Commit Graph

1152 Commits (ea071519b249d02916e4d3aaf01386bd505929aa)

Author SHA1 Message Date
chrisr3d 611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
- It looks like the `image_to_string` method now
  assumes RGB format and the `imdecode` method
  seems to give BGR format, so we convert the
  image array before
2021-04-15 16:12:00 +02:00
chrisr3d 729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy 577d0de500
chg: [farsight] make PEP happy 2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy 2bc5021ace
Merge pull request #435 from JakubOnderka/remove-duplicate-decoding
fix: [main] Remove duplicate JSON decoding
2021-04-08 20:41:46 +02:00
Alexandre Dulaunoy 0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other 2021-04-08 19:14:13 +02:00
chrisr3d a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
- The object_relation `time_first` is added as the
  `first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d 505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
- With last_seen set we can easily get results
  included in a certain time frame (between first
  seen and last seen), but we do not get the
  latest results. In order to get those ones, we
  skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d 5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
- We get the datetime format instead of the raw
  timestamp
2021-03-30 03:47:34 +02:00
chrisr3d 327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
- Getting generator as a list as it is already the
  case for all the other results, so it avoids
  issues to read the results by accidently looping
  through the generator before it is actually
  needed, which would lose the content of the
  generator
- Also removed print that was accidently introduced
  with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d 8935c4adc5 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-29 20:10:28 +02:00
chrisr3d 25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields 2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy 521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta 5e20ea0dc0 update community api to released ver 2021-03-26 11:19:40 -04:00
Brad Chiappetta 714eb425c6 fix ver info 2021-03-23 13:41:05 -04:00
Brad Chiappetta 2855f7ff5f updates for greynoise community api 2021-03-23 13:39:36 -04:00
Sebdraven b42da0435b Update yeti.py
add key results
2021-03-19 15:55:18 +01:00
Sebdraven 240d043f91 Update yeti.py
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven ef2bf29621 Update yeti.py
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven 76133ace8b Update yeti.py
change logs
2021-03-19 15:37:49 +01:00
Sebdraven 6b35a7ee4d Update yeti.py
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven ed3e0d56fd Update yeti.py
change logs
2021-03-19 15:29:21 +01:00
Sebdraven 1be2c27131 Update yeti.py
add logs
2021-03-19 15:26:45 +01:00
Sebdraven 83c4b2f4b0 Update yeti.py
add relation
2021-03-19 15:22:53 +01:00
Sebdraven cd97186776 Update yeti.py
remove add
2021-03-19 15:20:58 +01:00
Sebdraven 624f423264 Update yeti.py
add logs
2021-03-19 15:19:37 +01:00
Sebdraven 5176a36acf Update yeti.py
change relations
2021-03-19 15:16:00 +01:00
Sebdraven 86275d7610 Update yeti.py
change modification
2021-03-19 14:38:34 +01:00
Sebdraven 0a364cf815 Update yeti.py
update relation
2021-03-19 14:32:00 +01:00
Sebdraven 9eb41f4022 Update yeti.py
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven 0d035c0292 Update yeti.py
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven b9ce6d689c Update yeti.py
add ref
2021-03-19 13:56:02 +01:00
Sebdraven 28b554d975 Update yeti.py
add test
2021-03-19 12:24:15 +01:00
Sebdraven bc1bea0ec4 Update yeti.py
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven 7255a1eddc Update yeti.py
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven 65d8bb6b07 Update yeti.py
log json
2021-03-19 11:51:55 +01:00
Sebdraven 633f5efd56 Update yeti.py
log object
2021-03-19 11:48:55 +01:00
Sebdraven bd5c1b0b53 Update yeti.py
add logs
2021-03-19 11:40:23 +01:00
Sebdraven 1dfdb5a2a2 Update yeti.py
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven 347d12c78c Update yeti.py
add logs
2021-03-19 11:27:23 +01:00
Sebdraven d868373c5a Update yeti.py
add logs
2021-03-19 11:24:10 +01:00
Sebdraven bd4a4b87fc Update yeti.py
add logs
2021-03-19 11:18:01 +01:00
Sebdraven c9bc97c9f9 Update yeti.py
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven 0618e288d3 Update yeti.py
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven 48f56b0690 Update yeti.py
add object
2021-03-19 10:52:48 +01:00
chrisr3d 9f80d69e64 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 19:34:18 +01:00
chrisr3d 458e432bb7
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
chrisr3d aea7e247a5 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 18:45:41 +01:00
chrisr3d c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
- Since flex queries input may be email addresses,
  we nake sure we replace '@' by '.' in the flex
  queries input.
