MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/index.html

810 lines
37 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="MISP Modules Project">
<meta name="author" content="MISP Project">
<link rel="canonical" href="https://www.misp-project.org/">
<link rel="next" href="expansion/">
<link rel="icon" href="img/favicon.ico">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
<title>MISP Modules Documentation</title>
<link rel="stylesheet" href="assets/stylesheets/main.50c56a3b.min.css">
<link rel="stylesheet" href="assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL(".",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#home" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="." title="MISP Modules Documentation" class="md-header__button md-logo" aria-label="MISP Modules Documentation" data-md-component="logo">
<img src="img/misp.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
MISP Modules Documentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Home
</span>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="." title="MISP Modules Documentation" class="md-nav__button md-logo" aria-label="MISP Modules Documentation" data-md-component="logo">
<img src="img/misp.png" alt="logo">
</a>
MISP Modules Documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/MISP/misp-modules/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
MISP/misp-modules
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Home
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="." class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Home
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#existing-misp-modules" class="md-nav__link">
<span class="md-ellipsis">
Existing MISP modules
</span>
</a>
<nav class="md-nav" aria-label="Existing MISP modules">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#expansion-modules" class="md-nav__link">
<span class="md-ellipsis">
Expansion modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#export-modules" class="md-nav__link">
<span class="md-ellipsis">
Export modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#import-modules" class="md-nav__link">
<span class="md-ellipsis">
Import modules
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#how-to-contribute-your-own-module" class="md-nav__link">
<span class="md-ellipsis">
How to contribute your own module?
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" class="md-nav__link">
<span class="md-ellipsis">
Licenses
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Modules
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Modules
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="expansion/" class="md-nav__link">
<span class="md-ellipsis">
Expansion Modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="export_mod/" class="md-nav__link">
<span class="md-ellipsis">
Export Modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="import_mod/" class="md-nav__link">
<span class="md-ellipsis">
Import Modules
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="install/" class="md-nav__link">
<span class="md-ellipsis">
Install Guides
</span>
</a>
</li>
<li class="md-nav__item">
<a href="contribute/" class="md-nav__link">
<span class="md-ellipsis">
Contribute
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
About
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
About
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="license/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#existing-misp-modules" class="md-nav__link">
<span class="md-ellipsis">
Existing MISP modules
</span>
</a>
<nav class="md-nav" aria-label="Existing MISP modules">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#expansion-modules" class="md-nav__link">
<span class="md-ellipsis">
Expansion modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#export-modules" class="md-nav__link">
<span class="md-ellipsis">
Export modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#import-modules" class="md-nav__link">
<span class="md-ellipsis">
Import modules
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#how-to-contribute-your-own-module" class="md-nav__link">
<span class="md-ellipsis">
How to contribute your own module?
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#licenses" class="md-nav__link">
<span class="md-ellipsis">
Licenses
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="home">Home<a class="headerlink" href="#home" title="Permanent link">&para;</a></h1>
<p><a href="https://travis-ci.org/MISP/misp-modules"><img alt="Build Status" src="https://travis-ci.org/MISP/misp-modules.svg?branch=master" /></a>
<a href="https://coveralls.io/github/MISP/misp-modules?branch=master"><img alt="Coverage Status" src="https://coveralls.io/repos/github/MISP/misp-modules/badge.svg?branch=master" /></a>
<a href="https://codecov.io/gh/MISP/misp-modules"><img alt="codecov" src="https://codecov.io/gh/MISP/misp-modules/branch/main/graph/badge.svg" /></a>
<a href="https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_shield"><img alt="FOSSA Status" src="https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=shield" /></a></p>
<p>MISP modules are autonomous modules that can be used for expansion and other services in <a href="https://github.com/MISP/MISP">MISP</a>.</p>
<p>The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities
without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.</p>
<p>MISP modules support is included in MISP starting from version <code>2.4.28</code>.</p>
<p>For more information: <a href="https://www.circl.lu/assets/files/misp-training/switch2016/2-misp-modules.pdf">Extending MISP with Python modules</a> slides from MISP training.</p>
<h2 id="existing-misp-modules">Existing MISP modules<a class="headerlink" href="#existing-misp-modules" title="Permanent link">&para;</a></h2>
