Commit Graph

1270 Commits (f0ef4ee71d502864ca535ce53816776d6cbab357)

Author SHA1 Message Date
Alexandre Dulaunoy 4162ccb528
chg: [hashlookup] KnownMalicious field added 2021-09-24 15:35:14 +02:00
Alexandre Dulaunoy b6e0c4ce53
chg: [hashlookup] add new fields such as source, SSDEEP and TLSH 2021-09-24 15:29:23 +02:00
Alexandre Dulaunoy 9783113a1e
fix: [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record 2021-09-24 15:09:07 +02:00
Andras Iklody 4115b7607e
fix: added note about the Domaintools module being deprecated
- as requested by Domaintools, including a link to their own, up to date module
2021-09-09 13:57:29 +02:00
chrisr3d 82e0628fe7
chg: [hashlookup] Using the actual attribute types for FileName & FileSize
- Following the recent changes on the obejct template
  to use `filename` as attribute type for the FileName
  object relation instead of `text`
  d2b93f5aa6
2021-08-26 15:19:36 +02:00
chrisr3d 1d7f0ee1f0
fix: [hashlookup] Fixed the errors handling
- Since the modules system is waiting for a dict,
  we return `misperrors` instead of the actual
  value of the 'error' key, and the module will
  no longer fail when there is no result to parse
2021-08-26 15:02:32 +02:00
Alexandre Dulaunoy 73e78463d0
new: [hashlookup] new hashlookup module added
https://www.circl.lu/services/hashlookup/
2021-08-25 18:42:16 +02:00
Alexandre Dulaunoy 7b675f7857
Merge branch 'main' of github.com:MISP/misp-modules into main 2021-08-25 18:41:31 +02:00
Alexandre Dulaunoy f40fc7ebc4
new: [hashlookup] new hashlookup module added 2021-08-25 18:38:09 +02:00
Martin Ohl d2ed09d081
Create mcafee_insights_enrich.py
Module to expand IOC information with McAfee MVISION Insights
2021-08-13 14:55:08 +02:00
Jason Zhang f5fdf343b8 Sanity checks 2021-08-12 11:08:09 +01:00
Brad Chiappetta b3daa138f1 add cve support and enhance ip lookups 2021-08-09 15:37:37 -04:00
Jason Zhang 83fd44ed13 add vmware_nsx module 2021-07-29 12:13:31 +01:00
Alexandre Dulaunoy 354427d173
Merge pull request #507 from aaronkaplan/cof2misp
Cof2misp
2021-06-17 19:40:08 +02:00
Aaron Kaplan 4078119db0 fix the last issues of #493
(https://github.com/MISP/misp-modules/issues/493)
2021-06-17 14:36:27 +00:00
Aaron Kaplan d1aeafb3ae unit test for dnsdbflex in lib/cof.py 2021-06-17 14:33:15 +00:00
Alexandre Dulaunoy 605231e089
chg :[virustotal_public] make flake8 happy 2021-06-11 14:54:07 +02:00
Alexandre Dulaunoy 94795e4993
chg: [virustotal] make flake8 happy 2021-06-11 14:51:30 +02:00
Alex Resnick c4bc2408ad add proxy configs for virus total modules 2021-05-28 14:53:35 -05:00
aaronkaplan 9813f7f7cb
Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp 2021-05-27 01:58:55 +02:00
aaronkaplan 6824b4e991
push version 2021-05-27 01:58:23 +02:00
aaronkaplan 4816844d16
Add a function to validate dnsdbflex output
add dnsdbflex parser. It's rather easy

Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:38:56 +02:00
aaronkaplan bbe0a1efa8
Merge remote-tracking branch 'origin/cof2misp' into cof2misp 2021-05-26 12:17:18 +02:00
aaronkaplan 5b41c82f78
Add a function to validate dnsdbflex output
Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:16:11 +02:00
Rambatla Venkat Rao 6a731454f1
Updated Distribution Constant 2021-05-12 21:42:25 +05:30