- We also run the flex queries with the input as
  is first, before runnning them as second time
  with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy bd38fabba5
Merge pull request #481 from cocaman/main
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
- Standard types still supported as before
  - Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
  queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel a13184b078
adding additional tags 2021-03-13 20:59:54 +01:00
Corsin Camichel d14d3d585f
first version of ThreatFox enrichment module 2021-03-13 20:36:49 +01:00
Corsin Camichel d913ae4b36
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00
Jürgen Löhel 9e8d01b6c8
fix: google.py module
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel c1700cc955
fix: google.py module
Corrects import for gh.com/abenassi/Google-Search-API.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven 6fc3b2a860 Update yeti.py
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven 294bdee51a Update yeti.py
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven 33bba708bf Update yeti.py
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven bf617807df Update yeti.py
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven 9de5dd89ee Update yeti.py
add logs
2021-03-05 15:14:25 +01:00
Sebdraven 7e1bf41d47 Update yeti.py
add logs
2021-03-05 15:08:32 +01:00
Sebdraven cb008124c3 Update yeti.py
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven e3f23793e0 Update yeti.py
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven 6aff43cf99 Update yeti.py
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven 800020d6a2 Update yeti.py
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven e2a1ade14a Update yeti.py
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven 3fdce84ff7 Update yeti.py
add log
2021-03-05 11:24:43 +01:00
Sebdraven e7cb15a0c4 Update yeti.py
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven 0f31893fdb Update yeti.py
add logs
2021-03-05 11:06:12 +01:00
Sebdraven 1209cd3a75 yeti pluggin
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Jakub Onderka 38457f0a7b
fix: Consider mail body as UTF-8 encoded 2021-03-02 15:03:15 +01:00
Sebdraven 1def6e3f06 Update yeti.py
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven b29b3ded28 Update yeti.py
add method version
2021-02-05 11:47:27 +01:00
Sebdraven 619d648084 Update yeti.py
correct import
2021-02-05 11:37:34 +01:00
Sebdraven 66fc121dbe Update yeti.py
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven 7781a0cae7 add new module
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh 2832466f7f
Update assemblyline_submit.py 2021-02-02 22:56:02 +10:30
adammchugh 6f5c77ef08
Update assemblyline_query.py 2021-02-02 22:55:09 +10:30
adammchugh 07b8968b7d
Update assemblyline_submit.py 2021-02-02 22:52:27 +10:30
Cory Kennedy 774b2f37a6 Corrected VMray rest API import
When loading misp-modules,  the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy ff9ac60bbd
Merge pull request #457 from trustar/main
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden bad538653d added more explicit error messages for indicators that return no enrichment data 2020-12-04 11:59:57 -08:00
Jens Thom 0e4e432dc4 fix imports and unused variables 2020-11-30 12:48:01 +01:00
Jens Thom a404202d1d Merge remote-tracking branch 'upstream/main' into main 2020-11-30 12:23:11 +01:00
Jens Thom 2a870f2d97 * add parser for report version v1 and v2
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix 2544218899 fixed error reported by LGTM analysis 2020-11-23 16:28:23 +01:00
milkmix 47980ef2eb added missing quotes 2020-11-21 08:52:18 +01:00
milkmix 30d9ae6032 added URL support 2020-11-20 18:56:28 +01:00
milkmix 71d2aeaacd typo in python src name 2020-11-20 16:31:48 +01:00
milkmix 451531326d initial work on Defender for Endpoint export module 2020-11-20 16:29:08 +01:00
chrisr3d 575bed0da8 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-18 11:52:53 +01:00
chrisr3d 2464172e1a Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-11-18 11:34:33 +01:00
chrisr3d c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue 2020-11-15 20:15:06 +01:00
chrisr3d d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name 2020-11-15 20:11:08 +01:00
chrisr3d dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
- The rrset and rdata queries remain the same but
  with the parameter `flex_queries`, users can