<h3 id="expansion-modules">Expansion modules<a class="headerlink" href="#expansion-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/backscatter_io.py">Backscatter.io</a> - a hover and expansion module to expand an IP address with mass-scanning observations.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/bgpranking.py">BGP Ranking</a> - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/btc_scam_check.py">BTC scam check</a> - An expansion hover module to instantly check if a BTC address has been abused.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/btc_steroids.py">BTC transactions</a> - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/circl_passivedns.py">CIRCL Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/circl_passivessl.py">CIRCL Passive SSL</a> - a hover and expansion module to expand IP addresses with the X.509 certificate seen.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/countrycode.py">countrycode</a> - a hover module to tell you what country a URL belongs to.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/crowdstrike_falcon.py">CrowdStrike Falcon</a> - an expansion module to expand using CrowdStrike Falcon Intel Indicator API.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cve.py">CVE</a> - a hover module to give more information about a vulnerability (CVE).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cve_advanced.py">CVE advanced</a> - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cuckoo_submit.py">Cuckoo submit</a> - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/dbl_spamhaus.py">DBL Spamhaus</a> - a hover module to check Spamhaus DBL for a domain name.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/dns.py">DNS</a> - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/docx-enrich.py">docx-enrich</a> - an enrichment module to get text out of Word document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/domaintools.py">DomainTools</a> - a hover and expansion module to get information from <a href="http://www.domaintools.com/">DomainTools</a> whois.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/eupi.py">EUPI</a> - a hover and expansion module to get information about an URL from the <a href="https://phishing-initiative.eu/?lang=en">Phishing Initiative project</a>.</li>
<li><a href="misp_modules/modules/expansion/eql.py">EQL</a> - an expansion module to generate event query language (EQL) from an attribute. <a href="https://eql.readthedocs.io/en/latest/">Event Query Language</a></li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/farsight_passivedns.py">Farsight DNSDB Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_country.py">GeoIP</a> - a hover and expansion module to get GeoIP information from geolite/maxmind.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py">Greynoise</a> - a hover to get information from greynoise.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py">hashdd</a> - a hover module to check file hashes against <a href="http://www.hashdd.com">hashdd.com</a> including NSLR dataset.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py">hibp</a> - a hover module to lookup against Have I Been Pwned?</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py">intel471</a> - an expansion module to get info from <a href="https://intel471.com">Intel471</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py">IPASN</a> - a hover and expansion to get the BGP ASN of an IP address.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py">iprep</a> - an expansion module to get IP reputation from packetmail.net.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_submit.py">Joe Sandbox submit</a> - Submit files and URLs to Joe Sandbox.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/joesandbox_query.py">Joe Sandbox query</a> - Query Joe Sandbox with the link of an analysis and get the parsed data.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/macaddress_io.py">macaddress.io</a> - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from <a href="https://macaddress.io">MAC address Vendor Lookup</a>. See <a href="https://macaddress.io/integrations/MISP-module">integration tutorial here</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/macvendors.py">macvendors</a> - a hover module to retrieve mac vendor information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ocr-enrich.py">ocr-enrich</a> - an enrichment module to get OCRized data from images into MISP.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ods-enrich.py">ods-enrich</a> - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/odt-enrich.py">odt-enrich</a> - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe.py">onyphe</a> - a modules to process queries on Onyphe.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe_full.py">onyphe_full</a> - a modules to process full queries on Onyphe.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/otx.py">OTX</a> - an expansion module for <a href="https://otx.alienvault.com/">OTX</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py">passivetotal</a> - a <a href="https://www.passivetotal.org/">passivetotal</a> module that queries a number of different PassiveTotal datasets.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/pdf-enrich.py">pdf-enrich</a> - an enrichment module to extract text from PDF into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/pptx-enrich.py">pptx-enrich</a> - an enrichment module to get text out of PowerPoint document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/qrcode.py">qrcode</a> - a module decode QR code, barcode and similar codes from an image and enrich with the decoded values.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/rbl.py">rbl</a> - a module to get RBL (Real-Time Blackhost List) values from an attribute.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/reversedns.py">reversedns</a> - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/securitytrails.py">securitytrails</a> - an expansion module for <a href="https://securitytrails.com/">securitytrails</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/shodan.py">shodan</a> - a minimal <a href="https://www.shodan.io/">shodan</a> expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_queries.py">Sigma queries</a> - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_syntax_validator.py">Sigma syntax validator</a> - Sigma syntax validator.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sourcecache.py">sourcecache</a> - a module to cache a specific link from a MISP instance.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py">STIX2 pattern syntax validator</a> - a module to check a STIX2 pattern syntax.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatcrowd.py">ThreatCrowd</a> - an expansion module for <a href="https://www.threatcrowd.org/">ThreatCrowd</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatminer.py">threatminer</a> - an expansion module to expand from <a href="https://www.threatminer.org/">ThreatMiner</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/urlhaus.py">urlhaus</a> - Query urlhaus to get additional data about a domain, hash, hostname, ip or url.