chrisr3d
611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
...
- It looks like the `image_to_string` method now
assumes RGB format and the `imdecode` method
seems to give BGR format, so we convert the
image array before
2021-04-15 16:12:00 +02:00
chrisr3d
729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions
2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy
577d0de500
chg: [farsight] make PEP happy
2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy
2bc5021ace
Merge pull request #435 from JakubOnderka/remove-duplicate-decoding
...
fix: [main] Remove duplicate JSON decoding
2021-04-08 20:41:46 +02:00
Alexandre Dulaunoy
0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other
2021-04-08 19:14:13 +02:00
chrisr3d
a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
...
- The object_relation `time_first` is added as the
`first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d
505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
...
- With last_seen set we can easily get results
included in a certain time frame (between first
seen and last seen), but we do not get the
latest results. In order to get those ones, we
skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d
5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
...
- We get the datetime format instead of the raw
timestamp
2021-03-30 03:47:34 +02:00
chrisr3d
327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
...
- Getting generator as a list as it is already the
case for all the other results, so it avoids
issues to read the results by accidently looping
through the generator before it is actually
needed, which would lose the content of the
generator
- Also removed print that was accidently introduced
with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d
8935c4adc5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-29 20:10:28 +02:00
chrisr3d
25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields
2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy
521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
...
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta
5e20ea0dc0
update community api to released ver
2021-03-26 11:19:40 -04:00
Brad Chiappetta
714eb425c6
fix ver info
2021-03-23 13:41:05 -04:00
Brad Chiappetta
2855f7ff5f
updates for greynoise community api
2021-03-23 13:39:36 -04:00
Sebdraven
b42da0435b
Update yeti.py
...
add key results
2021-03-19 15:55:18 +01:00
Sebdraven
240d043f91
Update yeti.py
...
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven
ef2bf29621
Update yeti.py
...
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven
76133ace8b
Update yeti.py
...
change logs
2021-03-19 15:37:49 +01:00
Sebdraven
6b35a7ee4d
Update yeti.py
...
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven
ed3e0d56fd
Update yeti.py
...
change logs
2021-03-19 15:29:21 +01:00
Sebdraven
1be2c27131
Update yeti.py
...
add logs
2021-03-19 15:26:45 +01:00
Sebdraven
83c4b2f4b0
Update yeti.py
...
add relation
2021-03-19 15:22:53 +01:00
Sebdraven
cd97186776
Update yeti.py
...
remove add
2021-03-19 15:20:58 +01:00
Sebdraven
624f423264
Update yeti.py
...
add logs
2021-03-19 15:19:37 +01:00
Sebdraven
5176a36acf
Update yeti.py
...
change relations
2021-03-19 15:16:00 +01:00
Sebdraven
86275d7610
Update yeti.py
...
change modification
2021-03-19 14:38:34 +01:00
Sebdraven
0a364cf815
Update yeti.py
...
update relation
2021-03-19 14:32:00 +01:00
Sebdraven
9eb41f4022
Update yeti.py
...
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven
0d035c0292
Update yeti.py
...
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven
b9ce6d689c
Update yeti.py
...
add ref
2021-03-19 13:56:02 +01:00
Sebdraven
28b554d975
Update yeti.py
...
add test
2021-03-19 12:24:15 +01:00
Sebdraven
bc1bea0ec4
Update yeti.py
...
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven
7255a1eddc
Update yeti.py
...
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven
65d8bb6b07
Update yeti.py
...
log json
2021-03-19 11:51:55 +01:00
Sebdraven
633f5efd56
Update yeti.py
...
log object
2021-03-19 11:48:55 +01:00
Sebdraven
bd5c1b0b53
Update yeti.py
...
add logs
2021-03-19 11:40:23 +01:00
Sebdraven
1dfdb5a2a2
Update yeti.py
...
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven
347d12c78c
Update yeti.py
...
add logs
2021-03-19 11:27:23 +01:00
Sebdraven
d868373c5a
Update yeti.py
...
add logs
2021-03-19 11:24:10 +01:00
Sebdraven
bd4a4b87fc
Update yeti.py
...
add logs
2021-03-19 11:18:01 +01:00
Sebdraven
c9bc97c9f9
Update yeti.py
...
