# Changelog ## v2.4.197 (2024-09-02) ### Changes * [version] release v2.4.197. [Alexandre Dulaunoy] ### Fix * Do not use single quotes in systemd service unit execStart. [Jeroen Pinoy] ### Other * Merge pull request #690 from Wachizungu/fix-install-remove-service-execstart-single-quotes. [Alexandre Dulaunoy] fix: do not use single quotes in systemd service unit execStart ## v2.4.196 (2024-08-25) ### New * [whois] added back the whois module based on Raphael changes. [Alexandre Dulaunoy] * [yara_export] new export module. [Christophe Vandeplas] ### Changes * [modules] formatting updated. [Alexandre Dulaunoy] * [modules] add a loogo in the moduleinfo. [Alexandre Dulaunoy] * [merge] updated. [Alexandre Dulaunoy] * [external_tools] api_key, remove redirect. [David Cruciani] * Re-implement uwhois module. [Raphaël Vinot] Fix #684 * [doc] make deploy. [Christophe Vandeplas] * [doc] link to website. [Christophe Vandeplas] * [doc] shorten README + link to githubio. [Christophe Vandeplas] * [doc] Big doc revamp #680. [Christophe Vandeplas] * [pip] changed yara-python version and updated pipfile.lock. [Christophe Vandeplas] ### Fix * [website.query] download. [David Cruciani] * [expansion] whois module added back. [Alexandre Dulaunoy] * [doc] make linting happy. [Christophe Vandeplas] * [make] be sure the version of misp_modules installed are the one for generating the documentation. [Alexandre Dulaunoy] * [doc] fixes newline in description. [Christophe Vandeplas] * Fixes issues added in latest commit. [Christophe Vandeplas] * [doc] align static documentation pages. [Christophe Vandeplas] * [modules] many modules not loaded as python module. [Christophe Vandeplas] * [cisco_firesight_manager_ACL_rule_export] include in __init__ [Christophe Vandeplas] * [yara_export] add new module to __init__ [Christophe Vandeplas] * [tests] fix yara issue in unit tests. [Christophe Vandeplas] * [cve] fix CVE module to new vulnerability.circl.lu url. [Christophe Vandeplas] * [doc] url fixed. [Alexandre Dulaunoy] * [doc] regenerated. [Alexandre Dulaunoy] related to #673 * [doc] original JSON file type for GTI. [Alexandre Dulaunoy] related to #673 ### Other * Update action. [Stefano Ortolani] * Fix typo. [Stefano Ortolani] * Create changelog and release automatically. [Stefano Ortolani] * Remove archaic file. [Stefano Ortolani] * Fix deploy documentation. [Stefano Ortolani] * Update documentation. [Stefano Ortolani] * Push package to PyPI and build the documentation automatically. [Stefano Ortolani] * Merge pull request #687 from crowdsecurity/feat/release-2.1.0. [Alexandre Dulaunoy] feat(crowdsec): Update module (v2.1.1) * Feat(crowdsec): Use misp-objects template and check IP. [Julien Loizelet] * Feat(crowdsec): Add missing moduleinfo fields. [Julien Loizelet] * Feat(crowdsec): Update module (v2.1.0) [Julien Loizelet] * Merge pull request #688 from MISP/karenyousefi-main. [Alexandre Dulaunoy] chg: [merge] updated * Merge remote-tracking branch 'karen/main' into karenyousefi-main. [Alexandre Dulaunoy] * Update __init__.py. [Karen Yousefi] * Update __init__.py. [Karen Yousefi] fix bug pr #682 * Update README.md. [Karen Yousefi] fix * Update expansion.md. [Karen Yousefi] Add: virustotal upload malshare upload triage submit * Update README.md. [Karen Yousefi] Add: virustotal upload malshare upload triage submit * Add Triage Submit. [Karen Yousefi] Module to submit samples to tria.ge * MalShare Upload. [Karen Yousefi] Module to push malware samples to MalShare * VirusTotal Upload. [Karen Yousefi] Module to push malware samples to VirusTotal * Merge pull request #685 from ostefano/actions. [Alexandre Dulaunoy] Update GitHub actions * Update GitHub actions. [Stefano Ortolani] * Merge pull request #686 from MISP/ostefano-refactory. [Alexandre Dulaunoy] Ostefano refactory * Merge branch 'refactory' of https://github.com/ostefano/misp-modules into ostefano-refactory. [Alexandre Dulaunoy] * Migrate to poetry and optimize dependencies. [Stefano Ortolani] * Merge branch 'main' of https://github.com/MISP/misp-modules. [Christophe Vandeplas] * Merge branch 'main' of https://github.com/MISP/misp-modules. [Christophe Vandeplas] * Merge pull request #678 from ByronLabs/main. [Alexandre Dulaunoy] Re-add Vysion * Merge branch 'MISP:main' into main. [Germán Esteban] * Merge pull request #5 from ByronLabs/pr/vysion. [Germán Esteban] Update vysion package * Update Vysion in pipfile. [german-esteban] * Update REQUIREMENTS. [Germán Esteban] * Update vysion package. [german-esteban] * Merge branch 'MISP:main' into main. [Germán Esteban] * Added vysion ito Pipfile. [german-esteban] * Update expansion/vysion.py. [german-esteban] * Merge pull request #2 from ByronLabs/pr/vysion. [Germán Esteban] Pr/vysion * Update documentation. [german-esteban] * Update requirements. [german-esteban] * Added cryptocurrencies types #2. [german-esteban] * Added cryptocurrencies types. [german-esteban] * Update REQUIREMENTS. [Germán Esteban] * Merge branch 'MISP:main' into pr/vysion. [Germán Esteban] * Update expansion module + Vysion client update version. [german-esteban] * Merge pull request #679 from VirusTotal/feat/more-gti-attributes. [Alexandre Dulaunoy] feat(Google Threat Intelligence): Add more attributes to the GTI enrichment * WIP. [Daniel Pascual] * WIP. [Daniel Pascual] * WIP. [Daniel Pascual] * Add more attributes to the GTI enrichment. [Daniel Pascual] * Merge pull request #676 from VirusTotal/fix/vt-lib-event-loop-error. [Alexandre Dulaunoy] fix(VirusTotal): Update vt lib which fix an event loop error * Update vt lib which fix an event loop error. [Daniel Pascual] * Merge pull request #677 from cudeso/main. [Alexandre Dulaunoy] Fix 'Object' object has no attribute 'url' in virustotal * Fix 'Object' object has no attribute 'url' in virustotal. [Koen Van Impe] Fix File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/__init__.py", line 210, in run_request response = module.handler(q=json_payload) File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 248, in handler parser.query_api(attribute) File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 46, in query_api self.input_types_mapping[self.attribute.type](self.attribute.value) File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 143, in parse_hash related_file_object = self.create_misp_object(related_file) File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 83, in create_misp_object misp_object.add_attribute('Url', type='url', value=report.url) File "/var/www/MISP/venv/lib/python3.8/site-packages/vt/object.py", line 160, in __getattribute__ value = super().__getattribute__(attr) * Merge pull request #675 from VirusTotal/fix/vt-logo. [Alexandre Dulaunoy] [VirusTotal] Update VT logo * Reduce size. [Daniel Pascual] * Update VT logo. [Daniel Pascual] ## v2.4.195 (2024-07-19) ### New * [vulnerability_lookup] New module to query Vulnerability Lookup. [Christian Studer] - Reusing the `variotdbs` code to parse the vulnerability description from VariotDB * [feature] external tools config and use. [David Cruciani] ### Changes * [query] query as same. [David Cruciani] ### Fix * [vulnerability_lookup] Avoiding issues with `Iterator` in python3.8. [Christian Studer] * [vulnerability_lookup] Avoiding KeyError exceptions on some fields. [Christian Studer] * [login] flash messages. [David Cruciani] ### Other * Merge pull request #672 from ostefano/pandas2. [Alexandre Dulaunoy] Update pandas and pandas_ods_reader and patch ods_enrich * Update pandas and pandas_ods_reader and patch ods_enrich. [Stefano Ortolani] * Merge pull request #670 from ostefano/python312. [Alexandre Dulaunoy] Improve compatibility and upgrade python to 3.12 * Improve compatibility and upgrade python to 3.12. [Stefano Ortolani] Changes: * Remove vysion (not compatible with python 3.12 and no public repository) * Remove stiximport (requires archaic version of pymisp) * Update Python to 3.12 * Pin Numpy to 1.X * Add missing dependencies * Commit lock file * Update requirements file * Merge pull request #669 from VirusTotal/update_doc_references. [Alexandre Dulaunoy] chore: Update virustotal documentation references * Update doc references. [silviacuenca] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] ## v2.4.194 (2024-06-21) ### Changes * [requirements] security issue with this library updated. [Alexandre Dulaunoy] Reported by Bogdan Manole ## v2.4.193 (2024-06-06) ### Fix * Fix: [REQUIREMENTS] validators no more required as mentioned by @ostefano. [Alexandre Dulaunoy] * [ipasn] add support for `ip` type. [Alexandre Dulaunoy] ### Other * Merge pull request #667 from ostefano/fix. [Alexandre Dulaunoy] remove index information from requirements file * Remove index information from requirements file. [Stefano Ortolani] ## v2.4.192 (2024-06-06) ### New * [functionality] checkbox configure module. [David Cruciani] * [functionality] flowintel + multiple entry. [David Cruciani] ### Changes * [doc] updated. [Alexandre Dulaunoy] * [launch] misp-modules. [David Cruciani] * [misp-modules] doc updated. [Alexandre Dulaunoy] * [doc] describe that the misp-modules can be used without MISP. [Alexandre Dulaunoy] * [virustotal] support ip-src/ip-dst|port attribute type. [Alexandre Dulaunoy] Fix #632 ### Fix * [virustotal] fix the typo for the VT link. [Alexandre Dulaunoy] Fix #644 Fix #595 * [core] the default buffer size in Tornado HTTP server is not enough for large MISP event. [Alexandre Dulaunoy] Fix #662 * [dns] add the exception in the error message. [Alexandre Dulaunoy] As there are still distribution installing old version of dnspython, it's easier to debug if we receive the exception directly in misp-module. ### Other * Merge branch 'main' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #666 from davidonzo/main. [Andras Iklody] Update REQUIREMENTS * Update REQUIREMENTS. [Davide Baglieri] apiosintDS updated in order to solve the following (minor) issue https://github.com/davidonzo/apiosintDS/issues/3 opened by @ostefano. * Remove: [js] useless file. [David Cruciani] * Merge pull request #659 from MISP/dependabot/pip/website/werkzeug-3.0.3. [David Cruciani] build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website * Build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website. [dependabot[bot]] Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.8 to 3.0.