From b73d1312e4522efb86307e91a1ef4c8540e29ebf Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Thu, 31 May 2018 11:59:14 +1000 Subject: [PATCH 1/3] - Fixed some typos, made sentence more intelligible ;) --- _pages/communities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_pages/communities.md b/_pages/communities.md index 58a4169..dccf10c 100755 --- a/_pages/communities.md +++ b/_pages/communities.md @@ -7,11 +7,11 @@ toc: true ## MISP Communities -MISP is an open source software and it's also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn't maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately. +MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn't maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately. # Known Existing and Public MISP Communities -Each communities might have specific rules to join them. Take a look and feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities. If you want to add your MISP community in the list,don't hesitate to contact us. +Each community might have specific rules to join them. Below is a brief overview of existing communities, feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities. If you want to add your MISP community to the list, don't hesitate to [contact us](mailto:info@misp-project.org). ### CIRCL MISP Community From 8bfb84fb0521e6248d9f4c141e77748a3294ec41 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Thu, 31 May 2018 15:10:49 +1000 Subject: [PATCH 2/3] - Civicert descriptor typo --- _pages/communities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/communities.md b/_pages/communities.md index dccf10c..2600705 100755 --- a/_pages/communities.md +++ b/_pages/communities.md @@ -21,7 +21,7 @@ CIRCL also operates the [![X-ISAC logo](/assets/images/x-isac-logo-small.png)](h ### CiviCERT MISP Community -[CiviCERT](https://civicert.org/) is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP into inform its constituents of malicious activities in their infrastructure. +[CiviCERT](https://civicert.org/) is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP to inform its constituents of malicious activities in their infrastructure. ### Fidelis malware/RAT Community From e3383da09e5b98f1c2fd88a9d7e111a90e2a8bef Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Fri, 22 Jun 2018 05:29:29 +0200 Subject: [PATCH 3/3] - Fixed all the misp-modules links --- _pages/tools.md | 76 ++++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) mode change 100755 => 100644 _pages/tools.md diff --git a/_pages/tools.md b/_pages/tools.md old mode 100755 new mode 100644 index 4359e78..c0aec60 --- a/_pages/tools.md +++ b/_pages/tools.md @@ -19,51 +19,51 @@ is also to explore new ideas, concepts or functionality which can be integrated #### Expansion modules -* [ASN History](https://github.com/MISP/misp-modules/modules/expansion/asn_history.py) - a hover and expansion module to expand an AS number with the ASN description and its history. -* [CIRCL Passive DNS](https://github.com/MISP/misp-modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. -* [CIRCL Passive SSL](https://github.com/MISP/misp_modules/modules/expansion/circl_passivessl.py) - a hover and expansion module to expand IP addresses with the X.509 certificate seen. -* [countrycode](https://github.com/MISP/misp_modules/modules/expansion/countrycode.py) - a hover module to tell you what country a URL belongs to. -* [CrowdStrike Falcon](https://github.com/MISP/misp_modules/modules/expansion/crowdstrike_falcon.py) - an expansion module to expand using CrowdStrike Falcon Intel Indicator API. -* [CVE](https://github.com/MISP/misp_modules/modules/expansion/cve.py) - a hover module to give more information about a vulnerability (CVE). -* [DNS](https://github.com/MISP/misp_modules/modules/expansion/dns.py) - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes. -* [DomainTools](https://github.com/MISP/misp_modules/modules/expansion/domaintools.py) - a hover and expansion module to get information from [DomainTools](http://www.domaintools.com/) whois. -* [EUPI](https://github.com/MISP/misp_modules/modules/expansion/eupi.py) - a hover and expansion module to get information about an URL from the [Phishing Initiative project](https://phishing-initiative.eu/?lang=en). -* [Farsight DNSDB Passive DNS](https://github.com/MISP/misp_modules/modules/expansion/farsight_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. -* [GeoIP](https://github.com/MISP/misp_modules/modules/expansion/geoip_country.py) - a hover and expansion module to get GeoIP information from geolite/maxmind. -* [IPASN](https://github.com/MISP/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address. -* [iprep](https://github.com/MISP/misp-modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net. -* [OTX](https://github.com/MISP/misp_modules/modules/expansion/otx.py) - an expansion module for [OTX](https://otx.alienvault.com/). -* [passivetotal](https://github.com/MISP/misp_modules/modules/expansion/passivetotal.py) - a [passivetotal](https://www.passivetotal.org/) module that queries a number of different PassiveTotal datasets. -* [rbl](https://github.com/MISP/misp_modules/modules/expansion/rbl.py) - a module to get RBL (Real-Time Blackhost List) values from an attribute. -* [shodan](https://github.com/MISP/misp_modules/modules/expansion/shodan.py) - a minimal [shodan](https://www.shodan.io/) expansion module. -* [sourcecache](https://github.com/MISP/misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance. -* [ThreatCrowd](https://github.com/MISP/misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/). -* [threatminer](https://github.com/MISP/misp_modules/modules/expansion/threatminer.py) - an expansion module to expand from [ThreatMiner](https://www.threatminer.org/). -* [virustotal](https://github.com/MISP/misp_modules/modules/expansion/virustotal.py) - an expansion module to pull known resolutions and malware samples related with an IP/Domain from virusTotal (this modules require a VirusTotal private API key) -* [wikidata](https://github.com/MISP/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module. -* [xforce](https://github.com/MISP/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module. -* [YARA syntax validator](https://github.com/MISP/misp_modules/modules/expansion/yara_syntax_validator.py) - YARA syntax validator. +* [ASN History](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/asn_history.py) - a hover and expansion module to expand an AS number with the ASN description and its history. +* [CIRCL Passive DNS](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. +* [CIRCL Passive SSL](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/circl_passivessl.py) - a hover and expansion module to expand IP addresses with the X.509 certificate seen. +* [countrycode](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/countrycode.py) - a hover module to tell you what country a URL belongs to. +* [CrowdStrike