  also get the results of the flex rrnames & flex
  rdata regex queries about their domain, hostname
  or ip address
- Results can thus include passive-dns objects
  containing the `raw_rdata` object_relation added
  with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d 993a614a20 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-13 16:47:07 +01:00
chrisr3d 32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields 2020-11-13 15:49:58 +01:00
chrisr3d bd3fa3ea07
chg: [cpe] Added default limit to the results
- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
2020-11-13 15:46:41 +01:00
chrisr3d 3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields 2020-11-13 15:28:10 +01:00
chrisr3d fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
- Also updated the results parsing to check in
  each returned result for every field if they are
  included, to avoid key errors if any field is
  missing
2020-11-12 16:01:14 +01:00
chrisr3d 2a25cda026 Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main 2020-11-11 10:46:44 +01:00
chrisr3d bb7564dea9 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-11 10:45:06 +01:00
Jesse Hedden 0650126d6a fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data 2020-11-10 17:20:03 -08:00
chrisr3d b98562a75e
chg: [cpe] Support of the new CVE-Search API 2020-11-10 17:53:47 +01:00
chrisr3d d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests 2020-11-05 17:51:41 +01:00
chrisr3d c0440a0d33 chg: [farsight_passivedns] More context added to the results
- References between the passive-dns objects and
  the initial attribute
- Comment on object attributes mentioning whether
  the results come from an rrset or an rdata
  lookup
2020-11-05 15:55:30 +01:00
chrisr3d 7c5465e02b fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version 2020-11-05 15:55:15 +01:00
chrisr3d d9e576e605 chg: [farsight_passivedns] Rework of the module to return MISP objects
- All the results are parsed as passive-dns MISP
  objects
- More love to give to the parsing to add
  references between the passive-dns objects and
  the input attribute, depending on the type of
  the query (rrset or rdata), or the rrtype
  (to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d 260bddb3cf
chg: [cpe] Changed CVE-Search API default url 2020-11-02 19:03:26 +01:00
chrisr3d 54f7e604c8 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-11-02 19:03:16 +01:00
chrisr3d 6660e2fc11
add: Added documentation for the cpe module 2020-10-24 23:52:06 +02:00
chrisr3d 88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00
mokaddem 2be1d7a0cd new: [expansion] Added html_to_markdown module
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d 410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities 2020-10-23 21:19:26 +02:00
chrisr3d c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types 2020-10-22 23:25:20 +02:00
chrisr3d 2a2a908f09 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-10-22 22:59:21 +02:00
Jakub Onderka d0115e8b36 fix: [main] Disable duplicate JSON decoding 2020-10-22 18:03:29 +02:00
Jakub Onderka 7ad5eb0bfa chg: [clamav] Add reference to original attribute 2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy 0872bb820c
chg: [clamav] TCP port connection must be an integer 2020-10-20 10:17:52 +02:00
Jakub Onderka f2de7ab87f new: [clamav] Module for malware scan by ClamAV 2020-10-17 23:25:47 +02:00
chrisr3d 48635d8f1b
add: Added documentation for the socialscan new module
- Also quick fix of the message for an invalid
  result or response concerning the queried email
  address or username
2020-10-02 17:01:02 +02:00
chrisr3d d950b4d7ec
fix: Removed debugging print command 2020-10-02 01:50:49 +02:00
chrisr3d 9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms 2020-10-01 23:25:39 +02:00
chrisr3d 14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
- Adding objects as dictionaries in an event may
  cause issues in some cases. It is better to pass
  the MISP object as is, as it is already a valid
  object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer 38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot 2dde6e8757
fix: Typo in EMailObject
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d 3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
- The module no longer returns freetext, since the
  result returned to the freetext import as text
  only allowed MISP to parse the same AS number as
  the input attribute.