Rambatla Venkat Rao f6c0f68263
Default distribution setting to DNSDB Objects 2021-05-12 18:38:55 +05:30
Rambatla Venkat Rao 7aa6b39da8
Added a default distribution setting to Objects 2021-05-12 18:30:54 +05:30
Alexandre Dulaunoy 77035a82e0
chg: [cof2misp] bailiwick is optional 2021-05-11 14:46:16 +02:00
Sebdraven 382025453e fix bug on loop 2021-05-07 14:38:42 +02:00
Sebdraven eb48635ce5 remove print and variable unsuable 2021-05-07 14:07:18 +02:00
sebdraven 8491e169e0
Merge pull request #4 from MISP/main
merge
2021-05-07 12:34:33 +02:00
Sebdraven d0c2f94354 add summary ip, domain and hostname 2021-05-07 12:27:11 +02:00
chrisr3d dc3b892a42 Merge branch 'main' of github.com:MISP/misp-modules into main 2021-05-04 18:39:26 +02:00
chrisr3d 780590cee3
fix: [farsight_passivedns] Handling exceptions raised from a query error
- This can happen with for instance a wrong server URL
2021-05-04 18:36:56 +02:00
Alexandre Dulaunoy bcc05c3337
Merge pull request #497 from aaronkaplan/cof2misp
Cof2misp
2021-05-04 18:27:33 +02:00
root 117200f334 oops, there was a minor error. print(..., file=sys.stDerr) . Typo! 2021-05-04 07:48:30 +00:00
aaronkaplan 09f0f3943a
Add license text. No logical changes in this commit 2021-05-04 09:44:47 +02:00
Alexandre Dulaunoy c6d02cc177
chg: [cof2misp] debugging removed 2021-05-03 12:41:01 +02:00
Alexandre Dulaunoy 10b5295cdd
chg: [cof2misp] remove logging in the misp-modules 2021-05-03 12:27:52 +02:00
Alexandre Dulaunoy 8e55101dc8
chg: [cof2misp module] fix the import module/package "__init__.py" missing 2021-05-03 12:04:22 +02:00
chrisr3d 790090eb0b
chg: [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template 2021-05-03 11:25:37 +02:00
aaronkaplan 0c6a12ea60 Make teh special attributes *_ip and _domain not needed.
See the discussion in https://github.com/MISP/misp-objects/pull/314
2021-05-02 22:54:41 +00:00
aaronkaplan 5a3465844a Make stub strict parser 2021-05-02 22:23:52 +00:00
aaronkaplan 763e10af5d flake8, you suck 2021-05-02 22:01:09 +00:00
aaronkaplan 36904c688c Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp 2021-05-02 21:49:40 +00:00
aaronkaplan 85864dad2e make flake8 happier 2021-05-02 21:39:39 +00:00
aaronkaplan d5d207f0cb Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp 2021-05-02 21:22:22 +00:00
aaronkaplan ff950bc50c Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp 2021-05-02 21:11:00 +00:00
aaronkaplan f1da1dd6fa Version 0.2 of the cof2misp import module. 2021-05-02 20:51:07 +00:00
aaronkaplan c06b8ff604 Version 0.2 of the cof2misp import module. 2021-05-02 16:45:55 +00:00
Sebdraven 16f9ec9f6d fix bug 2021-04-30 15:46:59 +02:00
Sebdraven 73ea9620bf add reference 2021-04-30 15:39:56 +02:00
Sebdraven 86beb488c1 add test to check 2021-04-30 15:25:27 +02:00
Sebdraven 32aeb52efc fixe typo 2021-04-30 15:22:55 +02:00
Sebdraven 4478440d5b remove pass 2021-04-30 15:16:47 +02:00
Sebdraven 7f1caaba25 add object certificate 2021-04-30 15:16:22 +02:00
Sebdraven 098616846d add hostname 2021-04-23 16:19:47 +02:00
Sebdraven e1c2c779aa Update onyphe.py
remove typo
2021-04-23 16:16:43 +02:00
Sebdraven f32717c896 check entry in result dico 2021-04-23 16:15:38 +02:00
Sebdraven 436254cd8c add logs 2021-04-23 16:13:32 +02:00
Sebdraven 7813ba4fc3 fix logical test 2021-04-23 16:11:10 +02:00