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven
0618e288d3
Update yeti.py
...
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven
48f56b0690
Update yeti.py
...
add object
2021-03-19 10:52:48 +01:00
chrisr3d
9f80d69e64
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 19:34:18 +01:00
chrisr3d
458e432bb7
fix: Making pep8 happy
2021-03-18 19:22:26 +01:00
chrisr3d
aea7e247a5
Merge branch 'main' of github.com:MISP/misp-modules into new_features
2021-03-18 18:45:41 +01:00
chrisr3d
c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
...
- Since flex queries input may be email addresses,
we nake sure we replace '@' by '.' in the flex
queries input.
- We also run the flex queries with the input as
is first, before runnning them as second time
with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy
bd38fabba5
Merge pull request #481 from cocaman/main
...
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d
f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
...
- Standard types still supported as before
- Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel
a13184b078
adding additional tags
2021-03-13 20:59:54 +01:00
Corsin Camichel
d14d3d585f
first version of ThreatFox enrichment module
2021-03-13 20:36:49 +01:00
Corsin Camichel
d913ae4b36
updating "hibp" for API version 3
2021-03-13 17:44:27 +01:00
Jürgen Löhel
9e8d01b6c8
fix: google.py module
...
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel
c1700cc955
fix: google.py module
...
Corrects import for gh.com/abenassi/Google-Search-API.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven
6fc3b2a860
Update yeti.py
...
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven
294bdee51a
Update yeti.py
...
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven
33bba708bf
Update yeti.py
...
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven
bf617807df
Update yeti.py
...
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven
9de5dd89ee
Update yeti.py
...
add logs
2021-03-05 15:14:25 +01:00
Sebdraven
7e1bf41d47
Update yeti.py
...
add logs
2021-03-05 15:08:32 +01:00
Sebdraven
cb008124c3
Update yeti.py
...
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven
e3f23793e0
Update yeti.py
...
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven
6aff43cf99
Update yeti.py
...
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven
800020d6a2
Update yeti.py
...
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven
e2a1ade14a
Update yeti.py
...
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven
3fdce84ff7
Update yeti.py
...
add log
2021-03-05 11:24:43 +01:00
Sebdraven
e7cb15a0c4
Update yeti.py
...
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven
0f31893fdb
Update yeti.py
...
add logs
2021-03-05 11:06:12 +01:00
Sebdraven
1209cd3a75
yeti pluggin
...
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Jakub Onderka
38457f0a7b
fix: Consider mail body as UTF-8 encoded
2021-03-02 15:03:15 +01:00
Sebdraven
1def6e3f06
Update yeti.py
...
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven
b29b3ded28
Update yeti.py
...
add method version
2021-02-05 11:47:27 +01:00
Sebdraven
619d648084
Update yeti.py
...
correct import
2021-02-05 11:37:34 +01:00
Sebdraven
66fc121dbe
Update yeti.py
...
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven
7781a0cae7
add new module
...
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh
2832466f7f
Update assemblyline_submit.py
2021-02-02 22:56:02 +10:30
adammchugh
6f5c77ef08
Update assemblyline_query.py
2021-02-02 22:55:09 +10:30
adammchugh
07b8968b7d
Update assemblyline_submit.py
2021-02-02 22:52:27 +10:30
Cory Kennedy
774b2f37a6
Corrected VMray rest API import
...
When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy
ff9ac60bbd
Merge pull request #457 from trustar/main
...
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden
bad538653d
added more explicit error messages for indicators that return no enrichment data
2020-12-04 11:59:57 -08:00
Jens Thom
0e4e432dc4
fix imports and unused variables
2020-11-30 12:48:01 +01:00
Jens Thom
a404202d1d
Merge remote-tracking branch 'upstream/main' into main
2020-11-30 12:23:11 +01:00
Jens Thom
2a870f2d97
* add parser for report version v1 and v2
...