- The new result returned with the updated module
  is an asn object describing more precisely the
  AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d ae1016946b
fix: Making pep8 happy 2020-08-28 17:30:23 +02:00
chrisr3d 1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
- As expected with the misp_standard modules, the
  input is a full attribute and the module is able
  to return attributes and objects
- There was a lot of data that was parsed as regkey
  attributes by the freetext import, the module now
  parses properly the different field of the result
  of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh 8087c9a6a1 Add proxy support and User-Agent header 2020-08-24 11:19:15 +02:00
David André b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py 2020-08-24 10:11:08 +02:00
Jakub Onderka bd7f7fa1f3 fix: [virustotal] Resolve key error when user enrich hostname 2020-08-17 17:34:21 +02:00
Jesse Hedden 10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update 2020-08-10 08:08:06 -07:00
Jesse Hedden a3c01fa318 added comments 2020-08-10 07:53:24 -07:00
Jesse Hedden 91417d390b added comments 2020-08-09 20:41:52 -07:00
Jesse Hedden 0b576faa68 added comments 2020-08-09 20:36:47 -07:00
Jesse Hedden 2d464adfd6 added error checking 2020-08-09 20:29:37 -07:00
johannesh 85d319e85e Fix typo error introduced in commit: 3b7a5c4dc2 2020-08-07 10:36:40 +02:00
Jesse Hedden ee21a88127 updating to include metadata and alter type of trustar link generated 2020-08-06 21:59:13 -07:00
chrisr3d f1dac0c8df
fix: Fixed pep8 2020-07-28 15:23:24 +02:00
chrisr3d d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits 2020-07-28 15:06:25 +02:00
chrisr3d 3ab67b23b6
fix: Avoid issues with the attribute value field name
- The module setup allows 'value1' as attribute
  value field name, but we want to make sure that
  users passing standard misp format with 'value'
  instead, will not have issues, as well as
  keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d 3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
- Checking if the input format is respected and
  displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d 8180ecbfa8
chg: Making use of the Greynoise v2 API 2020-07-27 17:20:36 +02:00
johannesh c91a61110a Add Recorded Future expansion module 2020-07-23 12:28:56 +02:00
chrisr3d a4e9fe456e Merge branch 'main' of github.com:MISP/misp-modules into main 2020-07-03 10:24:45 +02:00
chrisr3d 8e4c688dce
fix: Fixed list of sigma backends 2020-07-03 10:10:24 +02:00
Jakub Onderka cda5feedaa fix: [virustotal] Subdomains is optional in VT response 2020-07-01 16:13:40 +02:00
chrisr3d f99174af2e
fix: Removed multiple spaces to comply with pep8 2020-07-01 11:27:36 +02:00
chrisr3d 26b0357ac7
fix: Making pep8 happy 2020-06-30 23:10:35 +02:00
chrisr3d c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues
(until it is submitted via PR?)
2020-06-30 18:08:34 +02:00
chrisr3d 3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp 2020-06-30 18:07:14 +02:00
chrisr3d cadcc8947c Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-06-30 17:14:38 +02:00
Jesse Hedden a70558945a removed obsolete file 2020-06-27 17:46:51 -07:00
Jesse Hedden a91d50b507 corrected variable name 2020-06-27 17:29:01 -07:00
Jesse Hedden 9e1bc5681b fixed indent 2020-06-25 15:22:54 -07:00
Jesse Hedden 2d31b4e037 fixed incorrect attribute name 2020-06-25 13:10:50 -07:00
Jesse Hedden 61fbb30e1c fixed metatag; convert summaries generator to list for error handling 2020-06-25 10:54:34 -07:00
Jesse Hedden b188d2da4e added strip to remove potential whitespace 2020-06-24 17:47:41 -07:00
Jesse Hedden b60d142d32 removed extra parameter 2020-06-22 15:06:39 -07:00
Jesse Hedden b9d191686f added try/except for TruSTAR API errors and additional comments 2020-06-22 14:54:37 -07:00
Jesse Hedden f13233d04c added comments and increased page size to max for get_indicator_summaries 2020-06-22 13:47:25 -07:00
Jesse Hedden f3b27ca9c0 updated client metatag and version 2020-06-22 12:58:10 -07:00
