misp-modules

Commit Graph

Author	SHA1	Message	Date
chrisr3d	4ee0cbe4c5	add: Added virustotal_public to the list of available modules	2019-07-24 11:10:25 +02:00
chrisr3d	92d90e8e1c	add: TODO comment for the next improvement	2019-07-23 09:42:10 +02:00
chrisr3d	14cf39d8b6	chg: Updated the module to work with the updated VirusTotal API - Parsing functions updated to support the updated format of the VirusTotal API responses - The module can now return objects - /!\ This module requires a high number of requests limit rate to work as expected /!\	2019-07-22 16:22:29 +02:00
chrisr3d	1fa37ea712	fix: Avoiding issues with non existing sample types	2019-07-22 11:43:35 +02:00
chrisr3d	675e0815ff	add: Parsing communicating samples returned by domain reports	2019-07-22 11:42:52 +02:00
chrisr3d	c9c2027a57	fix: Undetected urls are represented in lists	2019-07-22 11:39:46 +02:00
chrisr3d	6fdfcb0a29	fix: Changed function name to avoid confusion with the same variable name	2019-07-22 09:53:19 +02:00
chrisr3d	729c86c336	fix: Quick fix on siblings & url parsing	2019-07-22 09:16:04 +02:00
chrisr3d	9aa721bc37	fix: typo	2019-07-19 16:20:24 +02:00
chrisr3d	641dda0103	add: Parsing downloaded samples as well as the referrer ones	2019-07-18 21:38:17 +02:00
chrisr3d	795edb7457	chg: Adding references between a domain and their siblings	2019-07-17 20:40:56 +02:00
chrisr3d	8de350744b	chg: Getting domain siblings attributes uuid for further references	2019-07-16 22:39:35 +02:00
chrisr3d	a61d09db8b	fix: Parsing detected & undetected urls	2019-07-15 23:44:25 +02:00
chrisr3d	d9b03a7aa5	fix: Various fixes about typo, variable names, data types and so on	2019-07-12 10:59:19 +02:00
chrisr3d	f862a14ce6	add: Object for VirusTotal public API queries - Lighter analysis of the report to avoid reaching the limit of queries per minute while recursing on the different elements	2019-07-11 22:59:07 +02:00
chrisr3d	3edc323836	fix: Making pep8 happy	2019-07-10 15:29:31 +02:00
chrisr3d	5703253961	new: First version of an advanced CVE parser module - Using cve.circl.lu as well as the initial module - Going deeper into the CVE parsing - More parsing to come with the CWE, CAPEC and so on	2019-07-10 15:20:22 +02:00
chrisr3d	9e45d302b1	fix: Testing if an object is not empty before adding it the the event	2019-06-18 09:45:59 +02:00
chrisr3d	9fdd6c5e58	fix: Making travis happy	2019-06-15 08:17:29 +02:00
chrisr3d	2f3ce1b615	fix: Support of the latest version of sigmatools	2019-06-15 08:06:47 +02:00
Georg Schölly	efb0a88eeb	joesandbox_query.py: improve behavior in unexpected circumstances	2019-06-04 11:29:40 +02:00
chrisr3d	aa3e873845	fix: Making pep8 happy + added joe_import module in the init list	2019-06-04 11:33:42 +10:00
chrisr3d	42bc6f8d2b	fix: Fixed variable name typo	2019-06-04 11:32:21 +10:00
chrisr3d	ee48d99845	add: New expansion module to query Joe Sandbox API with a report link	2019-06-04 09:48:50 +10:00
chrisr3d	0d40830a7f	fix: Some quick fixes - Fixed strptime matching because months are expressed in abbreviated format - Made data loaded while the parsing function is called, in case it has to be called multiple times at some point	2019-06-03 18:35:58 +10:00
chrisr3d	74b73f9332	chg: Moved JoeParser class to make it reachable from expansion & import modules	2019-05-29 11:26:14 +10:00
chrisr3d	f541b1f4ba	Merge branch 'master' of github.com:MISP/misp-modules into new_module	2019-05-29 10:50:39 +10:00
Georg Schölly	9377a892f4	support url analyses	2019-05-28 16:19:35 +02:00
Georg Schölly	380b8d46ba	improve forwards-compatibility	2019-05-28 16:14:59 +02:00
chrisr3d	8ac651562e	fix: Making pep8 & travis happy	2019-05-23 16:13:49 +02:00
chrisr3d	be05de62c0	add: Parsing MITRE ATT&CK tactic matrix related to the Joe report	2019-05-23 15:59:52 +02:00
chrisr3d	e608107a09	add: Parsing domains, urls & ips contacted by processes	2019-05-22 17:12:49 +02:00
chrisr3d	cfec9a6b1c	fix: Added references between processes and the files they drop	2019-05-22 15:27:04 +02:00
chrisr3d	191034d311	add: Starting parsing dropped files	2019-05-21 23:37:53 +02:00
Georg Schölly	1745d33ee4	add expansion for joe sandbox	2019-05-21 21:14:21 +02:00
chrisr3d	417c306ace	fix: Avoiding network connection object duplicates	2019-05-20 15:59:18 +02:00
chrisr3d	72e5f0099d	fix: Avoid creating a signer info object when the pe is not signed	2019-05-20 10:52:34 +02:00
chrisr3d	54f5fa6fa9	fix: Avoiding dictionary indexes issues - Using tuples as a dictionary indexes is better than using generators...	2019-05-20 09:19:38 +02:00
chrisr3d	0d5f867825	add: Starting parsing network behavior fields	2019-05-17 22:18:11 +02:00
chrisr3d	f9515c14d0	fix: Avoiding attribute & reference duplicates	2019-05-16 16:14:25 +02:00
chrisr3d	2246fc0d02	add: Parsing registry activities under processes	2019-05-16 16:11:43 +02:00
chrisr3d	067b229224	fix: Handling case of multiple processes in behavior field - Also starting parsing file activities	2019-05-15 22:06:55 +02:00
chrisr3d	d195b554a5	fix: Testing if some fields exist before trying to import them - Testing for pe itself, pe versions and pe signature	2019-05-15 22:05:03 +02:00
chrisr3d	fc8a56d1d9	fix: Removed test print	2019-05-15 15:49:29 +02:00
chrisr3d	df7047dff0	fix: Fixed output format to match with the recent changes on modules	2019-05-14 10:50:11 +02:00
chrisr3d	29e681ef81	add: Parsing processes called by the file analyzed in the joe sandbox report	2019-05-13 17:30:01 +02:00
chrisr3d	d39fb7da18	add: Parsing some object references at the end of the process	2019-05-13 17:29:07 +02:00
chrisr3d	728386d8a0	add: [new_module] Module to import data from Joe sandbox reports - Parsing file, pe and pe-section objects from the report file info field - Deeper file info parsing to come - Other fields parsing to come as well	2019-05-08 16:52:49 +02:00
chrisr3d	77db21cf18	fix: Making pep8 happy	2019-05-07 09:37:21 +02:00
chrisr3d	f1b5f05bb3	fix: Checking not MISP header fields - Rejecting fields not recognizable by MISP	2019-05-07 09:35:56 +02:00

1 2 3 4 5 ...

599 Commits (fc8a573ba7334d0829b6e617a0bf1b815f3e1602)