mirror of https://github.com/MISP/misp-training
chg: [misp-modules] web interface
parent
757796c12f
commit
f3814ee7a5
|
@ -124,7 +124,7 @@
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{Finding available MISP modules}
|
\frametitle{Finding available MISP modules}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item curl -s http://127.0.0.1:6666/modules
|
\item curl -s http://127.0.0.1:6666/modules | jq .
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\begin{adjustbox}{width=\textwidth,height=6cm,keepaspectratio}
|
\begin{adjustbox}{width=\textwidth,height=6cm,keepaspectratio}
|
||||||
\begin{lstlisting}[language=json,firstnumber=1]
|
\begin{lstlisting}[language=json,firstnumber=1]
|
||||||
|
@ -305,10 +305,12 @@
|
||||||
\begin{lstlisting}[language=python]
|
\begin{lstlisting}[language=python]
|
||||||
import json
|
import json
|
||||||
import dns.resolver
|
import dns.resolver
|
||||||
misperrors = {'error' : 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['hostname', 'domain'], 'output': ['ip-src', 'ip-dst']}
|
mispattributes = {'input': ['hostname', 'domain', 'domain|ip'], 'output': ['ip-src','ip-dst']}
|
||||||
moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy',
|
moduleinfo = {'version': '0.3', 'author': 'Alexandre Dulaunoy','description': 'Simple DNS expansion service to resolve IP address from MISP attributes',
|
||||||
'description': 'Simple DNS expansion service to resolve IP address from MISP attributes', 'module-type': ['expansion','hover']}
|
'module-type': ['expansion', 'hover']}
|
||||||
|
moduleconfig = ['nameserver']
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
|
@ -317,30 +319,36 @@
|
||||||
toquery = request['hostname']
|
toquery = request['hostname']
|
||||||
elif request.get('domain'):
|
elif request.get('domain'):
|
||||||
toquery = request['domain']
|
toquery = request['domain']
|
||||||
|
elif request.get('domain|ip'):
|
||||||
|
toquery = request['domain|ip'].split('|')[0]
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
r = dns.resolver.Resolver()
|
r = dns.resolver.Resolver()
|
||||||
r.timeout = 2
|
r.timeout = 2
|
||||||
r.lifetime = 2
|
r.lifetime = 2
|
||||||
|
|
||||||
|
if request.get('config'):
|
||||||
|
if request['config'].get('nameserver'):
|
||||||
|
nameservers = []
|
||||||
|
nameservers.append(request['config'].get('nameserver'))
|
||||||
|
r.nameservers = nameservers
|
||||||
|
else:
|
||||||
r.nameservers = ['8.8.8.8']
|
r.nameservers = ['8.8.8.8']
|
||||||
|
|
||||||
try:
|
try:
|
||||||
answer = r.query(toquery, 'A')
|
answer = r.resolve(toquery, 'A')
|
||||||
except dns.resolver.NXDOMAIN:
|
except dns.resolver.NXDOMAIN:
|
||||||
misperrors['error'] = "NXDOMAIN"
|
misperrors['error'] = "NXDOMAIN"
|
||||||
return misperrors
|
return misperrors
|
||||||
except dns.exception.Timeout:
|
except ...
