Commit Graph

63 Commits (f28aaf07c433692249b43a94f7cf6de70723b9b5)

Author SHA1 Message Date
chrisr3d 7945d060ff
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00
Stefano Ortolani f749578525 add: Modules to query/import/submit data from/to Lastline 2019-12-02 19:09:40 +00:00
aaronkaplan 5350003e3a
initial version of the ransomcoindb expansion module 2019-11-25 18:52:39 +01:00
chrisr3d 96712da5e0
add: Module to query AssemblyLine and parse the results
- Takes an AssemblyLine submission link to query
  the API and get the full submission report
- Parses the potentially malicious files and the
  IPs, domains or URLs they are connecting to
- Possible improvement of the parsing filters in
  order to include more data in the MISP event
2019-11-21 13:25:50 -05:00
chrisr3d 58a4cb15a1
add: New expansion module to submit samples and urls to AssemblyLine 2019-11-19 15:41:35 -05:00
chrisr3d 852018bf79
fix: Added urlscan & secuirtytrails modules in __init__ list 2019-11-04 16:52:26 +01:00
Alexandre Dulaunoy c3c6f1a6ea
Merge pull request #346 from blaverick62/master
EQL Query Generation Modules
2019-10-30 22:08:07 +01:00
Braden Laverick a426ad249d Added EQL enrichment module 2019-10-29 19:42:47 +00:00
Davide 56e16dbaf5 Added apiosintDS module to query OSINT.digitalside.it services 2019-10-24 12:49:29 +02:00
chrisr3d 63dba29c52
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00
chrisr3d 4ee0cbe4c5
add: Added virustotal_public to the list of available modules 2019-07-24 11:10:25 +02:00
chrisr3d 5703253961
new: First version of an advanced CVE parser module
- Using cve.circl.lu as well as the initial module
- Going deeper into the CVE parsing
- More parsing to come with the CWE, CAPEC and so on
2019-07-10 15:20:22 +02:00
chrisr3d aa3e873845
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 11:33:42 +10:00
chrisr3d ee48d99845
add: New expansion module to query Joe Sandbox API with a report link 2019-06-04 09:48:50 +10:00
chrisr3d f541b1f4ba Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-05-29 10:50:39 +10:00
Georg Schölly 1745d33ee4 add expansion for joe sandbox 2019-05-21 21:14:21 +02:00
root 92351e6679
add: Added urlhaus in the expansion modules init list 2019-05-01 22:22:10 +02:00
Alexandre Dulaunoy ec766f571c
chg: [init] cleanup for pep 2019-04-26 13:36:53 +02:00
Sascha Rommelfangen 1d4f8a6989 new modules added 2019-04-26 12:09:16 +02:00
Sascha Rommelfangen 06036b7fe5 Merge branch 'master' of https://github.com/MISP/misp-modules 2019-04-24 15:01:03 +02:00
Sascha Rommelfangen 5104bce451 renamed module 2019-04-24 14:53:03 +02:00
Alexandre Dulaunoy 81b0082ae5
chg: [init] removed trailing whitespace 2019-04-24 14:01:48 +02:00
Sascha Rommelfangen 7171c8ce92 initial version of OCR expansion module 2019-04-24 13:54:21 +02:00
Alexandre Dulaunoy 18a2370ae3
Merge pull request #291 from Evert0x/submitcuckoo
Expansion module - File/URL submission to Cuckoo Sandbox
2019-04-23 19:36:28 +02:00
Alexandre Dulaunoy e55ae11a1e
chg: [qrcode] added to the __init__ 2019-04-23 14:45:12 +02:00
Evert0x e243edb503
Update __init__.py 2019-04-18 14:25:05 +02:00
Raphaël Vinot 9cb21f98e1 fix: Add the new module sin the list of modules availables. 2019-04-02 15:46:17 +02:00
chrisr3d 74594f29aa
Merge branch 'master' of github.com:MISP/misp-modules into new_module 2019-02-11 09:28:49 +01:00
9b e4c1468968 Stubbed module 2019-02-08 12:27:20 -05:00
chrisr3d d1000d82c4
add: New module to check if a bitcoin address has been abused
- Also related update of documentation
2019-02-05 14:46:42 +01:00
Raphaël Vinot d5ec09fe4a fix: Change module name 2019-01-21 13:57:45 +01:00
Raphaël Vinot 8fc5b1fd1f fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
Raphaël Vinot d0aec62f1a new: Intel471 module 2018-12-11 13:30:52 +01:00
chrisr3d 547985b8ce fix: Added Macaddress.io module in the init list 2018-11-22 12:26:27 +01:00
Steve Clement 91f922b5c4 chg: [btc] Removed simple PoC for btc expansion. 2018-11-07 22:53:21 +09:00
Sascha Rommelfangen 00b1b3214b added btc_steroids to the list 2018-11-07 14:28:28 +01:00
Steve Clement 7bafa939b0 new: [btc] Very simple BTC expansion
chg: [req] yara-python is preferred
2018-11-06 00:48:36 +09:00
chrisr3d 1d530a7fa6
new: First version of a yara rule creation expansion module 2018-10-18 14:44:57 +02:00
Igor Ivanov 8d7d377464 added exploit information 2018-09-18 12:11:47 +02:00
chrisr3d 90baa1dd5a
add: Added DBL spamhaus module documentation and in expansion init file 2018-08-08 17:05:22 +02:00
chrisr3d a62078aad1
add: Experimental expansion module to display the SIEM signatures from a sigma rule 2018-07-11 23:43:42 +02:00
chrisr3d 08d8459e1a
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00
chrisr3d b1c90b411e
add: Sigma syntax validator expansion module
--> Checks sigma rules syntax
- Updated the expansion modules list as well
- Updated the requirements list
2018-06-28 10:41:32 +02:00
chrisr3d 7c691af807
Updated the list of expansion modules 2018-06-28 10:39:40 +02:00
Alexandre Dulaunoy 9664127b85
add: new expansion module to check hashes against hashdd.com including NSLR dataset. 2018-05-29 21:54:22 +02:00
Dennis Rand 43db92dbe6 Added Yara syntax validation expansion module 2018-02-12 19:11:54 +00:00
Christophe Vandeplas 8a1a860cda added CrowdStrike Falcon Intel Indicators expansion module 2018-01-19 14:42:25 +01:00
Christophe Vandeplas 0ec8339d7a New Farsight DNSDB Passive DNS expansion module 2017-12-05 16:41:41 +01:00
Koen Van Impe 74e660d61b VulnDB Queries
Search on CVE at https://vulndb.cyberriskanalytics.com/
    https://www.riskbasedsecurity.com/
Get extended CVE info, links + CPE
2017-11-06 14:23:03 +01:00
Chris Doman c4fe78b39d Add AlienVault OTX and ThreatCrowd Expansions 2017-07-11 18:16:45 +01:00