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix
2544218899
fixed error reported by LGTM analysis
2020-11-23 16:28:23 +01:00
milkmix
47980ef2eb
added missing quotes
2020-11-21 08:52:18 +01:00
milkmix
30d9ae6032
added URL support
2020-11-20 18:56:28 +01:00
milkmix
71d2aeaacd
typo in python src name
2020-11-20 16:31:48 +01:00
milkmix
451531326d
initial work on Defender for Endpoint export module
2020-11-20 16:29:08 +01:00
chrisr3d
575bed0da8
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-18 11:52:53 +01:00
chrisr3d
2464172e1a
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-11-18 11:34:33 +01:00
chrisr3d
c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue
2020-11-15 20:15:06 +01:00
chrisr3d
d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name
2020-11-15 20:11:08 +01:00
chrisr3d
dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
...
- The rrset and rdata queries remain the same but
with the parameter `flex_queries`, users can
also get the results of the flex rrnames & flex
rdata regex queries about their domain, hostname
or ip address
- Results can thus include passive-dns objects
containing the `raw_rdata` object_relation added
with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d
993a614a20
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-13 16:47:07 +01:00
chrisr3d
32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields
2020-11-13 15:49:58 +01:00
chrisr3d
bd3fa3ea07
chg: [cpe] Added default limit to the results
...
- Results returned by CVE-search are sorted by
cvss score and limited in number to avoid
potential massive amount of data retuned back
to MISP.
- Users can overwrite the default limit with the
configuration already present as optional, and
can also set the limit to 0 to get the full list
of results
2020-11-13 15:46:41 +01:00
chrisr3d
3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields
2020-11-13 15:28:10 +01:00
chrisr3d
fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
...
- Also updated the results parsing to check in
each returned result for every field if they are
included, to avoid key errors if any field is
missing
2020-11-12 16:01:14 +01:00
chrisr3d
2a25cda026
Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main
2020-11-11 10:46:44 +01:00
chrisr3d
bb7564dea9
Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch
2020-11-11 10:45:06 +01:00
Jesse Hedden
0650126d6a
fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data
2020-11-10 17:20:03 -08:00
chrisr3d
b98562a75e
chg: [cpe] Support of the new CVE-Search API
2020-11-10 17:53:47 +01:00
chrisr3d
d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests
2020-11-05 17:51:41 +01:00
chrisr3d
c0440a0d33
chg: [farsight_passivedns] More context added to the results
...
- References between the passive-dns objects and
the initial attribute
- Comment on object attributes mentioning whether
the results come from an rrset or an rdata
lookup
2020-11-05 15:55:30 +01:00
chrisr3d
7c5465e02b
fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version
2020-11-05 15:55:15 +01:00
chrisr3d
d9e576e605
chg: [farsight_passivedns] Rework of the module to return MISP objects
...
- All the results are parsed as passive-dns MISP
objects
- More love to give to the parsing to add
references between the passive-dns objects and
the input attribute, depending on the type of
the query (rrset or rdata), or the rrtype
(to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d
260bddb3cf
chg: [cpe] Changed CVE-Search API default url
2020-11-02 19:03:26 +01:00
chrisr3d
54f7e604c8
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-11-02 19:03:16 +01:00
chrisr3d
6660e2fc11
add: Added documentation for the cpe module
2020-10-24 23:52:06 +02:00
chrisr3d
88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
2020-10-24 02:40:31 +02:00
mokaddem
2be1d7a0cd
new: [expansion] Added html_to_markdown module
...
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d
410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities
2020-10-23 21:19:26 +02:00
chrisr3d
c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types
2020-10-22 23:25:20 +02:00
chrisr3d
2a2a908f09
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-10-22 22:59:21 +02:00
Jakub Onderka
d0115e8b36
fix: [main] Disable duplicate JSON decoding
2020-10-22 18:03:29 +02:00
Jakub Onderka
7ad5eb0bfa
chg: [clamav] Add reference to original attribute
2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy
0872bb820c
chg: [clamav] TCP port connection must be an integer
2020-10-20 10:17:52 +02:00
Jakub Onderka
f2de7ab87f
new: [clamav] Module for malware scan by ClamAV
2020-10-17 23:25:47 +02:00
chrisr3d
48635d8f1b
add: Added documentation for the socialscan new module
...