|
||||||
misperrors['error'] = "Timeout"
|
|
||||||
return misperrors
|
return {'results': [{'types': mispattributes['output'], 'values':[str(answer[0])]}]}
|
||||||
except:
|
|
||||||
misperrors['error'] = "DNS resolving error"
|
|
||||||
return misperrors
|
|
||||||
r = {'results': [{'types': mispattributes['output'], 'values':[str(answer[0])]}]}
|
|
||||||
return r
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
\end{lstlisting}
|
\end{lstlisting}
|
||||||
\end{adjustbox}
|
\end{adjustbox}
|
||||||
|
@ -375,13 +383,20 @@
|
||||||
\begin{lstlisting}[language=python]
|
\begin{lstlisting}[language=python]
|
||||||
# Configuration at the top
|
# Configuration at the top
|
||||||
moduleconfig = ['username', 'password']
|
moduleconfig = ['username', 'password']
|
||||||
|
|
||||||
# Code block in the handler
|
# Code block in the handler
|
||||||
if request.get('config'):
|
if not request.get('config'):
|
||||||
if (request['config'].get('username') is None) or (request['config'].get('password') is None):
|
return {'error': 'CIRCL Passive SSL authentication is missing.'}
|
||||||
misperrors['error'] = 'CIRCL Passive SSL authentication is missing'
|
|
||||||
return misperrors
|
if not request['config'].get('username') or not request['config'].get('password'):
|
||||||
|
return {'error': 'CIRCL Passive SSL authentication is incomplete, please provide your username and password.'}
|
||||||
|
authentication = (request['config']['username'], request['config']['password'])
|
||||||
|
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
|
attribute = request['attribute']
|
||||||
-
|
-
|
||||||
x = pypssl.PyPSSL(basic_auth=(request['config']['username'], request['config']['password']))
|
pssl_parser = PassiveSSLParser(attribute, authentication)
|
||||||
|
|
||||||
\end{lstlisting}
|
\end{lstlisting}
|
||||||
\end{adjustbox}
|
\end{adjustbox}
|
||||||
|
@ -398,12 +413,12 @@
|
||||||
\item DNS resolver
|
\item DNS resolver
|
||||||
\item DomainTools
|
\item DomainTools
|
||||||
\item eupi (checking url in phishing database)
|
\item eupi (checking url in phishing database)
|
||||||
\item IntelMQ (experimental)
|
|
||||||
\item ipasn
|
\item ipasn
|
||||||
\item PassiveTotal - http://blog.passivetotal.org/misp-sharing-done-differently
|
\item PassiveTotal - http://blog.passivetotal.org/misp-sharing-done-differently
|
||||||
\item sourcecache
|
\item sourcecache
|
||||||
\item Virustotal
|
\item Virustotal
|
||||||
\item Whois
|
\item Whois
|
||||||
|
\item ...
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
@ -660,10 +675,53 @@
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{New expansion \& import modules view (MISP 2.4.110}
|
\frametitle{New expansion \& import modules view (MISP 2.4.110)}
|
||||||
\includegraphics[scale=0.2]{new_format_view.png}
|
\includegraphics[scale=0.2]{new_format_view.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{New - Standalone Functionality}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Flexibility, no need to install MISP
|
||||||
|
\item User friendly interface
|
||||||
|
\item Easiest way to test new modules
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{Web interface - Query}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Add multiple entries
|
||||||
|
\item Choose different modules
|
||||||
|
\end{itemize}
|
||||||
|
\includegraphics[scale=0.23]{screenshots/misp_module_index.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{Web interface - Results}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Multiple tabs for visualization in different formats
|
||||||
|
\end{itemize}
|
||||||
|
\includegraphics[scale=0.23]{screenshots/misp_module_results.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{Web interface - History}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Save your researches and pivot from them
|
||||||
|
\end{itemize}
|
||||||
|
\includegraphics[scale=0.23]{screenshots/misp_module_history.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\begin{itemize}
|
||||||
|
\item Export results to other tools. (Still in dev)
|
||||||
|
\end{itemize}
|
||||||
|
\frametitle{Web interface - External tools (Dev)}
|
||||||
|
\includegraphics[scale=0.23]{screenshots/misp_module_external_tools.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}[fragile]
|
\begin{frame}[fragile]
|
||||||
\frametitle{Future of the modules system}
|
\frametitle{Future of the modules system}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 52 KiB |
Binary file not shown.
After Width: | Height: | Size: 42 KiB |
Binary file not shown.
After Width: | Height: | Size: 50 KiB |
Binary file not shown.
After Width: | Height: | Size: 105 KiB |
Loading…
Reference in New Issue