Sebdraven 9fd23d6fe0 add logs 2021-04-23 16:09:21 +02:00
Sebdraven ff6470d0e2 add logs 2021-04-23 16:07:44 +02:00
Sebdraven 8fbe371eca add logs 2021-04-23 16:06:20 +02:00
Sebdraven 94f6af8882 add summary ip
object domain
2021-04-23 16:02:21 +02:00
Sebdraven 9364859ce9 refactoring of the module 2021-04-22 15:05:29 +02:00
Sebdraven b9407ad85a Merge branch 'main' 2021-04-22 11:27:43 +02:00
Sebdraven 7ab2e099f4 fix typo 2021-04-21 18:15:16 +02:00
Sebdraven 9f5a4be9d7 remove variable unused 2021-04-21 17:54:01 +02:00
Sebdraven abac4cfab7 remove import unused and add package in requirements 2021-04-21 17:51:22 +02:00
Sebdraven 1b9d47dd33 Update yeti.py
pep 8 compliant
2021-04-21 15:41:20 +02:00
Sebdraven a76978d6c6 Update yeti.py
remove tags and entity
2021-04-21 15:40:46 +02:00
Sebdraven a277cbb8bf Update yeti.py
add input
2021-04-21 14:45:07 +02:00
sebdraven f6675a71e4
Merge pull request #2 from MISP/master
Master
2021-04-21 12:42:33 +02:00
Sebdraven 7e5238e8be Update yeti.py
add tests
2021-04-20 14:35:18 +02:00
Sebdraven 8683c9e5ce Update yeti.py
add ns record dst and src link
2021-04-20 14:13:16 +02:00
Sebdraven 26bc02617f Update yeti.py
add test to create result
2021-04-20 14:08:31 +02:00
Sebdraven 3426ad13c5 Update yeti.py
fix edges
2021-04-20 14:05:51 +02:00
Sebdraven fd76e55093 Update yeti.py
fix typo
2021-04-20 13:56:45 +02:00
Sebdraven dfa46b551a Update yeti.py
change params
2021-04-20 13:55:36 +02:00
Sebdraven baaaa81ec3 Update yeti.py
add ns_record object
2021-04-20 13:53:06 +02:00
Sebdraven cec06ed26d Update yeti.py
change loop
2021-04-20 13:38:45 +02:00
Sebdraven bb1cd7c4de Update yeti.py
fix bug
2021-04-20 12:43:43 +02:00
Sebdraven e037c4c767 Update yeti.py
remove tests
2021-04-20 12:42:49 +02:00
Sebdraven e0506ee31e Update yeti.py
filter by id
2021-04-20 12:40:01 +02:00
Sebdraven f701256008 Update yeti.py
add src
2021-04-20 12:33:46 +02:00
Sebdraven a2741e8eb7 Update yeti.py
fix keyerror
2021-04-20 12:30:22 +02:00
Sebdraven 9cb1a83e54 Update yeti.py
fix bug about id
2021-04-20 12:24:34 +02:00
Sebdraven 37867f89ee Update yeti.py
add logs
2021-04-20 12:21:56 +02:00
Sebdraven 507e56228f Update yeti.py
add logs
2021-04-20 12:19:43 +02:00
Sebdraven abba63f32f Update yeti.py
add test of id
2021-04-20 12:17:17 +02:00
Sebdraven 1a67f8ed96 Update yeti.py
add log
2021-04-20 12:08:59 +02:00
Sebdraven 385af28a0a Update yeti.py
add descripton
2021-04-20 12:07:06 +02:00
Sebdraven 8ea3d5c5c7 Update yeti.py
add file to add in attribute
2021-04-20 10:41:44 +02:00
Sebdraven 5d80b79bc4 Update yeti.py
add tags for attribute
2021-04-19 17:55:29 +02:00
Sebdraven 43672ee9a9 Update yeti.py
remove tag
2021-04-19 17:20:13 +02:00
Sebdraven f7ca8bf140 Update yeti.py
test tags
2021-04-19 17:19:23 +02:00
Sebdraven ee7c065795 Update yeti.py
change tags method
2021-04-19 17:16:59 +02:00
Sebdraven 21b52dda15 Update yeti.py
add related observable and AS
2021-04-19 17:10:47 +02:00
Sebdraven 5e6aec4162 Update yeti.py
remove print debug
2021-04-19 13:49:02 +02:00
Sebdraven b46a3a8885 Update yeti.py
fix bugs key error
2021-04-19 13:47:45 +02:00
Sebdraven 0da40b34ee Update yeti.py
add param
2021-04-19 13:45:29 +02:00
Sebdraven 1e98f1d575 Update yeti.py
try typo
2021-04-19 12:20:25 +02:00
Sebdraven 53cc15adcd Update yeti.py