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.3.8...3.0.3) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... * Merge pull request #664 from VirusTotal/feat/gti-doc. [Alexandre Dulaunoy] [Google Threat Intelligence] Add web doc and fix logo for the module * Add web doc and fix logo for the Google Threat Intelligence module. [Daniel Pascual] * Merge pull request #663 from VirusTotal/feat/google-threat-intel. [Alexandre Dulaunoy] feat: Google Threat Intelligence expansion module * Merge. [Daniel Pascual] * Fix hedight. [Daniel Pascual] * Doc. [Daniel Pascual] * Logo and desc. [Daniel Pascual] * Remove debug traces. [Daniel Pascual] * Google Threat Intelligence MISP module. [Daniel Pascual] * Merge pull request #661 from goodlandsecurity/slack-action-module. [Alexandre Dulaunoy] Slack action module * Add slack action module. [goodlandsecurity] * Merge pull request #660 from goodlandsecurity/stairwell-expansion-module. [Alexandre Dulaunoy] add stairwell expansion module and update misp-objects to a193e03 * Forgot the json documentation. [goodlandsecurity] * Add stairwell expansion module and update misp-objects to a193e03. [goodlandsecurity] ## v2.4.188 (2024-03-20) ### Changes * [history] save from session to db. [David Cruciani] * [config] queries limit. [David Cruciani] * [query] query with same parameters. [David Cruciani] * [history_session] save new query in tree. [David Cruciani] ## v2.4.187 (2024-03-07) ### Changes * [conf] generate password if empty. [David Cruciani] * [website] admin user. [David Cruciani] ### Fix * [website] default admin password. [David Cruciani] * [website] readme images. [David Cruciani] ## v2.4.186 (2024-02-27) ### Changes * [website] screen for misp-module. [David Cruciani] * [website] readme. [David Cruciani] * [website] width + markdown non misp standard. [David Cruciani] * [website] use ui-priority. [David Cruciani] * [website] parse result not in misp standard. [David Cruciani] * [website] module select. [David Cruciani] when select 'ip' select 'ip-dst' and 'ip-src' too * [website] mardown source, download, result view. [David Cruciani] * [website] query with same name. [David Cruciani] * [website] delete first node of history tree. [David Cruciani] * [website] use join() in js. [David Cruciani] * [website] UI. [David Cruciani] * [website] Improved sidebar UI. [Sami Mokaddem] - As requested by the Webiste DavidCruciani * [action:mattermost] Added support of jinja_supported config. [Sami Mokaddem] * [website] sidebar. [David Cruciani] * [website] markdown tab. [David Cruciani] * [website] history pagination. [David Cruciani] ### Fix * [website] print and css. [David Cruciani] * [website] misp-objects submodule. [David Cruciani] * [website] module select. [David Cruciani] * [website] attributes and modules selection. [David Cruciani] * [website] history import. [David Cruciani] * [website] Restored media query for side panel in module config. [Sami Mokaddem] ### Other * Add: [website] query as same. [David Cruciani] * Add: [website] lib js misp object parser. [David Cruciani] * Add: [website] history collapse for query page. [David Cruciani] ## v2.4.185 (2024-02-16) ### New * [website] search bar in config page. [David Cruciani] * [webiste] query+config. [David Cruciani] ### Changes * [website] History blueprint. [David Cruciani] * [website] parser view for result. [David Cruciani] * [website] history add input attr. [David Cruciani] * [REQUIREMENTS] updated. [Alexandre Dulaunoy] * [website] rename. [David Cruciani] * [website] query date. [David Cruciani] * [website] rename glob_query to modules_list. [David Cruciani] * [website] fusion between expansion and hover. [David Cruciani] * [website] query page. [David Cruciani] * [webiste] history. [David Cruciani] * [website] doc. [David Cruciani] ### Fix * [website] missing routes. [David Cruciani] * [website] config + query. [David Cruciani] ### Other * Add: [website] delete node history tree. [David Cruciani] * Add: [website] tree view history. [David Cruciani] Flask session store history and after save it's store in DB * Merge pull request #655 from cudeso/main. [Alexandre Dulaunoy] Update README.md * Update README.md. [Koen Van Impe] Add Hashlookup in README * Merge pull request #654 from MISP/dependabot/pip/website/werkzeug-2.3.8. [Alexandre Dulaunoy] build(deps): bump werkzeug from 2.3.7 to 2.3.8 in /website * Build(deps): bump werkzeug from 2.3.7 to 2.3.8 in /website. [dependabot[bot]] Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.7 to 2.3.8. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.3.7...2.3.8) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... ## v2.4.184 (2024-02-02) ### New * [log] Enable access log. [Jakub Onderka] * [internal] Avoid double JSON decoding. [Jakub Onderka] * [internal] Add /healthcheck endpoint. [Jakub Onderka] ### Changes * [server] Cache module list JSON. [Jakub Onderka] * [test] Reduce time for waiting until server is ready. [Jakub Onderka] * [server] Fail if server could not be started. [Jakub Onderka] * [internal] Resolve deprecation warning in btc_spam_check. [Jakub Onderka] * [internal] Resolve deprecation warning in dbl_spamhaus. [Jakub Onderka] * [internal] Resolve deprecation warning in dns. [Jakub Onderka] * [internal] Resolve deprecation warning in reversedns. [Jakub Onderka] * [internal] Resolve deprecation warning in qrcode. [Jakub Onderka] * [internal] Optimise email_import. [Jakub Onderka] * [internal] Optimise csvimport. [Jakub Onderka] * [internal] Update GitHub actions. [Jakub Onderka] * [internal] Optimise clamav to avoid JSON decoding/encoding. [Jakub Onderka] * [internal] Add support for orjson. [Jakub Onderka] * [internal] Code style. [Jakub Onderka] * [misp-objects] updated. [Alexandre Dulaunoy] ### Fix * [server] Serializing PyMISP objects. [Jakub Onderka] * [internal] Code style. [Jakub Onderka] * [log] Disable duplicate logging to stderr and stdout, keep stderr only. [Jakub Onderka] * [test] Try to fix test_urlhaus. [Jakub Onderka] * [apiosintds] Try to fix tests. [Jakub Onderka] ### Other * Merge pull request #652 from JakubOnderka/fix-json. [Jakub Onderka] chg: [server] Cache module list JSON * Merge pull request #651 from JakubOnderka/fix-json. [Jakub Onderka] Fix json * Merge pull request #650 from JakubOnderka/access-log. [Jakub Onderka] new: [log] Enable access log * Merge pull request #649 from JakubOnderka/remove-deprecated. [Jakub Onderka] Resolve deprecation warnings * Merge pull request #648 from JakubOnderka/orjson. [Jakub Onderka] chg: [internal] Add support for orjson * Merge pull request #647 from ByronLabs/main. [Alexandre Dulaunoy] Links fixed for Vysion * Links fix into /docs/index.md and README.md. [Germán Esteban López] * Merge pull request #646 from ByronLabs/main. [Alexandre Dulaunoy] Add Vysion expansion module * Fix vysion.py return error. [Germán Esteban López] * Update REQUIREMENTS. [Germán Esteban] * Merge pull request #1 from ByronLabs/pr/vysion. [Germán Esteban] Pr/vysion * Merge branch 'main' into pr/vysion. [Germán Esteban] * Update REQUIREMENTS. [Germán Esteban] * Added 1.0.9. [Germán Esteban López] * Added vysion.py. [Germán Esteban López] * Added vysion.py. [Germán Esteban López] * Merge branch 'MISP:main' into main. [Germán Esteban] * Added vysion expansion and documentation. [Germán Esteban López] ## v2.4.182 (2023-12-14) ### Changes * [mkdocs] mkdocs_material. [Alexandre Dulaunoy] * [documentation] updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] ### Other * Merge pull request #645 from ip2location/main. [Alexandre Dulaunoy] Add IP2Location.io expansion module * Removed ip2locationio from joe_parser lib. [ip2location] * Update ip2locationiopy and add documentations. [ip2location] * Add IP2Location.io module. [ip2location] ## v2.4.179 (2023-11-23) ### Other * Merge pull request #642 from Mv35/cluster25. [Alexandre Dulaunoy] * Documentation and logos. [Milo Volpicelli] * Cluster25_expand: handles related items and more. [Milo Volpicelli] * Enriches with c25 MISP objects. [Milo Volpicelli] * Remove addition of cluster25 import module. [Milo Volpicelli] * Actual expand implementation. [Milo Volpicelli] * Adds cluster25 import module. [Milo Volpicelli] * Renamed cluster25.py to cluster25_expand.py, module implementation. [Milo Volpicelli] * Adds cluster25.py expansion module and entry in expansion/__init__.py. [Milo Volpicelli] * Merge pull request #640 from Cosive/feature/virustotal_enrichment. [Alexandre Dulaunoy] Fix regression in Virustotal modules * Rename `files_iterator` and related variables to avoid overwriting `file_object` in virustotal enrichments. [Sid Odgers] ## v2.4.176 (2023-09-14) ### Other * Merge pull request #637 from VirusTotal/main. [Alexandre Dulaunoy] [VirusTotal Collections] Fix the export url * Fix export url in VirusTotal Collection module. [Daniel Pascual] * Merge pull request #635 from oivindoh/wheels. [Alexandre Dulaunoy] Update pandas, shorten build/test time for py3.11 * Update pandas. [Øivind Hoel] * Merge pull request #634 from oivindoh/deps. [Alexandre Dulaunoy] Update pymisp to 2.4.175 (and sunset python 3.7 in the process) * Sunset python 3.7 in order to allow dependency resolution. [Øivind Hoel] * Update pymisp to 2.4.175, bump its required dependencies. [Øivind Hoel] ## v2.4.175 (2023-08-23) ### New * Add waterfall plot to the expanded object. [Luciano Righetti] * Add sigmf module to expand a sigmf recording object template. [Luciano Righetti] ### Fix * Remove unused import. [Luciano Righetti] * Matplotlib version under python 3.7. [Luciano Righetti] * Ci, urlhaus api response changed. [Luciano Righetti] * Properly read samples in different datatypes. [Luciano Righetti] * Remove debug. [Luciano Righetti] ### Other * Merge pull request #630 from jthom-vmray/fix-optional-field-access. [Alexandre Dulaunoy] fix optional field access * Fix optional field access. [Jens Thom] * Add: sigmf module doc. [Luciano Righetti] * Merge pull request #628 from righel/add-sigmf-expand-module. [Luciano Righetti] new: add sigmf module to expand a sigmf recording object template * Add: support extracting sigmf archives into sigmf recordings. [Luciano Righetti] * Add: add required python packages for sigmf expansion module. [Luciano Righetti] ## v2.4.174 (2023-07-31) ### Changes * [expansion:extract_url_components] Better support in case attributes are not defined. [Sami Mokaddem] * [action:mattermost] Improved support of hostname/url. [Sami Mokaddem] ### Fix * [google_safe_browsing] Added pysafebrowsing in REQUIREMENTS. [Sami Mokaddem] ### Other * Merge branch 'main' of github.com:MISP/misp-modules into main. [Sami Mokaddem] * Merge pull request #629 from TinyHouseHippos/abuseipdb_googlesafebrowsing. [Sami Mokaddem] Added the new attribute and tags for AbuseIPDB and added the google s… * Added the new attribute and tags for AbuseIPDB and added the google safe browsing expansion module. [Steph S] * Merge pull request #627 from hyasinfosec/main. [Alexandre Dulaunoy] Added User Agent * Added User Agent. [Rambatla Venkat Rao] * Merge pull request #626 from GeekWeekSteph/abuseipdb2. [Alexandre Dulaunoy] Fixed object reference issue for the AbuseIPDB expansion module * Fixed object reference issue for the AbuseIPDB expansion module. [Steph S] * Merge pull request #625 from GeekWeekSteph/abuseipdb. [Alexandre Dulaunoy] Added AbuseIPDB expansion module * Added AbuseIPDB expansion