- Also quick fix of the message for an invalid
result or response concerning the queried email
address or username
2020-10-02 17:01:02 +02:00
chrisr3d
d950b4d7ec
fix: Removed debugging print command
2020-10-02 01:50:49 +02:00
chrisr3d
9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms
2020-10-01 23:25:39 +02:00
chrisr3d
14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
...
- Adding objects as dictionaries in an event may
cause issues in some cases. It is better to pass
the MISP object as is, as it is already a valid
object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d
c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
...
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer
38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
...
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot
2dde6e8757
fix: Typo in EMailObject
...
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d
3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
...
- The module no longer returns freetext, since the
result returned to the freetext import as text
only allowed MISP to parse the same AS number as
the input attribute.
- The new result returned with the updated module
is an asn object describing more precisely the
AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d
ae1016946b
fix: Making pep8 happy
2020-08-28 17:30:23 +02:00
chrisr3d
1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
...
- As expected with the misp_standard modules, the
input is a full attribute and the module is able
to return attributes and objects
- There was a lot of data that was parsed as regkey
attributes by the freetext import, the module now
parses properly the different field of the result
of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh
8087c9a6a1
Add proxy support and User-Agent header
2020-08-24 11:19:15 +02:00
David André
b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py
2020-08-24 10:11:08 +02:00
Jakub Onderka
bd7f7fa1f3
fix: [virustotal] Resolve key error when user enrich hostname
2020-08-17 17:34:21 +02:00
Jesse Hedden
10e432ec55
Merge branch 'main' into feat/EN-5047/MISP-manual-update
2020-08-10 08:08:06 -07:00
Jesse Hedden
a3c01fa318
added comments
2020-08-10 07:53:24 -07:00
Jesse Hedden
91417d390b
added comments
2020-08-09 20:41:52 -07:00
Jesse Hedden
0b576faa68
added comments
2020-08-09 20:36:47 -07:00
Jesse Hedden
2d464adfd6
added error checking
2020-08-09 20:29:37 -07:00
johannesh
85d319e85e
Fix typo error introduced in commit: 3b7a5c4dc2
2020-08-07 10:36:40 +02:00
Jesse Hedden
ee21a88127
updating to include metadata and alter type of trustar link generated
2020-08-06 21:59:13 -07:00
chrisr3d
f1dac0c8df
fix: Fixed pep8
2020-07-28 15:23:24 +02:00
chrisr3d
d2661c7a20
fix: Fixed pep8 + some copy paste issues introduced with the latest commits
2020-07-28 15:06:25 +02:00
chrisr3d
3ab67b23b6
fix: Avoid issues with the attribute value field name
...
- The module setup allows 'value1' as attribute
value field name, but we want to make sure that
users passing standard misp format with 'value'
instead, will not have issues, as well as
keeping the current setup
2020-07-28 11:56:03 +02:00
chrisr3d
3b7a5c4dc2
add: Specific error message for misp_standard format expansion modules
...
- Checking if the input format is respected and
displaying an error message if it is not
2020-07-28 11:47:53 +02:00
chrisr3d
8180ecbfa8
chg: Making use of the Greynoise v2 API
2020-07-27 17:20:36 +02:00
johannesh
c91a61110a
Add Recorded Future expansion module
2020-07-23 12:28:56 +02:00
chrisr3d
a4e9fe456e
Merge branch 'main' of github.com:MISP/misp-modules into main
2020-07-03 10:24:45 +02:00
chrisr3d
8e4c688dce
fix: Fixed list of sigma backends
2020-07-03 10:10:24 +02:00
Jakub Onderka
cda5feedaa
fix: [virustotal] Subdomains is optional in VT response
2020-07-01 16:13:40 +02:00
chrisr3d
f99174af2e
fix: Removed multiple spaces to comply with pep8
2020-07-01 11:27:36 +02:00
chrisr3d
26b0357ac7
fix: Making pep8 happy
2020-06-30 23:10:35 +02:00
chrisr3d
c0dae2b31b
fix: Removed trustar_import module name in init to avoid validation issues
...
(until it is submitted via PR?)