remove print
2021-04-19 12:12:32 +02:00
Sebdraven ef6596637d Update yeti.py
remove tests
2021-04-19 11:49:24 +02:00
Sebdraven e3fc3a3f38 Update yeti.py
test
2021-04-19 11:47:06 +02:00
Sebdraven 8a24ed7fd6 Update yeti.py
add logs
2021-04-19 11:27:33 +02:00
Sebdraven 559533ea78 Update yeti.py
try test
2021-04-19 11:25:50 +02:00
Sebdraven a29779eff6 Update yeti.py
add check
2021-04-19 11:24:01 +02:00
Sebdraven 4634567b23 Update yeti.py
correct bug
2021-04-19 11:09:38 +02:00
Sebdraven be212097a7 Update yeti.py
add log
2021-04-19 11:08:21 +02:00
Sebdraven af01db860a Update yeti.py
add log
2021-04-19 11:05:16 +02:00
Sebdraven 07f54c1b86 Update yeti.py
correct typo
2021-04-19 11:03:39 +02:00
Sebdraven 69a5584dfe Update yeti.py
add relation
2021-04-19 11:00:55 +02:00
Sebdraven 6cd99c03e4 Update yeti.py
refactoring and add Url neighboors
2021-04-19 10:46:07 +02:00
chrisr3d dbff9b3aa8
chg: [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed 2021-04-16 22:00:27 +02:00
chrisr3d 576dcca671
chg: [rbl] Small changes on the rbl list and the results handling 2021-04-16 16:45:38 +02:00
chrisr3d 300cdc7a4c
fix: [ocr_enrich] Making Pep8 happy 2021-04-15 16:41:15 +02:00
chrisr3d 611bb6fa9e
fix: [ocr_enrich] Fixed tesseract input format
- It looks like the `image_to_string` method now
  assumes RGB format and the `imdecode` method
  seems to give BGR format, so we convert the
  image array before
2021-04-15 16:12:00 +02:00
chrisr3d 729feaa3f2
fix: [hibp] Fixed config handling to avoir KeyError exceptions 2021-04-14 16:52:55 +02:00
Alexandre Dulaunoy 577d0de500
chg: [farsight] make PEP happy 2021-04-14 14:45:55 +02:00
Alexandre Dulaunoy 2bc5021ace
Merge pull request #435 from JakubOnderka/remove-duplicate-decoding
fix: [main] Remove duplicate JSON decoding
2021-04-08 20:41:46 +02:00
Alexandre Dulaunoy 0752628de5
fix: [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other 2021-04-08 19:14:13 +02:00
chrisr3d a2282c4721
add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects
- The object_relation `time_first` is added as the
  `first_seen` value of the object
- Same with `time_last` -> `last_seen`
2021-03-31 13:42:07 +02:00
chrisr3d 505bbbc20a
fix: [farsight_passivedns] Excluding last_seen value for now, in order to get the available results
- With last_seen set we can easily get results
  included in a certain time frame (between first
  seen and last seen), but we do not get the
  latest results. In order to get those ones, we
  skip filtering on the time_last_before value
2021-03-30 17:34:01 +02:00
chrisr3d 5077050a3e
chg: [farsight_passivedns] Making first_time and last_time results human readable
- We get the datetime format instead of the raw
  timestamp
2021-03-30 03:47:34 +02:00
chrisr3d 327a1ac893
fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration
- Getting generator as a list as it is already the
  case for all the other results, so it avoids
  issues to read the results by accidently looping
  through the generator before it is actually
  needed, which would lose the content of the
  generator
- Also removed print that was accidently introduced
  with the last commit
2021-03-30 03:42:54 +02:00
chrisr3d 8935c4adc5 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-29 20:10:28 +02:00