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/urlscan.py">urlscan</a> - an expansion module to query <a href="https://urlscan.io">urlscan.io</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal.py">virustotal</a> - an expansion module to query the <a href="https://www.virustotal.com/gui/home">VirusTotal</a> API with a high request rate limit required. (More details about the API: <a href="https://developers.virustotal.com/reference">here</a>)</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_public.py">virustotal_public</a> - an expansion module to query the <a href="https://www.virustotal.com/gui/home">VirusTotal</a> API with a public key and a low request rate limit. (More details about the API: <a href="https://developers.virustotal.com/reference">here</a>)</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py">VMray</a> - a module to submit a sample to VMray.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py">VulnDB</a> - a module to query <a href="https://www.riskbasedsecurity.com/">VulnDB</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py">Vulners</a> - an expansion module to expand information about CVEs using Vulners API.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py">whois</a> - a module to query a local instance of <a href="https://github.com/rafiot/uwhoisd">uwhois</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py">wikidata</a> - a <a href="https://www.wikidata.org">wikidata</a> expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py">xforce</a> - an IBM X-Force Exchange expansion module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xlsx-enrich.py">xlsx-enrich</a> - an enrichment module to get text out of an Excel document into MISP (using free-text parser).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yara_query.py">YARA query</a> - a module to create YARA rules from single hash attributes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yara_syntax_validator.py">YARA syntax validator</a> - YARA syntax validator.</li>
</ul>
<h3 id="export-modules">Export modules<a class="headerlink" href="#export-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py">CEF</a> module to export Common Event Format (CEF).</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py">Cisco FireSight Manager ACL rule</a> module to export as rule for the Cisco FireSight manager ACL.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/goamlexport.py">GoAML export</a> module to export in <a href="http://goaml.unodc.org/goaml/en/index.html">GoAML format</a>.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/liteexport.py">Lite Export</a> module to export a lite event.</li>
<li><a href="misp_modules/modules/export_mod/mass_eql_export.py">Mass EQL Export</a> module to export applicable attributes from an event to a mass EQL query.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/pdfexport.py">PDF export</a> module to export an event in PDF.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/nexthinkexport.py">Nexthink query format</a> module to export in Nexthink query format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/osqueryexport.py">osquery</a> module to export in <a href="https://osquery.io/">osquery</a> query format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/threat_connect_export.py">ThreatConnect</a> module to export in ThreatConnect CSV format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/threatStream_misp_export.py">ThreatStream</a> module to export in ThreatStream format.</li>
</ul>
<h3 id="import-modules">Import modules<a class="headerlink" href="#import-modules" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py">CSV import</a> Customizable CSV import module.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cuckooimport.py">Cuckoo JSON</a> Cuckoo JSON import.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/email_import.py">Email Import</a> Email import module for MISP to import basic metadata.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/goamlimport.py">GoAML import</a> Module to import <a href="http://goaml.unodc.org/goaml/en/index.html">GoAML</a> XML format.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/joe_import.py">Joe Sandbox import</a> Parse data from a Joe Sandbox json report.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/ocr.py">OCR</a> Optical Character Recognition (OCR) module for MISP to import attributes from images, scan or faxes.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/openiocimport.py">OpenIOC</a> OpenIOC import based on PyMISP library.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/threatanalyzer_import.py">ThreatAnalyzer</a> - An import module to process ThreatAnalyzer archive.zip/analysis.json sandbox exports.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/vmray_import.py">VMRay</a> - An import module to process VMRay export.</li>
</ul>
<h2 id="how-to-contribute-your-own-module">How to contribute your own module?<a class="headerlink" href="#how-to-contribute-your-own-module" title="Permanent link">&para;</a></h2>
<p>Fork the project, add your module, test it and make a pull-request. Modules can be also private as you can add a module in your own MISP installation.
For further information please see <a href="contribute/">Contribute</a>.</p>
<h2 id="licenses">Licenses<a class="headerlink" href="#licenses" title="Permanent link">&para;</a></h2>
<p><a href="https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_large"><img alt="FOSSA Status" src="https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=large" /></a></p>
<p>For further Information see also the <a href="license/">license file</a>.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2019-2023 MISP Project
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://twitter.com/MISPProject" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
</a>
<a href="https://github.com/MISP" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 480 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M186.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1zM480 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2zm-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3zm-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": ".", "features": [], "search": "assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="assets/javascripts/bundle.d7c377c4.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink