAYER 24c51a6e21 Add indent field for export 2017-04-21 15:53:48 +02:00
Hannah Ward 648c6414c3
fix: Use the proper formatting method and not the horrible % one 2017-03-08 16:35:03 +00:00
kx499 aa3a11cd5f bug fixes 2017-03-08 04:08:23 +01:00
kx499 31a8fb0fe4 threatminer initial commit 2017-03-06 21:36:00 -05:00
Raphaël Vinot 44867b2adc Cosmetic changes 2017-03-05 18:59:36 +01:00
Raphaël Vinot ad49fd3819 Merge pull request #111 from kx499/master
Handful of changes to VirusTotal module
2017-03-05 18:31:50 +01:00
kx499 3ecd095d1e bug fixes, tweaks, and python3 learning curve :) 2017-03-04 03:10:45 +01:00
kx499 01fdf3e52b Initial commit of IPRep module 2017-03-03 15:55:52 -05:00