chrisr3d 25d826076c
add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields 2021-03-29 20:09:29 +02:00
Alexandre Dulaunoy 521cdc4435
Merge pull request #484 from GreyNoise-Intelligence/main
Update to GreyNoise expansion module
2021-03-26 23:20:24 +01:00
Brad Chiappetta 5e20ea0dc0 update community api to released ver 2021-03-26 11:19:40 -04:00
Brad Chiappetta 714eb425c6 fix ver info 2021-03-23 13:41:05 -04:00
Brad Chiappetta 2855f7ff5f updates for greynoise community api 2021-03-23 13:39:36 -04:00
Sebdraven b42da0435b Update yeti.py
add key results
2021-03-19 15:55:18 +01:00
Sebdraven 240d043f91 Update yeti.py
delete attr
2021-03-19 15:50:37 +01:00
Sebdraven ef2bf29621 Update yeti.py
correction format strings
2021-03-19 15:39:09 +01:00
Sebdraven 76133ace8b Update yeti.py
change logs
2021-03-19 15:37:49 +01:00
Sebdraven 6b35a7ee4d Update yeti.py
value attribute
2021-03-19 15:32:05 +01:00
Sebdraven ed3e0d56fd Update yeti.py
change logs
2021-03-19 15:29:21 +01:00
Sebdraven 1be2c27131 Update yeti.py
add logs
2021-03-19 15:26:45 +01:00
Sebdraven 83c4b2f4b0 Update yeti.py
add relation
2021-03-19 15:22:53 +01:00
Sebdraven cd97186776 Update yeti.py
remove add
2021-03-19 15:20:58 +01:00
Sebdraven 624f423264 Update yeti.py
add logs
2021-03-19 15:19:37 +01:00
Sebdraven 5176a36acf Update yeti.py
change relations
2021-03-19 15:16:00 +01:00
Sebdraven 86275d7610 Update yeti.py
change modification
2021-03-19 14:38:34 +01:00
Sebdraven 0a364cf815 Update yeti.py
update relation
2021-03-19 14:32:00 +01:00
Sebdraven 9eb41f4022 Update yeti.py
change relation type
2021-03-19 14:26:44 +01:00
Sebdraven 0d035c0292 Update yeti.py
add relationship
2021-03-19 14:22:51 +01:00
Sebdraven b9ce6d689c Update yeti.py
add ref
2021-03-19 13:56:02 +01:00
Sebdraven 28b554d975 Update yeti.py
add test
2021-03-19 12:24:15 +01:00
Sebdraven bc1bea0ec4 Update yeti.py
change attribute add
2021-03-19 12:12:37 +01:00
Sebdraven 7255a1eddc Update yeti.py
change relationship
2021-03-19 12:09:54 +01:00
Sebdraven 65d8bb6b07 Update yeti.py
log json
2021-03-19 11:51:55 +01:00
Sebdraven 633f5efd56 Update yeti.py
log object
2021-03-19 11:48:55 +01:00
Sebdraven bd5c1b0b53 Update yeti.py
add logs
2021-03-19 11:40:23 +01:00
Sebdraven 1dfdb5a2a2 Update yeti.py
change type attr and relation
2021-03-19 11:29:57 +01:00
Sebdraven 347d12c78c Update yeti.py
add logs
2021-03-19 11:27:23 +01:00
Sebdraven d868373c5a Update yeti.py
add logs
2021-03-19 11:24:10 +01:00
Sebdraven bd4a4b87fc Update yeti.py
add logs
2021-03-19 11:18:01 +01:00
Sebdraven c9bc97c9f9 Update yeti.py
change relation type and misp event init
2021-03-19 11:15:27 +01:00
Sebdraven 0618e288d3 Update yeti.py
add relation object
2021-03-19 11:01:02 +01:00
Sebdraven 48f56b0690 Update yeti.py
add object
2021-03-19 10:52:48 +01:00
chrisr3d 9f80d69e64 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 19:34:18 +01:00
chrisr3d 458e432bb7
fix: Making pep8 happy 2021-03-18 19:22:26 +01:00
chrisr3d aea7e247a5 Merge branch 'main' of github.com:MISP/misp-modules into new_features 2021-03-18 18:45:41 +01:00
chrisr3d c8c44e75bf
fix: [farsight_passivedns] Fixed queries to the API
- Since flex queries input may be email addresses,
  we nake sure we replace '@' by '.' in the flex
  queries input.