Jesse Hedden 68b4fbba09 added client metatag to trustar client 2020-06-22 12:15:28 -07:00
Jesse Hedden 341a569de5 ready for code review 2020-06-21 19:52:17 -07:00
Jakub Onderka fe1ea90b25 fix: [circl_passivessl] Return proper error for IPv6 addresses 2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka b053e1c01b fix: [circl_passivessl] Return not found error
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka 6e21893be4 fix: [circl_passivedns] Return not found error
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka 31d15056f9 new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port 2020-06-03 11:12:47 +02:00
Jesse Hedden 67bdb38fc8 WIP: initial push 2020-05-29 17:41:13 -07:00
Jesse Hedden 8a95a000ee initial commit. not a working product. need to create a class to manage the MISP event and TruStar client 2020-05-29 17:21:20 -07:00
chrisr3d 1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2020-05-05 11:53:09 +02:00
Steve Clement 3fd6633c01
fix: [pep] Comply to PEP E261 2020-05-01 12:12:33 +09:00
Matthias Meidinger ebf71a371b Update vmray_submit
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark fd3c62c460 Fix variable issue in the loop 2020-04-08 01:07:46 -07:00
Golbark 500f0301a9 Adding support for more input types, including multi-types 2020-04-07 06:53:42 -07:00
Golbark b79636ccfa new: usr: Censys Expansion module 2020-04-03 03:15:03 -07:00
chrisr3d 48b381d704
fix: Making pep8 happy 2020-03-18 18:58:11 +01:00
chrisr3d 0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute 2020-03-18 18:05:57 +01:00
chrisr3d 824c0031b3
fix: Catching errors in the reponse of the query to URLhaus 2020-03-18 17:57:55 +01:00
chrisr3d 422f654988
fix: Making pep8 happy with indentation 2020-03-18 10:24:06 +01:00
Jakub Onderka fe34023866
csvimport: Return error if input is not valid UTF-8 2020-03-12 11:02:43 +01:00
Koen Van Impe 2713d3c655 Update __init__ 2020-03-10 19:50:00 +01:00
Koen Van Impe c86f4a4180 Make Travis (a little bit) happy 2020-03-10 18:48:25 +01:00
Koen Van Impe e023f0b470 Cytomic Orion MISP Module
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
2020-03-10 18:25:30 +01:00
chrisr3d 0b4d6738de
fix: Making pep8 happy 2020-03-10 11:15:16 +01:00
bennyv 6c00f02e42 Removed Unused Import 2020-03-04 11:54:55 +11:00
bennyv 0a8a829ac1 Fixed handler error handling for missing config 2020-03-04 11:30:44 +11:00
bennyv a32685df8a Initial Build of SOPHOSLabs Intelix Product 2020-03-04 09:52:55 +11:00
chrisr3d cda5004a0d
fix: Removed unused import 2020-02-26 14:18:09 +01:00
chrisr3d c9c6f69bd4
fix: Making pep8 happy 2020-02-26 11:59:14 +01:00
Christian Studer fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d dea42d3929
chg: Catching missing config issue 2020-02-25 15:22:06 +01:00
Sean Whalen f5af7faace
Create __init__.py 2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt df3a6986ea Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls 2020-02-21 12:05:41 +01:00
chrisr3d 27717c0400
fix: Making the module config available so the module works 2020-02-13 11:40:22 +01:00
GlennHD 0ed0ceab9d
Update geoip_asn.py 2020-02-12 23:48:38 -06:00
GlennHD bdb4185a0a
Update geoip_city.py 2020-02-12 23:48:20 -06:00
GlennHD 46f0f410e7
Added geoip_asn and geoip_city to load 2020-02-12 21:31:41 -06:00
GlennHD 0b9b6c4f41
Added GeoIP_ASN Enrichment module 2020-02-12 21:29:40 -06:00
GlennHD 7a3f9a422d
Added GeoIP_City Enrichment module 2020-02-12 21:28:41 -06:00
Jakub Onderka acdc4b9d03 fix: [VT] Disable SHA512 query for VT 2020-02-07 12:20:12 +01:00
Hendrik 8f9940200b Lastline verify_ssl option
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
chrisr3d b2c8f79220
fix: Making pep8 happy 2020-01-24 15:17:35 +01:00
Georg Schölly 04685ea63e joe: (1) allow users to disable PE object import (2) set 'to_ids' to False 2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy 09cdc7277c
Merge pull request #365 from ostefano/analysis
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani 66bf650b79 change: migrate to analysis API when submitting tasks to Lastline 2020-01-21 11:32:05 +00:00