Falcon](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/crowdstrike_falcon.py) - an expansion module to expand using CrowdStrike Falcon Intel Indicator API. +* [CVE](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/cve.py) - a hover module to give more information about a vulnerability (CVE). +* [DNS](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/dns.py) - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes. +* [DomainTools](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/domaintools.py) - a hover and expansion module to get information from [DomainTools](http://www.domaintools.com/) whois. +* [EUPI](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/eupi.py) - a hover and expansion module to get information about an URL from the [Phishing Initiative project](https://phishing-initiative.eu/?lang=en). +* [Farsight DNSDB Passive DNS](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/farsight_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. +* [GeoIP](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/geoip_country.py) - a hover and expansion module to get GeoIP information from geolite/maxmind. +* [IPASN](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address. +* [iprep](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net. +* [OTX](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/otx.py) - an expansion module for [OTX](https://otx.alienvault.com/). +* [passivetotal](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/passivetotal.py) - a [passivetotal](https://www.passivetotal.org/) module that queries a number of different PassiveTotal datasets. +* [rbl](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/rbl.py) - a module to get RBL (Real-Time Blackhost List) values from an attribute. +* [shodan](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/shodan.py) - a minimal [shodan](https://www.shodan.io/) expansion module. +* [sourcecache](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance. +* [ThreatCrowd](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/). +* [threatminer](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/threatminer.py) - an expansion module to expand from [ThreatMiner](https://www.threatminer.org/). +* [virustotal](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/virustotal.py) - an expansion module to pull known resolutions and malware samples related with an IP/Domain from virusTotal (this modules require a VirusTotal private API key) +* [wikidata](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module. +* [xforce](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module. +* [YARA syntax validator](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/yara_syntax_validator.py) - YARA syntax validator. #### Export modules -* [CEF](https://github.com/MISP/misp_modules/modules/export_mod/cef_export.py) module to export Common Event Format (CEF). -* [GoAML export](https://github.com/MISP/misp_modules/modules/export_mod/goamlexport.py) module to export in GoAML format. -* [Lite Export](https://github.com/MISP/misp_modules/modules/export_mod/liteexport.py) module to export a lite event. -* [Simple PDF export](https://github.com/MISP/misp_modules/modules/export_mod/pdfexport.py) module to export in PDF (required: asciidoctor-pdf). -* [ThreatConnect](https://github.com/MISP/misp_modules/modules/export_mod/threat_connect_export.py) module to export in ThreatConnect CSV format. -* [ThreatStream](https://github.com/MISP/misp_modules/modules/export_mod/threatStream_misp_export.py) module to export in ThreatStream format. +* [CEF](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/cef_export.py) module to export Common Event Format (CEF). +* [GoAML export](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/goamlexport.py) module to export in GoAML format. +* [Lite Export](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/liteexport.py) module to export a lite event. +* [Simple PDF export](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/pdfexport.py) module to export in PDF (required: asciidoctor-pdf). +* [ThreatConnect](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/threat_connect_export.py) module to export in ThreatConnect CSV format. +* [ThreatStream](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/threatStream_misp_export.py) module to export in ThreatStream format. #### Import modules -* [CSV import](https://github.com/MISP/misp_modules/modules/import_mod/csvimport.py) Customizable CSV import module. -* [Cuckoo JSON](https://github.com/MISP/misp_modules/modules/import_mod/cuckooimport.py) Cuckoo JSON import. -* [Email Import](https://github.com/MISP/misp_modules/modules/import_mod/email_import.py) Email import module for MISP to import basic metadata. +* [CSV import](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/csvimport.py) Customizable CSV import module. +* [Cuckoo JSON](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/cuckooimport.py) Cuckoo JSON import. +* [Email Import](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/email_import.py) Email import module for MISP to import basic metadata. * [GoAML Import](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/goamlimport.py) GoAML format import. -* [OCR](https://github.com/MISP/misp_modules/modules/import_mod/ocr.py) Optical Character Recognition (OCR) module for MISP to import attributes from images, scan or faxes. -* [OpenIOC](https://github.com/MISP/misp_modules/modules/import_mod/openiocimport.py) OpenIOC import based on PyMISP library. -* [stiximport](https://github.com/MISP/misp_modules/modules/import_mod/stiximport.py) - An import module to process STIX xml/json. -* [ThreatAnalyzer](https://github.com/MISP/misp_modules/modules/import_mod/threatanalyzer_import.py) - An import module to process ThreatAnalyzer archive.zip/analysis.json sandbox exports. -* [VMRay](https://github.com/MISP/misp_modules/modules/import_mod/vmray_import.py) - An import module to process VMRay export. +* [OCR](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/ocr.py) Optical Character Recognition (OCR) module for MISP to import attributes from images, scan or faxes. +* [OpenIOC](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/openiocimport.py) OpenIOC import based on PyMISP library. +* [stiximport](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/stiximport.py) - An import module to process STIX xml/json. +* [ThreatAnalyzer](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/threatanalyzer_import.py) - An import module to process ThreatAnalyzer archive.zip/analysis.json sandbox exports. +* [VMRay](https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/vmray_import.py) - An import module to process VMRay export. * [misp-workbench](https://github.com/MISP/misp-workbench) - Tools to export data out of the MISP MySQL database and use and abuse them outside of this platform. * [MISpego](https://github.com/MISP/MISPego) - Maltego Transform to put entities into MISP events.