- We also run the flex queries with the input as
  is first, before runnning them as second time
  with '.' characters escaped: '\\.'
2021-03-18 18:40:27 +01:00
Alexandre Dulaunoy bd38fabba5
Merge pull request #481 from cocaman/main
Adding ThreatFox enrichment module
2021-03-17 23:17:21 +01:00
chrisr3d f58f4aa9eb
chg: [farsight_passivedns] Added input types for more flex queries
- Standard types still supported as before
  - Name or ip lookup, with optional flex queries
- New attribute types added will only send flex
  queries to the DNSDB API
2021-03-17 20:17:07 +01:00
Corsin Camichel a13184b078
adding additional tags 2021-03-13 20:59:54 +01:00
Corsin Camichel d14d3d585f
first version of ThreatFox enrichment module 2021-03-13 20:36:49 +01:00
Corsin Camichel d913ae4b36
updating "hibp" for API version 3 2021-03-13 17:44:27 +01:00
Jürgen Löhel 9e8d01b6c8
fix: google.py module
The search result does not include always 3 elements. It's better to
enumerate here.
The googleapi fails sometimes. Retry it 3 times.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 18:04:12 -06:00
Jürgen Löhel c1700cc955
fix: google.py module
Corrects import for gh.com/abenassi/Google-Search-API.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-03-09 16:46:11 -06:00
Sebdraven 6fc3b2a860 Update yeti.py
refactoring
2021-03-05 19:01:25 +01:00
Sebdraven 294bdee51a Update yeti.py
using attribute
2021-03-05 16:57:55 +01:00
Sebdraven 33bba708bf Update yeti.py
use format misp
2021-03-05 16:53:49 +01:00
Sebdraven bf617807df Update yeti.py
modify acess dict
2021-03-05 15:19:30 +01:00
Sebdraven 9de5dd89ee Update yeti.py
add logs
2021-03-05 15:14:25 +01:00
Sebdraven 7e1bf41d47 Update yeti.py
add logs
2021-03-05 15:08:32 +01:00
Sebdraven cb008124c3 Update yeti.py
add neighboors iocs to add the event
2021-03-05 15:06:13 +01:00
Sebdraven e3f23793e0 Update yeti.py
modify call yeti
2021-03-05 11:40:11 +01:00
Sebdraven 6aff43cf99 Update yeti.py
Correct bugs
2021-03-05 11:37:04 +01:00
Sebdraven 800020d6a2 Update yeti.py
change inherit
2021-03-05 11:34:01 +01:00
Sebdraven e2a1ade14a Update yeti.py
change path to access config settings
2021-03-05 11:28:50 +01:00
Sebdraven 3fdce84ff7 Update yeti.py
add log
2021-03-05 11:24:43 +01:00
Sebdraven e7cb15a0c4 Update yeti.py
add ip-dst to enrich
2021-03-05 11:22:53 +01:00
Sebdraven 0f31893fdb Update yeti.py
add logs
2021-03-05 11:06:12 +01:00
Sebdraven 1209cd3a75 yeti pluggin
get_entities and get_neighboors
2021-03-05 11:00:19 +01:00
Jakub Onderka 38457f0a7b
fix: Consider mail body as UTF-8 encoded 2021-03-02 15:03:15 +01:00
Sebdraven 1def6e3f06 Update yeti.py
add introspection method
2021-02-05 12:02:08 +01:00
Sebdraven b29b3ded28 Update yeti.py
add method version
2021-02-05 11:47:27 +01:00
Sebdraven 619d648084 Update yeti.py
correct import
2021-02-05 11:37:34 +01:00
Sebdraven 66fc121dbe Update yeti.py
add config and struct
2021-02-05 11:17:40 +01:00
Sebdraven 7781a0cae7 add new module
new module yeti
2021-02-05 10:18:52 +01:00
adammchugh 2832466f7f
Update assemblyline_submit.py 2021-02-02 22:56:02 +10:30
adammchugh 6f5c77ef08
Update assemblyline_query.py 2021-02-02 22:55:09 +10:30
adammchugh 07b8968b7d
Update assemblyline_submit.py 2021-02-02 22:52:27 +10:30
Cory Kennedy 774b2f37a6 Corrected VMray rest API import
When loading misp-modules,  the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
2021-01-04 15:27:47 -06:00
Alexandre Dulaunoy ff9ac60bbd
Merge pull request #457 from trustar/main
added more explicit error messages for indicators that return no enri…
2020-12-04 21:37:47 +01:00