Koen Van Impe 036933ea14 2nd fix for VT Public module 2020-01-17 11:26:35 +01:00
Koen Van Impe 610c99ce7b Fix error message in Public VT module 2020-01-17 10:58:31 +01:00
chrisr3d 31a74a10c1
fix: Fixed ipasn test input format + module version updated 2020-01-10 15:37:54 +01:00
chrisr3d b3bc533bc3
chg: Making ipasn module return asn object(s)
- Latest changes on the returned value as string
  broke the freetext parser, because no asn number
  could be parsed when we return the full json
  blob as a freetext attribute
- Now returning asn object(s) with a reference to
  the initial attribute
2020-01-10 15:02:59 +01:00
chrisr3d 35c438e6ee
fix: typo 2020-01-10 10:38:12 +01:00
chrisr3d f5452055f6
fix: Fixed vt_graph imports 2020-01-10 10:31:52 +01:00
chrisr3d 70b3079aa3
fix: Fixed pep8 in the new module and related libraries 2020-01-09 16:01:18 +01:00
chrisr3d 7722e2cb93
fix: Fixed typo on function import 2020-01-09 15:28:33 +01:00
Christian Studer 7c2b001df3
Merge pull request #361 from VirusTotal/master
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia 10b4e78704 add vt_graph export module 2020-01-09 09:57:46 +00:00
Erick Cheng bfcba18e3c
Update ipasn.py 2020-01-07 18:58:40 +01:00
chrisr3d cf5ad29f27
chg: Checking attributes category
- We check the category before adding the
  attribute to the event
- Checking if the category is correct and if not,
  doing a case insensitive check
- If the category is not correct after the 2 first
  tests, we simply delete it from the attribute
  and pymisp will give the attribute a default
  category value based on the atttribute type, at
  the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d 7945d060ff
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00
chrisr3d 2fc0b44b90
fix: Making pep8 happy with whitespace after ':' 2019-12-18 16:16:47 +01:00
chrisr3d 3007761a55
fix: Making pep8 happy by having spaces around '+' operators 2019-12-17 16:31:53 +01:00
chrisr3d 5f90ae776f
fix: Making pep8 happy 2019-12-17 14:29:29 +01:00
chrisr3d b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects 2019-12-17 11:18:21 +01:00
chrisr3d 9c9f01b6ff
fix: Quick variable name fix 2019-12-17 11:17:56 +01:00
chrisr3d 6849daebfa
chg: Made circl_passivessl module able to return MISP objects 2019-12-17 10:26:43 +01:00
Raphaël Vinot b70c32af7b fix: Somewhat broken emails needed some love 2019-12-05 19:11:07 +01:00
Raphaël Vinot 6f95445143 chg: Update email import module, support objects 2019-12-04 15:25:01 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
Raphaël Vinot 5d7a829583 chg: Use MISPObject in ransomcoindb 2019-11-26 13:27:02 +01:00
aaronkaplan 06025e63d0
oops , use relative import 2019-11-26 01:52:31 +01:00
aaronkaplan d73a9b601a
use a helpful user-agent string 2019-11-26 01:08:28 +01:00
aaronkaplan 777483838b
Revert "fix url"
This reverts commit 44130e2bf9.
2019-11-25 22:24:57 +01:00
aaronkaplan 44130e2bf9
fix url 2019-11-25 20:51:20 +01:00
aaronkaplan 24ec4a0e23
remove pprint 2019-11-25 18:56:12 +01:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d ccf12a225c
fix: Making pep8 happy 2019-11-21 17:50:49 -05:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine 2019-11-20 17:35:37 -05:00
chrisr3d dc9ea98d2c
fix: Making pep8 happy 2019-11-20 10:13:51 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain 2019-11-17 19:11:26 -05:00
chrisr3d 4990bcebd8
fix: Avoiding KeyError exception when no result is found 2019-11-17 18:00:19 -05:00
chrisr3d 91d6f1baa0
fix: Fixed csv file parsing 2019-11-07 11:50:16 +01:00
chrisr3d 0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
- Now able to return MISP objects
- Support of the xforce exchange authentication
  with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
chrisr3d bfe227d555
fix: More clarity on the exception raised on the securitytrails module 2019-10-31 17:19:42 +01:00
chrisr3d 69e81b47d7
fix: Better exceptions handling on the passivetotal module 2019-10-31 17:18:23 +01:00