2020-06-30 18:08:34 +02:00
chrisr3d
3e12feae79
Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp
2020-06-30 18:07:14 +02:00
chrisr3d
cadcc8947c
Merge branch 'main' of github.com:MISP/misp-modules into new_module
2020-06-30 17:14:38 +02:00
Jesse Hedden
a70558945a
removed obsolete file
2020-06-27 17:46:51 -07:00
Jesse Hedden
a91d50b507
corrected variable name
2020-06-27 17:29:01 -07:00
Jesse Hedden
9e1bc5681b
fixed indent
2020-06-25 15:22:54 -07:00
Jesse Hedden
2d31b4e037
fixed incorrect attribute name
2020-06-25 13:10:50 -07:00
Jesse Hedden
61fbb30e1c
fixed metatag; convert summaries generator to list for error handling
2020-06-25 10:54:34 -07:00
Jesse Hedden
b188d2da4e
added strip to remove potential whitespace
2020-06-24 17:47:41 -07:00
Jesse Hedden
b60d142d32
removed extra parameter
2020-06-22 15:06:39 -07:00
Jesse Hedden
b9d191686f
added try/except for TruSTAR API errors and additional comments
2020-06-22 14:54:37 -07:00
Jesse Hedden
f13233d04c
added comments and increased page size to max for get_indicator_summaries
2020-06-22 13:47:25 -07:00
Jesse Hedden
f3b27ca9c0
updated client metatag and version
2020-06-22 12:58:10 -07:00
Jesse Hedden
68b4fbba09
added client metatag to trustar client
2020-06-22 12:15:28 -07:00
Jesse Hedden
341a569de5
ready for code review
2020-06-21 19:52:17 -07:00
Jakub Onderka
fe1ea90b25
fix: [circl_passivessl] Return proper error for IPv6 addresses
2020-06-03 14:06:57 +02:00
Alexandre Dulaunoy
ddf51d482a
Merge pull request #406 from JakubOnderka/ip-port
...
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 12:57:11 +02:00
Jakub Onderka
b053e1c01b
fix: [circl_passivessl] Return not found error
...
If passivessl returns empty response, return Not found error instead of error in log
2020-06-03 11:19:21 +02:00
Jakub Onderka
6e21893be4
fix: [circl_passivedns] Return not found error
...
If passivedns returns empty response, return Not found error instead of error in log
2020-06-03 11:15:46 +02:00
Jakub Onderka
31d15056f9
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
2020-06-03 11:12:47 +02:00
Jesse Hedden
67bdb38fc8
WIP: initial push
2020-05-29 17:41:13 -07:00
Jesse Hedden
8a95a000ee
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client
2020-05-29 17:21:20 -07:00
chrisr3d
1e27c2de5a
Merge branch 'master' of github.com:MISP/misp-modules into new_module
2020-05-05 11:53:09 +02:00
Steve Clement
3fd6633c01
fix: [pep] Comply to PEP E261
2020-05-01 12:12:33 +09:00
Matthias Meidinger
ebf71a371b
Update vmray_submit
...
The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
2020-04-23 14:47:48 +02:00
Golbark
fd3c62c460
Fix variable issue in the loop
2020-04-08 01:07:46 -07:00
Golbark
500f0301a9
Adding support for more input types, including multi-types
2020-04-07 06:53:42 -07:00
Golbark
b79636ccfa
new: usr: Censys Expansion module
2020-04-03 03:15:03 -07:00
chrisr3d
48b381d704
fix: Making pep8 happy
2020-03-18 18:58:11 +01:00
chrisr3d
0671f93724
new: Expansion module to query MALWAREbazaar API with some hash attribute
2020-03-18 18:05:57 +01:00
chrisr3d
824c0031b3
fix: Catching errors in the reponse of the query to URLhaus
2020-03-18 17:57:55 +01:00
chrisr3d
422f654988
fix: Making pep8 happy with indentation
2020-03-18 10:24:06 +01:00
Jakub Onderka
fe34023866
csvimport: Return error if input is not valid UTF-8
2020-03-12 11:02:43 +01:00
Koen Van Impe
2713d3c655
Update __init__
2020-03-10 19:50:00 +01:00
Koen Van Impe
c86f4a4180
Make Travis (a little bit) happy
2020-03-10 18:48:25 +01:00
Koen Van Impe
e023f0b470
Cytomic Orion MISP Module
...