Jesse Hedden bad538653d added more explicit error messages for indicators that return no enrichment data 2020-12-04 11:59:57 -08:00
Jens Thom 0e4e432dc4 fix imports and unused variables 2020-11-30 12:48:01 +01:00
Jens Thom a404202d1d Merge remote-tracking branch 'upstream/main' into main 2020-11-30 12:23:11 +01:00
Jens Thom 2a870f2d97 * add parser for report version v1 and v2
* add summary JSON import module
2020-11-30 12:06:19 +01:00
milkmix 2544218899 fixed error reported by LGTM analysis 2020-11-23 16:28:23 +01:00
milkmix 47980ef2eb added missing quotes 2020-11-21 08:52:18 +01:00
milkmix 30d9ae6032 added URL support 2020-11-20 18:56:28 +01:00
milkmix 71d2aeaacd typo in python src name 2020-11-20 16:31:48 +01:00
milkmix 451531326d initial work on Defender for Endpoint export module 2020-11-20 16:29:08 +01:00
chrisr3d 575bed0da8 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-18 11:52:53 +01:00
chrisr3d 2464172e1a Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-11-18 11:34:33 +01:00
chrisr3d c1e52fdb12
fix: [farsight_passivedns] Fixed pep8 backslash issue 2020-11-15 20:15:06 +01:00
chrisr3d d1ac0cffe0
fix: [farsight_passivedns] Fixed issue with variable name 2020-11-15 20:11:08 +01:00
chrisr3d dfec0e5cf4
add: [farsight-passivedns] Optional feature to submit flex queries
- The rrset and rdata queries remain the same but
  with the parameter `flex_queries`, users can
  also get the results of the flex rrnames & flex
  rdata regex queries about their domain, hostname
  or ip address
- Results can thus include passive-dns objects
  containing the `raw_rdata` object_relation added
  with 0a3e948
2020-11-13 20:38:02 +01:00
chrisr3d 993a614a20 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-13 16:47:07 +01:00
chrisr3d 32c0bf9ae2
fix: [cpe] Fixed typo in vulnerable-configuration object relation fields 2020-11-13 15:49:58 +01:00
chrisr3d bd3fa3ea07
chg: [cpe] Added default limit to the results
- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
2020-11-13 15:46:41 +01:00
chrisr3d 3f863e4437
fix: [farsight_passivedns] Fixed typo in the lookup fields 2020-11-13 15:28:10 +01:00
chrisr3d fe010782f3
chg: [farsight_passivedns] Now using the dnsdb2 python library
- Also updated the results parsing to check in
  each returned result for every field if they are
  included, to avoid key errors if any field is
  missing
2020-11-12 16:01:14 +01:00
chrisr3d 2a25cda026 Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main 2020-11-11 10:46:44 +01:00
chrisr3d bb7564dea9 Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch 2020-11-11 10:45:06 +01:00
Jesse Hedden 0650126d6a fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data 2020-11-10 17:20:03 -08:00
chrisr3d b98562a75e
chg: [cpe] Support of the new CVE-Search API 2020-11-10 17:53:47 +01:00
chrisr3d d9cfcf8f62
fix: [farsight_passivedns] Uncommented mandatory field that was commented for tests 2020-11-05 17:51:41 +01:00
chrisr3d c0440a0d33 chg: [farsight_passivedns] More context added to the results
- References between the passive-dns objects and
  the initial attribute
- Comment on object attributes mentioning whether
  the results come from an rrset or an rdata
  lookup
2020-11-05 15:55:30 +01:00
chrisr3d 7c5465e02b fix: [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version 2020-11-05 15:55:15 +01:00
chrisr3d d9e576e605 chg: [farsight_passivedns] Rework of the module to return MISP objects
- All the results are parsed as passive-dns MISP
  objects
- More love to give to the parsing to add
  references between the passive-dns objects and
  the input attribute, depending on the type of
  the query (rrset or rdata), or the rrtype