module. [Steph S] * Merge pull request #624 from davidonzo/main. [Alexandre Dulaunoy] Module updated to apiosintDSv2.0 * Bug fix. [Davide] * Bug fix. [Davide] * Module updated to apiosintDSv2.0. [Davide] * Merge pull request #622 from maikwuerth/main. [Alexandre Dulaunoy] Updates to defender module * Add ip-src and ip-dst to types_to_use. [maikwuerth] * Add period to query and changed query for url and domain hunts. [maikwuerth] * Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy] Small bug fix for vulners - vulners_ai_score * Small bug fix for vulners - vulners_ai_score. [Koen Van Impe] ## v2.4.173 (2023-07-04) ### Fix * [doc] typo fixed. [Alexandre Dulaunoy] Reference to #617 ### Other * Merge pull request #616 from whoisfreaks-user/main. [Alexandre Dulaunoy] Added whoisFreaks Description in README.md file. * Update README.md. [Alexandre Dulaunoy] Keep the description simple. More can be put in the JSON. * Merge branch 'MISP:main' into main. [whoisfreaks] * Updated main Readme File. [Usama015] * Merge pull request #615 from whoisfreaks/main. [Alexandre Dulaunoy] Added new module of whoisfreaks that will provide comprehensive threat intelligence and attack surface analysis. * Updated Description and removed redundant comments. [Usama015] * Updated README.md file for expansion module. [Usama015] * Updated description. [Usama015] * Updated. [Usama015] * Updated. [Usama015] * Resolved Exception. [Usama015] * Added Reverse API. [Usama015] * Updated. [Usama015] * Updated. [Usama015] * Updated whoisfreaks module. [Usama015] * Added whoisfreaks module in MISP. [Usama015] ## v2.4.172 (2023-06-09) ### Changes * [docs] missing images added. [Alexandre Dulaunoy] * [docs] updated. [Alexandre Dulaunoy] * [mkdocs] updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] * [crowdsec] Added new attributes as describbed in the `crowdsec-ip-context` object template, and tags describbed in the crowdsec taxonomy to the IP address. [Christian Studer] * [doc] master to main (is again beating in your ass) [Alexandre Dulaunoy] Script used sed -e "s/\/master\//\/main\//" ### Fix * [mkdocs] configuration for edit link. [Alexandre Dulaunoy] * [documentation] Fixed path for the documentation README file to be written to. [Christian Studer] * [crowdsec] Kepping the original attribute used to query the module unchanged. [Christian Studer] * [crowdsec] Typo. [Christian Studer] * [crowdsec] Fixed the `reverse_dns` field parsing & added the `background-noise` attribute. [Christian Studer] ### Other * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge pull request #613 from JakubOnderka/update-requirements. [Alexandre Dulaunoy] Update REQUIREMENTS * Fixup! Update REQUIREMENTS. [Jakub Onderka] * Test against Python 3.11. [Jakub Onderka] * Update REQUIREMENTS. [Jakub Onderka] ## v2.4.171 (2023-05-16) ### Changes * [crowdsec] Updated the module to support the recently added `crowdsec-ip-context` object template. [Christian Studer] ### Fix * [crowdsec] Fixed the module input handling. [Christian Studer] - Made the module an expansion module as it is the standard type, and `hover` usually is the option - Better input handling, checking now for the `attribute` field as the information of the full attribute is passed in misp standard format and not only its type and value - As for now only `v2` is supported as API version we removed the parameter to avoid confusion. It can be added back later when multiple versions are supported * [crowdsec] more need to be fully supporting MISP standard format. [Alexandre Dulaunoy] * [crowdsec] version 2. [Alexandre Dulaunoy] * [crowdsec] set default version and expansion added. [Alexandre Dulaunoy] ### Other * Add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__` [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] ## v2.4.170 (2023-04-12) ### Changes * [mkdocs] config updated. [Alexandre Dulaunoy] ### Fix * [test] pdftotext output check. [Alexandre Dulaunoy] The important part is the matching text from the PDF not any trailling which might be different depending of the encoding. * [dbl_spamhaus] if you want to run local test, the dns module expansion is taking over from the original dnspython3 library. [Alexandre Dulaunoy] The trick is just to get rid of the syspath to exclude the local directory until the proper library is loaded. ### Other * Merge pull request #603 from MISP/new_module. [Alexandre Dulaunoy] New module to query ipinfo.io to gather additional information on an IP address * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [Christian Studer] * Merge pull request #607 from crowdsecurity/add_crowdsec_doc. [Alexandre Dulaunoy] Add crowdsec json doc * Add crowdsec json doc. [Shivam Sandbhor] * Merge pull request #605 from maikwuerth/main. [Alexandre Dulaunoy] Updated Defender export module * Updated moduleInfo. [Maik Würth] * Added support for SHA256 and MISPObject attributes to Defender export module. [Maik Würth] * Export object attributes with Defender export module. [Maik Würth] * Merge pull request #606 from GreyNoise-Intelligence/greynoise-add-expansion. [Alexandre Dulaunoy] [greynoise] add expansion and refactor * Update message in test_expansions. [Brad Chiappetta] * Refactor for sdk and expansion. [Brad Chiappetta] * Add: [documentation] Added documentation for the new ipinfo.io module & updated the main readme file. [Christian Studer] * Add: [ipinfo] First version of a new module to query ipinfo.io. [Christian Studer] - First version addressing the request from #600 - Straight forward parsing of the `geolocation`, `domain-ip` and `asn` information returned by the standard API endpoint (ipinfo.io/{ip_address}) * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [Christian Studer] ## v2.4.169 (2023-03-10) ### Changes * [REQUIREMENTS] remove specific version of psutil as mentioned in #593. [Alexandre Dulaunoy] ### Other * Merge pull request #602 from crowdsecurity/crowdsec_user_agent. [Alexandre Dulaunoy] Set user agent of crowdsec misp module to crowdsec-misp/v1.0.0 * Set user agent of crowdsec misp module to crowdsec-misp/v1.0.0. [Shivam Sandbhor] ## v2.4.165 (2022-11-08) ### New * [expansion] Added extract_url_components module to create an object from an URL attribute. [Sami Mokaddem] * [import] import_blueprint to facilitate an easy-to-use blueprint for data import. [Sami Mokaddem] * [import] Url_import module to convert batch of URLs into url objects. [Sami Mokaddem] ### Changes * [mkdocs] updated doc. [Alexandre Dulaunoy] * [mkdows] footer updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] * [cve_advanced] Updated the module to use cvepremium & a few improvements. [Christian Studer] ### Fix * [url_import/url] added in __init__ [Alexandre Dulaunoy] * [crowdsec] Fixed the __init__ files. [Christian Studer] * [variodbs] Fixed indentation issue. [Christian Studer] - if `exploit_results` is empty, we should not go any further in the query for next values exploit results * [variodbs] Properly handling the exploit results when there is more that 10 results. [Christian Studer] - We keep querying the VARIoT db API with the link of the next content until there is no next result * [variodbs] Fixed the empty vulnerability results case handling, to avoid the module to stop before looking for related exploits. [Christian Studer] * [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process. [Christian Studer] * [variotdbs] Added the reference between the resulting vulnerability object and the initial vulnerability attribute. [Christian Studer] ### Other * Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Sami Mokaddem] * Merge pull request #590 from crowdsecurity/main. [Alexandre Dulaunoy] Add crowdsec module * Add crowdsec module. [Shivam Sandbhor] * Add: [variotdbs] Updated the exploit object mapping to support the object attributes recently added to the `exploit` template. [Christian Studer] * Merge branch 'new_module' of github.com:MISP/misp-modules. [Christian Studer] * Add: [readme] Added description for the variotdbs module. [Christian Studer] * Add: [documentation] Regenerated documentation with the recently added modules description. [Christian Studer] * Add: [documentation] Added documentation for the variotdbs module. [Christian Studer] * Add: [variotdbs] Added the exploit information parsing. [Christian Studer] - Following a recent change on the variotdbs API allowing requests to get exploits information base on a CVE number * Merge branch 'main' into new_module. [Christian Studer] * Add: [variotdbs] Added module to query the variotdbs API with a vulnerabliity, to get additional info about it. [Christian Studer] * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [Christian Studer] * Merge pull request #586 from RamboV/main. [Alexandre Dulaunoy] Added more endpoints to the module * Update hyasinsight.py. [Rambatla Venkat Rao] * Added few more endpoints. [Rambatla Venkat Rao] * Merge pull request #585 from extra2000/bump-vt-py-0_17_1. [Alexandre Dulaunoy] fix(REQUIREMENTS): bump `vt-py` to `0.17.1` due to `0.17.0` is no longer exists * Fix(REQUIREMENTS): bump `vt-py` to `0.17.1` due to `0.17.0` is no longer exists. [Nik Mohamad Aizuddin] * Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [Christian Studer] * Merge pull request #583 from JakubOnderka/update-dependencies. [Jakub Onderka] Update REQUIREMENTS * Update REQUIREMENTS. [Jakub Onderka] ## v2.4.163 (2022-09-26) ### Fix * [expansion:apivoid] add missing email attribute input types. [Jeroen Pinoy] ### Other * Merge pull request #579 from szopin/patch-2. [Alexandre Dulaunoy] Fix for ocr import * Fix for ocr import. [szopin] Currently works only for .pdf files, with this .png and .jpg should also work (fixes #512) * Merge pull request #581 from Wachizungu/add-input-email-attribute-types-to-apivoid-exp-module. [Alexandre Dulaunoy] fix: [expansion:apivoid] add missing email attribute input types * Merge pull request #578 from szopin/patch-1. [Alexandre Dulaunoy] Fix for hashdd * Fix for hashdd. [szopin] Endpoint has changed, now only accepts md5 and the format of the reply is also different ## v2.4.162 (2022-09-09) ### New * [expansion:jinja_template_rendering] Added new module to rendre a jinja template based on the provided data. [Sami Mokaddem] ### Changes * [tools] add logging for doc generation. [Alexandre Dulaunoy] * [documentation] fix JSON. [Alexandre Dulaunoy] * [requirements] Added jinja2 entry. [Sami Mokaddem] * [requirements] Added mattermostdriver entry. [Sami Mokaddem] ### Fix * [doc] logo fixed. [Alexandre Dulaunoy] * [shodan] The input attribute is actually already added to the event at the beginning. [Christian Studer] * [shodan] Fixed wrong asset used to add attribute to. [chrisr3d] - This caused the input `ip-src` or `ip-dst` input attribute to be added to the `ip-api-addres` which does not have these attributes in their template, where