mirror of https://github.com/MISP/misp-modules
10 lines
1.1 KiB
JSON
10 lines
1.1 KiB
JSON
{
|
|
"description": "Module to query Crowdstrike Falcon.",
|
|
"logo": "logos/crowdstrike.png",
|
|
"requirements": ["A CrowdStrike API access (API id & key)"],
|
|
"input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5",
|
|
"output": "MISP attributes fetched after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5",
|
|
"references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"],
|
|
"features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API, using an api_id and an apikey.\n\nThe API returns then the result of the query with some types we map into compatible types we add as MISP attributes."
|
|
}
|