  (to be determined)
2020-11-05 15:55:00 +01:00
chrisr3d 260bddb3cf
chg: [cpe] Changed CVE-Search API default url 2020-11-02 19:03:26 +01:00
chrisr3d 54f7e604c8 Merge branch 'main' of github.com:MISP/misp-modules into main 2020-11-02 19:03:16 +01:00
chrisr3d 6660e2fc11
add: Added documentation for the cpe module 2020-10-24 23:52:06 +02:00
chrisr3d 88c8d9077c
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00
mokaddem 2be1d7a0cd new: [expansion] Added html_to_markdown module
It fetches the HTML from the provided URL, performs a bit of DOM
clean-up then convert it into markdown
2020-10-23 22:17:47 +02:00
chrisr3d 410aaaeb28
add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities 2020-10-23 21:19:26 +02:00
chrisr3d c00349e198
fix: [cve-advanced] Using the cpe and weakness attribute types 2020-10-22 23:25:20 +02:00
chrisr3d 2a2a908f09 Merge branch 'main' of github.com:MISP/misp-modules into new_module 2020-10-22 22:59:21 +02:00
Jakub Onderka d0115e8b36 fix: [main] Disable duplicate JSON decoding 2020-10-22 18:03:29 +02:00
Jakub Onderka 7ad5eb0bfa chg: [clamav] Add reference to original attribute 2020-10-20 19:26:04 +02:00
Alexandre Dulaunoy 0872bb820c
chg: [clamav] TCP port connection must be an integer 2020-10-20 10:17:52 +02:00
Jakub Onderka f2de7ab87f new: [clamav] Module for malware scan by ClamAV 2020-10-17 23:25:47 +02:00
chrisr3d 48635d8f1b
add: Added documentation for the socialscan new module
- Also quick fix of the message for an invalid
  result or response concerning the queried email
  address or username
2020-10-02 17:01:02 +02:00
chrisr3d d950b4d7ec
fix: Removed debugging print command 2020-10-02 01:50:49 +02:00
chrisr3d 9a766d6010
add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms 2020-10-01 23:25:39 +02:00
chrisr3d 14aa6e2d1a
fix: [cve_advanced] Avoiding potential MISP object references issues
- Adding objects as dictionaries in an event may
  cause issues in some cases. It is better to pass
  the MISP object as is, as it is already a valid
  object since the MISPObject class is used
2020-10-01 22:44:39 +02:00
chrisr3d c5abf89805
fix: [virustotal_public] Resolve key error when user enrich hostname
- Same as #424
2020-09-28 12:34:00 +02:00
Christian Studer 38c3502394
Merge pull request #424 from JakubOnderka/vt-subdomains-fix
fix: [virustotal] Resolve key error when user enrich hostname
2020-09-28 12:32:42 +02:00
Raphaël Vinot 2dde6e8757
fix: Typo in EMailObject
Fix #427
2020-09-09 10:56:01 +02:00
chrisr3d 3101e5bc26
chg: Updated the bgpranking expansion module to return MISP objects
- The module no longer returns freetext, since the
  result returned to the freetext import as text
  only allowed MISP to parse the same AS number as
  the input attribute.
- The new result returned with the updated module
  is an asn object describing more precisely the
  AS number, and its ranking for a given day
2020-09-08 16:08:57 +02:00
chrisr3d ae1016946b
fix: Making pep8 happy 2020-08-28 17:30:23 +02:00
chrisr3d 1349ef61a5
chg: Turned the Shodan expansion module into a misp_standard format module
- As expected with the misp_standard modules, the
  input is a full attribute and the module is able
  to return attributes and objects
- There was a lot of data that was parsed as regkey
  attributes by the freetext import, the module now
  parses properly the different field of the result
  of the query returned by Shodan
2020-08-28 16:55:50 +02:00
johannesh 8087c9a6a1 Add proxy support and User-Agent header 2020-08-24 11:19:15 +02:00
David André b5d7c9c7a3
Disable correlation for detection-ratio in virustotal.py 2020-08-24 10:11:08 +02:00