they should be added to the Event instead ### Other * Merge pull request #575 from RamboV/main. [Alexandre Dulaunoy] Adding HYAS Insight Module * Fixed lgtm issues. [Rambatla Venkat Rao] * Added hyas test case. [Rambatla Venkat Rao] * Added HYAS Insight documentation. [Rambatla Venkat Rao] * Added HYAS Insight Module. [Rambatla Venkat Rao] * Added HYAS Insight. [Rambatla Venkat Rao] * Added HYAS logo. [Rambatla Venkat Rao] * Added Hyas Insight Module. [Rambatla Venkat Rao] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Sami Mokaddem] * Merge pull request #574 from Benni0/patch-1. [Alexandre Dulaunoy] Add __init__.py to action_mod/_utils * Add __init__.py to action_mod/_utils. [Benni0] As _utils is currently not a package, this folder is missing in a built wheel from this package. * Merge pull request #572 from syloktools/main. [Alexandre Dulaunoy] Quick fix to service file * Update misp-modules.service. [Robert Nixon] Service doesn't like or need the -s option to execute the modules. * Update README.md. [Robert Nixon] ## v2.4.160 (2022-08-05) ### New * [action_mod] Added MatterMost module and deleted test modules. [Sami Mokaddem] * [action module] samples added for testing. [iglocska] * [action] module wip. [iglocska] * [logos] misp-modules logo. [Alexandre Dulaunoy] ### Fix * Fix vulnerable_configuration object ref, rely on template. [Raphaël Vinot] Related #853 ### Other * Merge branch 'geekweek' into main. [Sami Mokaddem] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * ***Be sure to run the latest version of `pip`*** [Alexandre Dulaunoy] ## v2.4.159 (2022-05-30) ### Fix * [requirements] Monkey copy paste issue. [chrisr3d] * [requirements] Aligning lief requirements with PyMISP. [chrisr3d] * [requirements] Updated python requirements. [chrisr3d] * [setup] Fixed potential conflicts with libraries in python 3.10 install. [chrisr3d] ### Other * Fix; [requirements] Fixed lief requirements to align them with PyMISP. [chrisr3d] ## v2.4.157 (2022-04-19) ### Changes * [test] Try to test with Python 3.10. [Jakub Onderka] * Update REQUIREMENTS. [Jakub Onderka] ### Fix * [expansion] clamav module was missing from the __init__ [Alexandre Dulaunoy] ### Other * Merge pull request #566 from VirusTotal/feat/add-rels-vt-modules. [Alexandre Dulaunoy] chg: [VirusTotal] Add more relations and attributes to VT modules * Add more relations and attributes to VT modules. [Daniel Pascual] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #565 from JakubOnderka/update-dependencies. [Alexandre Dulaunoy] chg: Update REQUIREMENTS * Merge pull request #564 from scottdermott/main. [Alexandre Dulaunoy] * Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable` * * Fix if network_behavior_field doesn't exist in packet. [Dermott, Scott] * * Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable` [Dermott, Scott] * Merge pull request #562 from sebdraven/master. [Alexandre Dulaunoy] Update the documentation * Update README.md. [Sebastien Larinier] * Update README.md. [Sebastien Larinier] * Merge pull request #5 from MISP/main. [Sebastien Larinier] my PR * Merge pull request #560 from VirusTotal/feat/virustotal-modules-api-v3. [Alexandre Dulaunoy] VirusTotal modules migration to API v3 * VirusTotal modules migration to API v3. [Daniel Pascual] ## v2.4.156 (2022-03-18) ### Changes * [joe_import] Changed the user configuration param `Import PE` into `Import Executable` [chrisr3d] * [joesandbox_query] Changed the `import_pe` param to `import_executable` [chrisr3d] * [joe] skip not existing system in behavior. [Alexandre Dulaunoy] * [requirements] dnspython3 is required. [Alexandre Dulaunoy] * [internal] Update deps. [Jakub Onderka] ### Fix * [joe parser] Some clean-up on the Joe parser. [chrisr3d] * [wiki] Change User-Agent to avoid 403 error. [Jakub Onderka] ### Other * Merge pull request #557 from JakubOnderka/update-deps. [Jakub Onderka] chg: [internal] Update deps ## v2.4.154 (2022-03-02) ### New * Add mmdb lookup expansion module. [Jeroen Pinoy] ### Changes * [doc] mmdb documention updated. [Alexandre Dulaunoy] * [doc] update mmdb_lookup documentation. [Jeroen Pinoy] * [doc] updated. [Alexandre Dulaunoy] * [apivoid] Add handling with email verify API. [Jeroen Pinoy] * [mmdb_lookup] Add handling of ASN details. [Jeroen Pinoy] * [lib] latest stix2misp.py updated. [Alexandre Dulaunoy] ### Fix * Allow email-src and email-dst as input for apivoid module. [Jeroen Pinoy] ### Other * Merge pull request #556 from Wachizungu/chg-add-edit-mmdb-lookup-documentation. [Alexandre Dulaunoy] chg:[doc] update mmdb_lookup documentation * Merge pull request #555 from Wachizungu/fix-add-extra-email-input-types-for-apivoid-module. [Alexandre Dulaunoy] fix: Allow email-src and email-dst as input for apivoid module * Merge pull request #554 from RamboV/main. [Alexandre Dulaunoy] IPQualityScore MISP Expansion Module Integration * Merge branch 'main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #552 from Wachizungu/add-email-verify-to-apivoid-module. [Alexandre Dulaunoy] chg:[apivoid] Add handling with email verify API * Merge pull request #551 from Wachizungu/add-asn-handling-to-mmdb-lookup. [Alexandre Dulaunoy] chg: [mmdb_lookup] Add handling of ASN details. * Merge pull request #550 from Wachizungu/add-mmdb-lookup-expansion-module. [Alexandre Dulaunoy] new: Add mmdb lookup expansion module * Merge pull request #549 from JakubOnderka/3-7. [Alexandre Dulaunoy] Update dependencies, require Python 3.7 * Update dependencies, require Python 3.7. [Jakub Onderka] * Merge branch 'chisholm-taxii21_import_contrib' into main. [Alexandre Dulaunoy] * Merge branch 'taxii21_import_contrib' of https://github.com/chisholm/misp-modules into chisholm-taxii21_import_contrib. [Alexandre Dulaunoy] * Added some library requirements for the taxii21 import module. [Michael Chisholm] * Add workaround for PyMISP bug regarding conversion of objects to JSON-serializable values. [Michael Chisholm] * Contribute a TAXII 2.1 import style misp-module. [Michael Chisholm] * Updated to add the latest modules. [Rambatla Venkat Rao] * Update __init__.py. [Rambatla Venkat Rao] * Update __init__.py. [Rambatla Venkat Rao] * Update ipqs_fraud_and_risk_scoring.py. [Rambatla Venkat Rao] * Update test_expansions.py. [Rambatla Venkat Rao] * Update test_expansions.py. [Rambatla Venkat Rao] * Update test_expansions.py. [Rambatla Venkat Rao] * Update test_expansions.py. [Rambatla Venkat Rao] * Update test_expansions.py. [Rambatla Venkat Rao] * Update ipqs_fraud_and_risk_scoring.py. [Rambatla Venkat Rao] * Update ipqs_fraud_and_risk_scoring.json. [Rambatla Venkat Rao] * Added documentation. [Rambatla Venkat Rao] * Added IPQS logo. [Rambatla Venkat Rao] * Update ipqs_fraud_and_risk_scoring.py. [Rambatla Venkat Rao] * Added ipqs_fraud_and_risk_scoring to modules list. [Rambatla Venkat Rao] * Initial Commit for IPQualityScore Expansion Module. [Rambatla Venkat Rao] * Delete. [Rambatla Venkat Rao] * Added ipqualityscore to All list. [Rambatla Venkat Rao] * Initial Commit for IPQualityScore Expansion Module. [Rambatla Venkat Rao] ## v2.4.153 (2022-02-04) ### New * [doc] virustotal_collections modules added. [Alexandre Dulaunoy] * [REQUIREMENTS] for the documentation generation. [Alexandre Dulaunoy] * [CI] Use GitHub Actions for test. [Jakub Onderka] ### Changes * [doc] updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] * [pip] Force pandas to 1.3.5. [Jakub Onderka] * [gitchangelogrc] added. [Alexandre Dulaunoy] ### Fix * [test] cache url test. [Alexandre Dulaunoy] * Required parameters for Recorded Future object. [Raphaël Vinot] * [ods_enrich] Try to fix reading bytesio. [Jakub Onderka] * [test] Skip test_ipasn and test_otx tests. [Jakub Onderka] * [ods_enrich] Better exception logging. [Jakub Onderka] * [test] Better error handling. [Jakub Onderka] * [internal] Better exception logging. [Jakub Onderka] * [test] Typo. [Jakub Onderka] ### Other * Merge pull request #548 from VirusTotal/vt/export-collections. [Alexandre Dulaunoy] [VirusTotal] Export module to create a VT Collection from an event * MISP exportmodule to create a VT Collection form an event. [Daniel Pascual] * Merge pull request #547 from Wachizungu/fix-add-hashlookup-to-expansion-initpy. [Alexandre Dulaunoy] Add hashlookup to expansion init.py * Add hashlookup to expansion init.py. [Jeroen Pinoy] * Merge pull request #545 from silvian-io/main. [Christophe Vandeplas] [crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module * [crowdstrike_falcon] fix imports warning. [Silvian I] * Merge branch 'MISP:main' into main. [Silvian Iosub] * Merge pull request #542 from slv008/main. [Alexandre Dulaunoy] Upgrade censys_enrich module to new api version * [crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module to new api version & add attribute creation on enrichment functionality. [Silvian I] * Upgrade censys_enrich module to new api version - fix test error. [Silvian I] * Upgrade censys_enrich module to new api version - fix test error. [Silvian I] * Merge remote-tracking branch 'origin/main' into main. [Silvian I] # Conflicts: # misp_modules/modules/expansion/censys_enrich.py # tests/test_expansions.py * Upgrade censys_enrich module to new api version. [Silvian I] * Upgrade censys_enrich module to new api version. [Silvian I] * Merge pull request #541 from ManoftheSea/main. [Alexandre Dulaunoy] It seems alright to leave the field empty, just have to check empty * It seems alright to leave the field empty, just have to check that it is empty. [Derek LaHousse] * Merge pull request #540 from cudeso/main. [Alexandre Dulaunoy] Module to push malware samples to a MWDB instance * Update REQUIREMENTS. [Koen Van Impe] * Update mwdb.py. [Koen Van Impe] * Module to push malware samples to a MWDB instance. [Koen Van Impe] - Upload of attachment or malware sample to MWDB - Tags of events and/or attributes are added to MWDB. - Comment of the MISP attribute is added to MWDB. - A link back to the MISP event is added to MWDB via the MWDB attribute. - A link to the MWDB attribute is added as an enriched attribute to the MISP event. * Update README. [Alexandre Dulaunoy] Add status badge for GH workflow * Merge pull request #539 from JakubOnderka/github-actions. [Alexandre Dulaunoy] new: [CI] Use GitHub Actions for test * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] ## v2.4.152 (2021-12-22) ### Changes * [hashlookup] support for sha256 and bug fix for non-exising MD5. [Alexandre Dulaunoy] * [Pipefile.lock] removed. [Alexandre Dulaunoy] * [REQUIREMENTS] chardet issue - let installer decide. [Alexandre Dulaunoy] * [REQUIREMENTS] aiohttp. [Alexandre Dulaunoy] * [requirements] pillow updated to the latest version. [Alexandre Dulaunoy] * [requirements] lxml updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] ### Fix * [hashlookup] typo fixed. [Alexandre Dulaunoy] ### Other * Merge pull request #536 from qintel/feat/qintel_qsentry. [Alexandre Dulaunoy] New Module: Qintel QSentry * Feature: add qintel qsentry module documentation. [Calvin Krzywiec] * Feature: add qintel qsentry expansion module. [Calvin Krzywiec] ## v2.4.151 (2021-11-19) ### New * [doc] Passive SSH documentation. [Alexandre Dulaunoy] ### Changes * [py] Dependency bump. Works on buuntu 18.04.x. [Steve Clement] * [py] Pandas requirements update. [Steve Clement] * [documentation] updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] ### Fix * [py] Dependency fix. [Steve Clement] * [mkdocs] updated configuration for version 5 of mkdocs. [Alexandre Dulaunoy] ### Other * Merge pull request #534 from SteveClement/main. [Steve Clement] * Merge pull request #533 from SteveClement/main. [Steve Clement] * Merge pull request #532 from SteveClement/main. [Steve Clement] * Merge pull request #529 from gallypette/main. [Alexandre Dulaunoy] passive-ssh expansion module * Merge branch 'MISP:main' into main. [Jean-Louis Huynen] * Merge pull request #528 from rderkachrf/rf_release_2_0. [Alexandre Dulaunoy] Release 2.0: Update Recorded future expansion module with the new data * Update Recorded future expansion module with the new data. [rderkach] In this release, we added new data that we have called Links. It represents better and more filtered related data. Also did some code formatting. * Add: [passive-ssh] initial commit. [Jean-Louis Huynen] * Merge pull request #526 from korrosivesec/patch-1. [Alexandre Dulaunoy] Add libcaca-dev to apt packages required * Add libcaca-dev to apt packages required. [Kory Kyzar] I needed to add libcaca-dev to make gtcaca. ## Before ``` misp@server:/usr/local/src/gtcaca/build$ cmake .. && make -- The C compiler identification is GNU 7.5.0 -- The CXX compiler identification is GNU 7.5.0 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done CMake system name: Linux -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") pkg config path: -- Check if the system is big endian -- Searching 16 bit integer -- Looking for sys/types.h -- Looking for sys/types.h - found -- Looking for stdint.h -- Looking for stdint.h - found -- Looking for stddef.h -- Looking for stddef.h - found -- Check size of unsigned short -- Check size of unsigned short - done -- Using unsigned short -- Check if the system is big endian - little endian -- Checking for module 'caca' -- No package 'caca' found CMake Error at /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:415 (message): A required package was not found Call Stack (most recent call first): /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:593 (_pkg_check_modules_internal) CMakeLists.txt:69 (pkg_check_modules) -- Configuring incomplete, errors occurred! See also "/usr/local/src/gtcaca/build/CMakeFiles/CMakeOutput.log". ``` ## After ``` misp@server:/usr/local/src/gtcaca/build$ cmake .. && make CMake system name: Linux pkg config path: -- Checking for module 'caca' -- Found caca, version 0.99.beta19 libcaca link library: -lcaca CMake system: Linux -- Configuring done -- Generating done -- Build files have been written to: /usr/local/src/gtcaca/build ``` ## v2.4.150 (2021-10-19) ### New * [hashlookup] documentation added. [Alexandre Dulaunoy] * [hashlookup] new hashlookup module added. [Alexandre Dulaunoy] https://www.circl.lu/services/hashlookup/ * [hashlookup] new hashlookup module added. [Alexandre Dulaunoy] ### Changes * [hashlookup] KnownMalicious field added. [Alexandre Dulaunoy] * [hashlookup] add new fields such as source, SSDEEP and TLSH. [Alexandre Dulaunoy] * [hashlookup] Using the actual attribute types for FileName & FileSize. [chrisr3d] - Following the recent changes on the obejct template to use `filename` as attribute type for the FileName object relation instead of `text` https://github.com/MISP/misp-objects/commit/d2b93f5aa69e0d9bfc549915b8f691cc5f62bf6c * [hashlookup] logo updated. [Alexandre Dulaunoy] * [logo] CIRCL logo added for hashlookup service. [Alexandre Dulaunoy] ### Fix * [yara_query] Fixed module input parsing. [chrisr3d] - The module used to work properly when called from a single attribute enrichment, but was broken when called from the hover enrichment feature, because of the additional `persistent` field used to define which type of hover enrichment is queried * [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record. [Alexandre Dulaunoy] * Add missing dependency (ndjson) of cof2misp1. [Luciano Righetti] * Added note about the Domaintools module being deprecated. [Andras Iklody] - as requested by Domaintools, including a link to their own, up to date module * [hashlookup] Fixed the errors handling. [chrisr3d] - Since the modules system is waiting for a dict, we return `misperrors` instead of the actual value of the 'error' key, and the module will no longer fail when there is no result to parse * [greynoise] typo fixed. [Alexandre Dulaunoy] ### Other * Merge pull request #520 from aaronkaplan/fix-github-alerts. [Alexandre Dulaunoy] Fix github's security alert: fix * Fix github's security alert: fix * CVE-2021-28676 * CVE-2021-25287 * CVE-2021-28675 * CVE-2021-28678 * CVE-2021-25288 * CVE-2021-28677. [aaronkaplan] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #519 from Lastline-Inc/main. [Alexandre Dulaunoy] Update dependency files * Update dependency files. [Jason Zhang] * Merge pull request #517 from mohlcyber/main. [Alexandre Dulaunoy] Added McAfee MVISION Insights Expansion Module * Added McAfee MVISION Insights. [Martin Ohl] * Update README.md. [Martin Ohl] * Create mcafee_insights_enrich.py. [Martin Ohl] Module to expand IOC information with McAfee MVISION Insights * Revert "fix: [greynoise] typo fixed" [Alexandre Dulaunoy] This reverts commit e36e3ea117b2b6562eaad2008f23a98c5b69f9e5. * Merge pull request #516 from Lastline-Inc/main. [Alexandre Dulaunoy] Sanity checks * Sanity checks. [Jason Zhang] * Merge pull request #515 from GreyNoise-Intelligence/greynoise_update_doc_json. [Alexandre Dulaunoy] Update the greynoise.json file * Update greynoise.json. [Brad Chiappetta] * Merge pull request #514 from GreyNoise-Intelligence/greynoise-add-cve-enhance-ip. [Alexandre Dulaunoy] Add CVE Lookup and Enhance IP Lookup * Documenation updates. [Brad Chiappetta] * Add cve support and enhance ip lookups. [Brad Chiappetta] ## v2.4.148 (2021-08-09) ### Other * Merge pull request #513 from Lastline-Inc/main. [Alexandre Dulaunoy] Add vmware_nsx module * Add vmware_nsx module. [Jason Zhang] * Merge pull request #507 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] Cof2misp * Fix the last issues of #493 (https://github.com/MISP/misp-modules/issues/493) [Aaron Kaplan] * Unit test for dnsdbflex in lib/cof.py. [Aaron Kaplan] * Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp. [aaronkaplan] * Push version. [aaronkaplan] * Add a function to validate dnsdbflex output add dnsdbflex parser. It's rather easy. [aaronkaplan] * Merge remote-tracking branch 'origin/cof2misp' into cof2misp. [aaronkaplan] * Add a function to validate dnsdbflex output. [aaronkaplan] ## v2.4.145 (2021-06-28) ### Changes * [virustotal_public] make flake8 happy. [Alexandre Dulaunoy] * [travis] flake8 updated. [Alexandre Dulaunoy] * [virustotal] make flake8 happy. [Alexandre Dulaunoy] * [requirements] remove the pypi index from the requirements. [Alexandre Dulaunoy] This fixes #505 but we need to find a clean solution for Pipfile generating it. * [tests] btc_steroid not working via CI. [Alexandre Dulaunoy] * [travis] remove old docker before install. [Alexandre Dulaunoy] * Bump deps. [Raphaël Vinot] * Bump deps. [Raphaël Vinot] ## v2.4.144 (2021-06-07) ### Other * Merge pull request #501 from legoguy1000/virustotal-proxy. [Alexandre Dulaunoy] Add proxy configs for virus total modules * Add proxy configs for virus total modules. [Alex Resnick] * Merge pull request #499 from RamboV/main. [Alexandre Dulaunoy] Farsight DNSDB - Added Default Distribution Setting * Updated Distribution Constant. [Rambatla Venkat Rao] * Default distribution setting to DNSDB Objects. [Rambatla Venkat Rao] * Added a default distribution setting to Objects. [Rambatla Venkat Rao] ## v2.4.143 (2021-05-14) ### Changes * [test] onyphe no way to test without authentication keys. [Alexandre Dulaunoy] * [cof2misp] bailiwick is optional. [Alexandre Dulaunoy] * [doc] cof2misp documentation added. [Alexandre Dulaunoy] * [cof2misp] debugging removed. [Alexandre Dulaunoy] * [cof2misp] remove logging in the misp-modules. [Alexandre Dulaunoy] * [cof2misp module] fix the import module/package "__init__.py" missing. [Alexandre Dulaunoy] * [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template. [chrisr3d] ### Fix * [farsight_passivedns] Handling exceptions raised from a query error. [chrisr3d] - This can happen with for instance a wrong server URL ### Other * Merge pull request #498 from sebdraven/master. [Alexandre Dulaunoy] Refactorin onype module * Fix bug on loop. [Sebdraven] * Remove print and variable unsuable. [Sebdraven] * Merge pull request #4 from MISP/main. [sebdraven] merge * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge pull request #497 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] Cof2misp * Oops, there was a minor error. print(..., file=sys.stDerr) . Typo! [root] * Add license text. No logical changes in this commit. [aaronkaplan] * Merge pull request #491 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] Version 0.2 of the cof2misp import module. * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Make teh special attributes *_ip and _domain not needed. See the discussion in https://github.com/MISP/misp-objects/pull/314. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Make stub strict parser. [aaronkaplan] * Again, make flake8 happy. My local flake8 was already happy. hm. [aaronkaplan] * Flake8, you suck. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Make flake8 happier. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] * Version 0.2 of the cof2misp import module. [aaronkaplan] * Version 0.2 of the cof2misp import module. [aaronkaplan] * Add summary ip, domain and hostname. [Sebdraven] * Fix bug. [Sebdraven] * Add reference. [Sebdraven] * Add test to check. [Sebdraven] * Fixe typo. [Sebdraven] * Remove pass. [Sebdraven] * Add object certificate. [Sebdraven] * Add hostname. [Sebdraven] * Update onyphe.py. [Sebdraven] remove typo * Check entry in result dico. [Sebdraven] * Add logs. [Sebdraven] * Fix logical test. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add summary ip. [Sebdraven] object domain * Refactoring of the module. [Sebdraven] ## v2.4.142 (2021-04-26) ### New * [logo] yeti logo added. [Alexandre Dulaunoy] * [ChangeLog] added. [Alexandre Dulaunoy] ### Changes * [doc] yeti logo added. [Alexandre Dulaunoy] * [doc] Makefile fixed. [Alexandre Dulaunoy] * [doc] README cleanup and historical stuff removed. [Alexandre Dulaunoy] * [doc] fix path of mkdocs output. [Alexandre Dulaunoy] ### Fix * [tests] Back to the former ip address in the threatcrowd module test. [chrisr3d] * [doc] Travis button was on the old master branch. [Alexandre Dulaunoy] fix: [doc] Travis button was on the old master branch * [doc] build script. [Alexandre Dulaunoy] ### Other * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #488 from sebdraven/master. [Alexandre Dulaunoy] Module Yeti * Add pyeti package. [Sebdraven] * Merge branch 'main' [Sebdraven] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Fix typo. [Sebdraven] * Remove variable unused. [Sebdraven] * Remove import unused and add package in requirements. [Sebdraven] * Create yeti.json. [Sebdraven] add doc * Update yeti.py. [Sebdraven] pep 8 compliant * Update yeti.py. [Sebdraven] remove tags and entity * Update yeti.py. [Sebdraven] add input * Merge pull request #2 from MISP/master. [sebdraven] Master * Update yeti.py. [Sebdraven] add tests * Update yeti.py. [Sebdraven] add ns record dst and src link * Update yeti.py. [Sebdraven] add test to create result * Update yeti.py. [Sebdraven] fix edges * Update yeti.py. [Sebdraven] fix typo * Update yeti.py. [Sebdraven] change params * Update yeti.py. [Sebdraven] add ns_record object * Update yeti.py. [Sebdraven] change loop * Update yeti.py. [Sebdraven] fix bug * Update yeti.py. [Sebdraven] remove tests * Update yeti.py. [Sebdraven] filter by id * Update yeti.py. [Sebdraven] add src * Update yeti.py. [Sebdraven] fix keyerror * Update yeti.py. [Sebdraven] fix bug about id * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add test of id * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add descripton * Update yeti.py. [Sebdraven] add file to add in attribute * Update yeti.py. [Sebdraven] add tags for attribute * Update yeti.py. [Sebdraven] remove tag * Update yeti.py. [Sebdraven] test tags * Update yeti.py. [Sebdraven] change tags method * Update yeti.py. [Sebdraven] add related observable and AS * Update yeti.py. [Sebdraven] remove print debug * Update yeti.py. [Sebdraven] fix bugs key error * Update yeti.py. [Sebdraven] add param * Update yeti.py. [Sebdraven] try typo * Update yeti.py. [Sebdraven] remove print * Update yeti.py. [Sebdraven] remove tests * Update yeti.py. [Sebdraven] test * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] try test * Update yeti.py. [Sebdraven] add check * Update yeti.py. [Sebdraven] correct bug * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] correct typo * Update yeti.py. [Sebdraven] add relation * Update yeti.py. [Sebdraven] refactoring and add Url neighboors * Update yeti.py. [Sebdraven] add key results * Update yeti.py. [Sebdraven] delete attr * Update yeti.py. [Sebdraven] correction format strings * Update yeti.py. [Sebdraven] change logs * Update yeti.py. [Sebdraven] value attribute * Update yeti.py. [Sebdraven] change logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add relation * Update yeti.py. [Sebdraven] remove add * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change relations * Update yeti.py. [Sebdraven] change modification * Update yeti.py. [Sebdraven] update relation * Update yeti.py. [Sebdraven] change relation type * Update yeti.py. [Sebdraven] add relationship * Update yeti.py. [Sebdraven] add ref * Update yeti.py. [Sebdraven] add test * Update yeti.py. [Sebdraven] change attribute add * Update yeti.py. [Sebdraven] change relationship * Update yeti.py. [Sebdraven] log json * Update yeti.py. [Sebdraven] log object * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change type attr and relation * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change relation type and misp event init * Update yeti.py. [Sebdraven] add relation object * Update yeti.py. [Sebdraven] add object * Update yeti.py. [Sebdraven] refactoring * Update yeti.py. [Sebdraven] using attribute * Update yeti.py. [Sebdraven] use format misp * Update yeti.py. [Sebdraven] modify acess dict * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add neighboors iocs to add the event * Update yeti.py. [Sebdraven] modify call yeti * Update yeti.py. [Sebdraven] Correct bugs * Update yeti.py. [Sebdraven] change inherit * Update yeti.py. [Sebdraven] change path to access config settings * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add ip-dst to enrich * Update yeti.py. [Sebdraven] add logs * Yeti pluggin. [Sebdraven] get_entities and get_neighboors * Update yeti.py. [Sebdraven] add introspection method * Update yeti.py. [Sebdraven] add method version * Update yeti.py. [Sebdraven] correct import * Update REQUIREMENTS. [Sebdraven] correct conflic * Update yeti.py. [Sebdraven] add config and struct * Add new module. [Sebdraven] new module yeti * Update .gitignore. [Sebdraven] update .gitignore to env pycharm * Merge pull request #1 from MISP/master. [sebdraven] Master * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] ## v2.4.141 (2021-04-19) ### Changes * [tests] LiveCI set for RBL tests (network connectivity issues in the CI) [Alexandre Dulaunoy] * [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed. [chrisr3d] * [rbl] Small changes on the rbl list and the results handling. [chrisr3d] * [test] skip some tests if running in the CI (API limitation or specific host issues) [Alexandre Dulaunoy] * [tests] historical records in threatcrowd. [Alexandre Dulaunoy] * [test] fixing IP addresses. [Alexandre Dulaunoy] * [passivetotal] new test IP address. [Alexandre Dulaunoy] * [farsight] make PEP happy. [Alexandre Dulaunoy] * [requirements] openpyxl added. [Alexandre Dulaunoy] * [travis] missing dep. [Alexandre Dulaunoy] * [test expansion] IPv4 address of CIRCL updated. [Alexandre Dulaunoy] * [coverage] install. [Alexandre Dulaunoy] * [pipenv] removed. [Alexandre Dulaunoy] * [travis] get rid of pipenv. [Alexandre Dulaunoy] * [Pipfile.lock] updated. [Alexandre Dulaunoy] * [doc] fix index of mkdocs. [Alexandre Dulaunoy] * [documentation] updated. [Alexandre Dulaunoy] * [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d] - We get the datetime format instead of the raw timestamp * Bump deps. [Raphaël Vinot] * [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d] - We get the datetime format instead of the raw timestamp * [farsight_passivedns] Added input types for more flex queries. [chrisr3d] - Standard types still supported as before - Name or ip lookup, with optional flex queries - New attribute types added will only send flex queries to the DNSDB API * [doc] fix #460 - rh install. [Alexandre Dulaunoy] * [requirements] fix 463. [Alexandre Dulaunoy] ### Fix * [tests] Fixed btc_steroids test assertion. [chrisr3d] * [ocr_enrich] Making Pep8 happy. [chrisr3d] * [tests] Fixed variable names that have been changed with the latest commit. [chrisr3d] * [ocr_enrich] Fixed tesseract input format. [chrisr3d] - It looks like the `image_to_string` method now assumes RGB format and the `imdecode` method seems to give BGR format, so we convert the image array before * [tests] Fixed tests for some modules waiting for standard MISP Attribute format as input. [chrisr3d] * [tests] Fixed hibp test which requires an API key. [chrisr3d] * [hibp] Fixed config handling to avoir KeyError exceptions. [chrisr3d] * [test] dns module. [Alexandre Dulaunoy] * [main] Disable duplicate JSON decoding. [Jakub Onderka] * [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other. [Alexandre Dulaunoy] * [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d] - Getting generator as a list as it is already the case for all the other results, so it avoids issues to read the results by accidently looping through the generator before it is actually needed, which would lose the content of the generator - Also removed print that was accidently introduced with the last commit * [farsight_passivedns] Excluding last_seen value for now, in order to get the available results. [chrisr3d] - With last_seen set we can easily get results included in a certain time frame (between first seen and last seen), but we do not get the latest results. In order to get those ones, we skip filtering on the time_last_before value * [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d] - Getting generator as a list as it is already the case for all the other results, so it avoids issues to read the results by accidently looping through the generator before it is actually needed, which would lose the content of the generator - Also removed print that was accidently introduced with the last commit * Making pep8 happy. [chrisr3d] * [farsight_passivedns] Fixed queries to the API. [chrisr3d] - Since flex queries input may be email addresses, we nake sure we replace '@' by '.' in the flex queries input. - We also run the flex queries with the input as is first, before runnning them as second time with '.' characters escaped: '\\.' * Google.py module. [Jürgen Löhel] The search result does not include always 3 elements. It's better to enumerate here. The googleapi fails sometimes. Retry it 3 times. * Google.py module. [Jürgen Löhel] Corrects import for gh.com/abenassi/Google-Search-API. * Consider mail body as UTF-8 encoded. [Jakub Onderka] ### Other * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Fix; [tests] Changes on assertion statements that should fix the passivetotal, rbl & shodan tests. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #435 from JakubOnderka/remove-duplicate-decoding. [Alexandre Dulaunoy] fix: [main] Remove duplicate JSON decoding * Add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects. [chrisr3d] - The object_relation `time_first` is added as the `first_seen` value of the object - Same with `time_last` -> `last_seen` * Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] * Merge pull request #484 from GreyNoise-Intelligence/main. [Alexandre Dulaunoy] Update to GreyNoise expansion module * Update community api to released ver. [Brad Chiappetta] * Fix ver info. [Brad Chiappetta] * Updates for greynoise community api. [Brad Chiappetta] * Merge pull request #485 from jgwilson42/patch-1. [Alexandre Dulaunoy] Update README.md * Update README.md. [James Wilson] Ensure that the clone of misp-modules is owned by www-data * Merge pull request #482 from MISP/new_features. [Alexandre Dulaunoy] Farsight_passivedns module updated with new input types compatible with flex queries * Add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] * Merge pull request #481 from cocaman/main. [Alexandre Dulaunoy] Adding ThreatFox enrichment module * Adding additional tags. [Corsin Camichel] * First version of ThreatFox enrichment module. [Corsin Camichel] * Merge pull request #480 from cocaman/patch-1. [Alexandre Dulaunoy] updating "hibp" for API version 3 * Updating "hibp" for API version 3. [Corsin Camichel] * Merge pull request #477 from jloehel/fix/google-module. [Alexandre Dulaunoy] Fix/google module * Merge pull request #476 from digihash/patch-1. [Alexandre Dulaunoy] Update README.md * Update README.md. [Kevin Holvoet] Added fix based on https://github.com/MISP/MISP/issues/4045 * Merge pull request #475 from adammchugh/patch-3. [Alexandre Dulaunoy] Fixed the censys version * Fixed the censys version. [adammchugh] Unsure how I managed to get the version so wrong, but I have updated it to the current version and confirmed as working. * Merge pull request #474 from JakubOnderka/patch-4. [Alexandre Dulaunoy] fix: Consider mail body as UTF-8 encoded * Merge pull request #473 from adammchugh/patch-2. [Alexandre Dulaunoy] Change to pandas version requirement to address pip install failure * Included missing dependencies for censys and pyfaup. [adammchugh] Added censys dependency Added pyfaup dependency * Change to pandas version requirement to address pip install failure. [adammchugh] Updated pandas version to 1.1.5 to allow pip install as defined at https://github.com/MISP/misp-modules to complete successfully. * Merge pull request #470 from adammchugh/patch-1. [Alexandre Dulaunoy] Update assemblyline_submit.py - Add verify SSL option * Update assemblyline_submit.py. [adammchugh] * Update assemblyline_query.py. [adammchugh] * Update assemblyline_submit.py. [adammchugh] * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Update README long hyphen is not standard ASCII hyphen. [Alexandre Dulaunoy] Fix #464 ## v2.4.137 (2021-01-25) ### Changes * Bump deps. [Raphaël Vinot] * Bump requirements. [Raphaël Vinot] * [pipenv] Enable email extras for PyMISP. [Jakub Onderka] ### Fix * Bump PyMISP dep to latest. [Raphaël Vinot] * Use PyMISP from PyPi. [Raphaël Vinot] * Use pymisp from pypi. [Raphaël Vinot] * [pipenv] Missing clamd. [Jakub Onderka] ### Other * Merge pull request #466 from NoDataFound/main. [Alexandre Dulaunoy] Corrected VMray rest API import * Corrected VMray rest API import. [Cory Kennedy] When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import. * Merge pull request #457 from trustar/main. [Alexandre Dulaunoy] added more explicit error messages for indicators that return no enri… * Added more explicit error messages for indicators that return no enrichment data. [Jesse Hedden] * Merge pull request #452 from kuselfu/main. [Alexandre Dulaunoy] update vmray_import, add vmray_summary_json_import * Fix imports and unused variables. [Jens Thom] * Resolve merge conflict. [Jens Thom] * Merge remote-tracking branch 'upstream/main' into main. [Jens Thom] * Merge pull request #451 from JakubOnderka/versions-update. [Alexandre Dulaunoy] fix: [pipenv] Missing clamd * Merge pull request #450 from JakubOnderka/versions-update. [Alexandre Dulaunoy] chg: [pipenv] Enable email extras for PyMISP * Merge pull request #448 from HacknowledgeCH/export_defender_endpoint. [Alexandre Dulaunoy] Export defender endpoint * Fixed error reported by LGTM analysis. [milkmix] * Added documentation. [milkmix] * Added missing quotes. [milkmix] * Added URL support. [milkmix] * Typo in python src name. [milkmix] * Initial work on Defender for Endpoint export module. [milkmix] * * add parser for report version v1 and v2 * add summary JSON import module. [Jens Thom] ## v2.4.134 (2020-11-18) ### New * [expansion] Added html_to_markdown module. [mokaddem] It fetches the HTML from the provided URL, performs a bit of DOM clean-up then convert it into markdown * [clamav] Module for malware scan by ClamAV. [Jakub Onderka] * [passivedns, passivessl] Add support for ip-src|port and ip-dst|port. [Jakub Onderka] * Censys Expansion module. [Golbark] * Expansion module to query MALWAREbazaar API with some hash attribute. [chrisr3d] ### Changes * [pipenv] Updated lock Pipfile again. [chrisr3d] * [pipenv] Updated lock Pipfile. [chrisr3d] * Added socialscan library in Pipfile and updated the lock file. [chrisr3d] * [documentation] Cleaner documentation directories & auto-generation. [chrisr3d] Including: - A move of the previous `doc` and `docs` directories to `documentation` - `documentation` is now the default directory - The documentation previously under `doc` is now in `documentation/website` - The mkdocs previously under `docs` is now in `documentation/mkdocs` - All single JSON documentation files have been JQed - Some small improvements to list fields displaying * [pipenv] Updated Pipfile. [chrisr3d] * [documentation] Updated the farsight-passivedns documentation. [chrisr3d] * [cpe] Added default limit to the results. [chrisr3d] - Results returned by CVE-search are sorted by cvss score and limited in number to avoid potential massive amount of data retuned back to MISP. - Users can overwrite the default limit with the configuration already present as optional, and can also set the limit to 0 to get the full list of results * [farsight_passivedns] Now using the dnsdb2 python library. [chrisr3d] - Also updated the results parsing to check in each returned result for every field if they are included, to avoid key errors if any field is missing * [cpe] Support of the new CVE-Search API. [chrisr3d] * [doc] Updated the farsight_passivedns module documentation. [chrisr3d] * [farsight_passivedns] More context added to the results. [chrisr3d] - References between the passive-dns objects and the initial attribute - Comment on object attributes mentioning whether the results come from an rrset or an rdata lookup * [farsight_passivedns] Rework of the module to return MISP objects. [chrisr3d] - All the results are parsed as passive-dns MISP objects - More love to give to the parsing to add references between the passive-dns objects and the input attribute, depending on the type of the query (rrset or rdata), or the rrtype (to be determined) * [cpe] Changed CVE-Search API default url. [chrisr3d] * [clamav] Add reference to original attribute. [Jakub Onderka] * [clamav] TCP port connection must be an integer. [Alexandre Dulaunoy] * Bump deps. [Raphaël Vinot] * Updated expansion modules documentation. [chrisr3d] - Added documentation for the missing modules - Renamed some of the documentation files to match with the module names and avoid issues within the documentation file (README.md) with the link of the miss-spelled module names * Updated the bgpranking expansion module test. [chrisr3d] * Updated documentation for the recently updated bgpranking module. [chrisr3d] * Updated the bgpranking expansion module to return MISP objects. [chrisr3d] - The module no longer returns freetext, since the result returned to the freetext import as text only allowed MISP to parse the same AS number as the input attribute. - The new result returned with the updated module is an asn object describing more precisely the AS number, and its ranking for a given day * Turned the Shodan expansion module into a misp_standard format module. [chrisr3d] - As expected with the misp_standard modules, the input is a full attribute and the module is able to return attributes and objects - There was a lot of data that was parsed as regkey attributes by the freetext import, the module now parses properly the different field of the result of the query returned by Shodan * Updated documentation about the greynoise module. [chrisr3d] * Updated Greynoise tests following the latest changes on the expansion module. [chrisr3d] * Making use of the Greynoise v2 API. [chrisr3d] * Bump deps. [Raphaël Vinot] * [doc] Added details about faup. [Steve Clement] * [doc] in case btc expansion fails, give another hint at why it fails. [Steve Clement] * [travis] Added gtcaca and liblua to faup. [Steve Clement] * [travis] Added py3.8. [Steve Clement] * Bump dependencies. [Raphaël Vinot] Should fix https://github.com/MISP/MISP/issues/5739 * Quick ransomdncoin test just to make sure the module loads. [chrisr3d] - I do not have any api key right now, so the test should just reach the error * Catching missing config issue. [chrisr3d] ### Fix * [pipenv] Removed duplicated dnsdb2 entry that I missed while merging conflict. [chrisr3d] * Removed debugging print command. [chrisr3d] * [tests] Less specific assertion for the rbl module test. [chrisr3d] * [farsight_passivedns] Fixed pep8 backslash issue. [chrisr3d] * [farsight_passivedns] Fixed issue with variable name. [chrisr3d] * [documentation] Added missing cpe module documentation. [chrisr3d] * [cpe] Fixed typo in vulnerable-configuration object relation fields. [chrisr3d] * [farsight_passivedns] Fixed typo in the lookup fields. [chrisr3d] * [farsight_passivedns] Uncommented mandatory field that was commented for tests. [chrisr3d] * [tests] Small fixes on the expansion tests. [chrisr3d] * [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version. [chrisr3d] * [documentation] Updated links to the scripts, with the default branch no longer being master, but main. [chrisr3d] * Typo. [chrisr3d] * Updated Pipfile. [chrisr3d] * [cpe] Typos and variable name issues fixed + Making the module available in MISP. [chrisr3d] * [cve-advanced] Using the cpe and weakness attribute types. [chrisr3d] * [cve_advanced] Avoiding potential MISP object references issues. [chrisr3d] - Adding objects as dictionaries in an event may cause issues in some cases. It is better to pass the MISP object as is, as it is already a valid object since the MISPObject class is used * [virustotal_public] Resolve key error when user enrich hostname. [chrisr3d] - Same as #424 * [virustotal] Resolve key error when user enrich hostname. [Jakub Onderka] * Typo in EMailObject. [Raphaël Vinot] Fix #427 * Making pep8 happy. [chrisr3d] * Fixed pep8. [chrisr3d] * Fixed pep8 + some copy paste issues introduced with the latest commits. [chrisr3d] * Avoid issues with the attribute value field name. [chrisr3d] - The module setup allows 'value1' as attribute value field name, but we want to make sure that users passing standard misp format with 'value' instead, will not have issues, as well as keeping the current setup * [virustotal] Subdomains is optional in VT response. [Jakub Onderka] * Fixed list of sigma backends. [chrisr3d] * Fixed validators dependency issues. [chrisr3d] - Possible rollback if we get issues with virustotal * Removed multiple spaces to comply with pep8. [chrisr3d] * Making pep8 happy. [chrisr3d] * Removed trustar_import module name in init to avoid validation issues. [chrisr3d] (until it is submitted via PR?) * [circl_passivessl] Return proper error for IPv6 addresses. [Jakub Onderka] * [circl_passivessl] Return not found error. [Jakub Onderka] If passivessl returns empty response, return Not found error instead of error in log * [circl_passivedns] Return not found error. [Jakub Onderka] If passivedns returns empty response, return Not found error instead of error in log * [pep] Comply to PEP E261. [Steve Clement] * [travis] gtcaca has no build directory. [Steve Clement] * [pip] pyfaup required. [Steve