An expansion module to enrich attributes in MISP and share indicators
of compromise with Cytomic Orion
2020-03-10 18:25:30 +01:00
chrisr3d
0b4d6738de
fix: Making pep8 happy
2020-03-10 11:15:16 +01:00
bennyv
6c00f02e42
Removed Unused Import
2020-03-04 11:54:55 +11:00
bennyv
0a8a829ac1
Fixed handler error handling for missing config
2020-03-04 11:30:44 +11:00
bennyv
a32685df8a
Initial Build of SOPHOSLabs Intelix Product
2020-03-04 09:52:55 +11:00
chrisr3d
cda5004a0d
fix: Removed unused import
2020-02-26 14:18:09 +01:00
chrisr3d
c9c6f69bd4
fix: Making pep8 happy
2020-02-26 11:59:14 +01:00
Christian Studer
fc54785d6b
Merge pull request #374 from M0un/projet-m2-oun-gindt
...
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
2020-02-26 11:53:11 +01:00
chrisr3d
dea42d3929
chg: Catching missing config issue
2020-02-25 15:22:06 +01:00
Sean Whalen
f5af7faace
Create __init__.py
2020-02-22 19:44:31 -05:00
Mathilde Oun et Vincent Gindt
df3a6986ea
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls
2020-02-21 12:05:41 +01:00
chrisr3d
27717c0400
fix: Making the module config available so the module works
2020-02-13 11:40:22 +01:00
GlennHD
0ed0ceab9d
Update geoip_asn.py
2020-02-12 23:48:38 -06:00
GlennHD
bdb4185a0a
Update geoip_city.py
2020-02-12 23:48:20 -06:00
GlennHD
46f0f410e7
Added geoip_asn and geoip_city to load
2020-02-12 21:31:41 -06:00
GlennHD
0b9b6c4f41
Added GeoIP_ASN Enrichment module
2020-02-12 21:29:40 -06:00
GlennHD
7a3f9a422d
Added GeoIP_City Enrichment module
2020-02-12 21:28:41 -06:00
Jakub Onderka
acdc4b9d03
fix: [VT] Disable SHA512 query for VT
2020-02-07 12:20:12 +01:00
Hendrik
8f9940200b
Lastline verify_ssl option
...
Helps people with on-prem boxes
2020-01-27 07:46:48 +01:00
chrisr3d
b2c8f79220
fix: Making pep8 happy
2020-01-24 15:17:35 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
Alexandre Dulaunoy
09cdc7277c
Merge pull request #365 from ostefano/analysis
...
change: migrate to analysis API when submitting files to Lastline
2020-01-21 14:15:22 +01:00
Stefano Ortolani
66bf650b79
change: migrate to analysis API when submitting tasks to Lastline
2020-01-21 11:32:05 +00:00
Koen Van Impe
036933ea14
2nd fix for VT Public module
2020-01-17 11:26:35 +01:00
Koen Van Impe
610c99ce7b
Fix error message in Public VT module
2020-01-17 10:58:31 +01:00
chrisr3d
31a74a10c1
fix: Fixed ipasn test input format + module version updated
2020-01-10 15:37:54 +01:00
chrisr3d
b3bc533bc3
chg: Making ipasn module return asn object(s)
...
- Latest changes on the returned value as string
broke the freetext parser, because no asn number
could be parsed when we return the full json
blob as a freetext attribute
- Now returning asn object(s) with a reference to
the initial attribute
2020-01-10 15:02:59 +01:00
chrisr3d
35c438e6ee
fix: typo
2020-01-10 10:38:12 +01:00
chrisr3d
f5452055f6
fix: Fixed vt_graph imports
2020-01-10 10:31:52 +01:00
chrisr3d
70b3079aa3
fix: Fixed pep8 in the new module and related libraries
2020-01-09 16:01:18 +01:00
chrisr3d
7722e2cb93
fix: Fixed typo on function import
2020-01-09 15:28:33 +01:00
Christian Studer
7c2b001df3
Merge pull request #361 from VirusTotal/master
...
add vt_graph export module
2020-01-09 14:51:09 +01:00
Alvaro Garcia
10b4e78704
add vt_graph export module
2020-01-09 09:57:46 +00:00
Erick Cheng
bfcba18e3c
Update ipasn.py
2020-01-07 18:58:40 +01:00
chrisr3d
cf5ad29f27
chg: Checking attributes category
...
- We check the category before adding the
attribute to the event
- Checking if the category is correct and if not,
doing a case insensitive check
- If the category is not correct after the 2 first
tests, we simply delete it from the attribute
and pymisp will give the attribute a default
category value based on the atttribute type, at
the creation of the attribute
2020-01-07 17:03:10 +01:00
chrisr3d
7945d060ff
new: Enrichment module for querying APIVoid with domain attributes
2019-12-18 17:11:13 +01:00
chrisr3d
2fc0b44b90
fix: Making pep8 happy with whitespace after ':'
2019-12-18 16:16:47 +01:00
chrisr3d
3007761a55
fix: Making pep8 happy by having spaces around '+' operators
2019-12-17 16:31:53 +01:00
chrisr3d
5f90ae776f
fix: Making pep8 happy
2019-12-17 14:29:29 +01:00
chrisr3d
b8d6141cb7
chg: Made circl_passivedns module able to return MISP objects
2019-12-17 11:18:21 +01:00
chrisr3d
9c9f01b6ff
fix: Quick variable name fix
2019-12-17 11:17:56 +01:00
chrisr3d
6849daebfa
chg: Made circl_passivessl module able to return MISP objects
2019-12-17 10:26:43 +01:00
Raphaël Vinot
b70c32af7b
fix: Somewhat broken emails needed some love
2019-12-05 19:11:07 +01:00
Raphaël Vinot
6f95445143
chg: Update email import module, support objects
2019-12-04 15:25:01 +01:00
Stefano Ortolani
f749578525
add: Modules to query/import/submit data from/to Lastline
2019-12-02 19:09:40 +00:00
Raphaël Vinot
5d7a829583
chg: Use MISPObject in ransomcoindb
2019-11-26 13:27:02 +01:00
aaronkaplan
06025e63d0
oops , use relative import
2019-11-26 01:52:31 +01:00
aaronkaplan
d73a9b601a
use a helpful user-agent string
2019-11-26 01:08:28 +01:00
aaronkaplan
777483838b
Revert "fix url"
...
This reverts commit 44130e2bf9
.
2019-11-25 22:24:57 +01:00
aaronkaplan
44130e2bf9
fix url
2019-11-25 20:51:20 +01:00
aaronkaplan
24ec4a0e23
remove pprint
2019-11-25 18:56:12 +01:00
aaronkaplan
5350003e3a
initial version of the ransomcoindb expansion module
2019-11-25 18:52:39 +01:00
chrisr3d
ccf12a225c
fix: Making pep8 happy
2019-11-21 17:50:49 -05:00
chrisr3d
96712da5e0
add: Module to query AssemblyLine and parse the results
...
- Takes an AssemblyLine submission link to query
the API and get the full submission report
- Parses the potentially malicious files and the
IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d
de8737d2f3
fix: Fixed input types list since domain should not be submitted to AssemblyLine
2019-11-20 17:35:37 -05:00
chrisr3d
dc9ea98d2c
fix: Making pep8 happy
2019-11-20 10:13:51 -05:00
chrisr3d
58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine
2019-11-19 15:41:35 -05:00
chrisr3d
f08fc6d9a5
chg: Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain
2019-11-17 19:11:26 -05:00
chrisr3d
4990bcebd8
fix: Avoiding KeyError exception when no result is found
2019-11-17 18:00:19 -05:00
chrisr3d
91d6f1baa0
fix: Fixed csv file parsing
2019-11-07 11:50:16 +01:00
chrisr3d
0fd3f92fe3
fix: Fixed Xforce Exchange authentication + rework
...
- Now able to return MISP objects
- Support of the xforce exchange authentication
with apikey & apipassword
2019-11-05 16:43:03 +01:00
chrisr3d
852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list
2019-11-04 16:52:26 +01:00
chrisr3d
bfe227d555
fix: More clarity on the exception raised on the securitytrails module
2019-10-31 17:19:42 +01:00
chrisr3d
69e81b47d7
fix: Better exceptions handling on the passivetotal module
2019-10-31 17:18:23 +01:00