Clement] * [doc] corrected filenames for 2 docs. [Christophe Vandeplas] * Making pep8 happy. [chrisr3d] * Catching errors in the reponse of the query to URLhaus. [chrisr3d] * Making pep8 happy with indentation. [chrisr3d] * Making pep8 happy. [chrisr3d] * Removed unused import. [chrisr3d] * Making pep8 happy. [chrisr3d] * Making the module config available so the module works. [chrisr3d] * [VT] Disable SHA512 query for VT. [Jakub Onderka] ### Other * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge pull request #429 from MISP/new_module. [Christian Studer] New module using socialscan to check the availability of an email address or username on some online platforms * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Add: Added documentation for the socialscan new module. [chrisr3d] - Also quick fix of the message for an invalid result or response concerning the queried email address or username * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge pull request #445 from chrisr3d/main. [Christian Studer] Added missing cpe module documentation * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Add: [farsight-passivedns] Optional feature to submit flex queries. [chrisr3d] - The rrset and rdata queries remain the same but with the parameter `flex_queries`, users can also get the results of the flex rrnames & flex rdata regex queries about their domain, hostname or ip address - Results can thus include passive-dns objects containing the `raw_rdata` object_relation added with 0a3e948 * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge pull request #443 from trustar/main. [Alexandre Dulaunoy] fixed typo causing firstSeen and lastSeen to not be pulled from enric… * Fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data. [Jesse Hedden] * Merge pull request #440 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] Farsight passivedns module update * Merge pull request #437 from chrisr3d/main. [Alexandre Dulaunoy] New expansion module to get the vulnerabilities related to a CPE * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge pull request #436 from MISP/new-html-to-markdown. [Christian Studer] new: [expansion] Added html_to_markdown module * Add: Documentation for the html_to_markdown expansion module. [chrisr3d] * Add: Added documentation for the cpe module. [chrisr3d] * Add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities. [chrisr3d] * Merge pull request #432 from JakubOnderka/clamav. [Alexandre Dulaunoy] chg: [clamav] Add reference to original attribute * Merge pull request #431 from JakubOnderka/clamav. [Alexandre Dulaunoy] new: [clamav] Module for malware scan by ClamAV * Merge branch 'main' of github.com:MISP/misp-modules into main. [Raphaël Vinot] * Merge pull request #424 from JakubOnderka/vt-subdomains-fix. [Christian Studer] fix: [virustotal] Resolve key error when user enrich hostname * Merge pull request #426 from hildenjohannes/main. [Alexandre Dulaunoy] Recorded Future module: Add proxy support and User-Agent header * Add proxy support and User-Agent header. [johannesh] * Merge pull request #425 from elhoim/elhoim-patch-1. [Alexandre Dulaunoy] Disable correlation for detection-ratio attribute in virustotal.py * Disable correlation for detection-ratio in virustotal.py. [David André] * Merge pull request #422 from trustar/feat/EN-5047/MISP-manual-update. [Alexandre Dulaunoy] Feat/en 5047/misp manual update * Merge branch 'main' into feat/EN-5047/MISP-manual-update. [Jesse Hedden] * Merge pull request #420 from hildenjohannes/main. [Alexandre Dulaunoy] Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b969… * Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b9694a1627fc. [johannesh] * Merge pull request #417 from trustar/feat/EN-4664/trustar-misp. [Alexandre Dulaunoy] Feat/en 4664/trustar misp * Added description to readme. [Jesse Hedden] * Merge branch 'master' of github.com:trustar/misp-modules into feat/EN-4664/trustar-misp. [Jesse Hedden] * Removed obsoleted module name. [Jesse Hedden] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge pull request #416 from hildenjohannes/main. [Alexandre Dulaunoy] Add Recorded Future module documentation * Improve wording. [johannesh] * Add Recorded Future module documentation. [johannesh] * Add: Specific error message for misp_standard format expansion modules. [chrisr3d] - Checking if the input format is respected and displaying an error message if it is not * Merge pull request #415 from hildenjohannes/main. [Alexandre Dulaunoy] Add Recorded Future expansion module * Add Recorded Future expansion module. [johannesh] * Added comments. [Jesse Hedden] * Added comments. [Jesse Hedden] * Added comments. [Jesse Hedden] * Added error checking. [Jesse Hedden] * Updating to include metadata and alter type of trustar link generated. [Jesse Hedden] * Merge pull request #1 from trustar/feat/EN-4664/trustar-misp. [Jesse Hedden] Feat/en 4664/trustar misp * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Merge pull request #411 from JakubOnderka/vt-subdomains-fix. [Alexandre Dulaunoy] fix: [virustotal] Subdomains is optional in VT response * Merge remote-tracking branch 'origin' into main. [chrisr3d] * Add: Trustar python library added to Pipfile. [chrisr3d] * Merge branch 'trustar-feat/EN-4664/trustar-misp' [chrisr3d] * Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp. [chrisr3d] * Removed obsolete file. [Jesse Hedden] * Corrected variable name. [Jesse Hedden] * Fixed indent. [Jesse Hedden] * Fixed incorrect attribute name. [Jesse Hedden] * Fixed metatag; convert summaries generator to list for error handling. [Jesse Hedden] * Added strip to remove potential whitespace. [Jesse Hedden] * Removed extra parameter. [Jesse Hedden] * Added try/except for TruSTAR API errors and additional comments. [Jesse Hedden] * Added comments and increased page size to max for get_indicator_summaries. [Jesse Hedden] * Uploaded TruSTAR logo. [Jesse Hedden] * Updated client metatag and version. [Jesse Hedden] * Added module documentation. [Jesse Hedden] * Added client metatag to trustar client. [Jesse Hedden] * Ready for code review. [Jesse Hedden] * WIP: initial push. [Jesse Hedden] * Initial commit. not a working product. need to create a class to manage the MISP event and TruStar client. [Jesse Hedden] * Merge pull request #381 from MISP/new_module. [Christian Studer] New module for MALWAREbazaar * Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #407 from JakubOnderka/patch-3. [Alexandre Dulaunoy] fix: [circl_passivessl] Return proper error for IPv6 addresses * Merge pull request #406 from JakubOnderka/ip-port. [Alexandre Dulaunoy] new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port * Merge pull request #405 from JakubOnderka/patch-2. [Alexandre Dulaunoy] fix: [circl_passivedns] Return not found error * Merge pull request #402 from MISP/dependabot/pip/httplib2-0.18.0. [Alexandre Dulaunoy] build(deps): bump httplib2 from 0.17.0 to 0.18.0 * Build(deps): bump httplib2 from 0.17.0 to 0.18.0. [dependabot[bot]] Bumps [httplib2](https://github.com/httplib2/httplib2) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/httplib2/httplib2/releases) - [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG) - [Commits](https://github.com/httplib2/httplib2/compare/v0.17.0...v0.18.0) * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #395 from SteveClement/master. [Steve Clement] chg: [deps] pyfaup seems to be required but not installed * Merge pull request #393 from vmray-labs/update-vmray-module. [Alexandre Dulaunoy] Update vmray_submit module * Update vmray_submit. [Matthias Meidinger] The submit module hat some smaller issues with the reanalyze flag. The source for the enrichment object has been changed and the robustness of user supplied config parsing improved. * Merge pull request #388 from Golbark/censys_expansion. [Christophe Vandeplas] new: usr: Censys Expansion module * Fix variable issue in the loop. [Golbark] * Adding support for more input types, including multi-types. [Golbark] * Add: Added documentation for the latest new modules. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #380 from JakubOnderka/patch-1. [Christian Studer] csvimport: Return error if input is not valid UTF-8 * Csvimport: Return error if input is not valid UTF-8. [Jakub Onderka] * Merge pull request #379 from cudeso/master. [Alexandre Dulaunoy] Cytomic Orion MISP Module * Documentation for Cytomic Orion. [Koen Van Impe] * Update __init__ [Koen Van Impe] * Make Travis (a little bit) happy. [Koen Van Impe] * Cytomic Orion MISP Module. [Koen Van Impe] An expansion module to enrich attributes in MISP and share indicators of compromise with Cytomic Orion * Merge pull request #377 from 0xbennyv/master. [Alexandre Dulaunoy] Added SophosLabs Intelix as expansion module * Removed Unused Import. [bennyv] * Fixed handler error handling for missing config. [bennyv] * Fixed formatting in README.md. [bennyv] * Updated the README.md for SOPHOSLabs Intelix. [bennyv] * Initial Build of SOPHOSLabs Intelix Product. [bennyv] * Merge pull request #374 from M0un/projet-m2-oun-gindt. [Christian Studer] Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No… * Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls. [Mathilde Oun et Vincent Gindt] * Merge pull request #373 from seanthegeek/patch-1. [Christian Studer] Create missing __init__.py for _ransomcoindb * Revert change inteded for other patch. [Sean Whalen] * Install cmake to build faup. [Sean Whalen] * Create __init__.py. [Sean Whalen] * Merge pull request #371 from GlennHD/master. [Christian Studer] Added GeoIP_City and GeoIP_ASN Database Modules * Update geoip_asn.py. [GlennHD] * Update geoip_city.py. [GlennHD] * Added geoip_asn and geoip_city to load. [GlennHD] * Added GeoIP_ASN Enrichment module. [GlennHD] * Added GeoIP_City Enrichment module. [GlennHD] * Added GeoIP City and GeoIP ASN Info. [GlennHD] * Merge pull request #370 from JakubOnderka/vt-query-sha512. [Alexandre Dulaunoy] fix: [VT] Disable SHA512 query for VT * Merge pull request #368 from andurin/lastline_verifyssl. [Christian Studer] Lastline verify_ssl option * Lastline verify_ssl option. [Hendrik] Helps people with on-prem boxes ## v2.4.121 (2020-02-06) ### Fix * Making pep8 happy. [chrisr3d] * [tests] Fixed BGP raking module test. [chrisr3d] ### Other * Merge pull request #367 from joesecurity/master. [Christian Studer] joe: (1) allow users to disable PE object import (2) set 'to_ids' to False * Joe: (1) allow users to disable PE object import (2) set 'to_ids' to False. [Georg Schölly] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #365 from ostefano/analysis. [Alexandre Dulaunoy] change: migrate to analysis API when submitting files to Lastline * Change: migrate to analysis API when submitting tasks to Lastline. [Stefano Ortolani] * Merge pull request #364 from cudeso/master. [Christian Studer] 2nd fix for VT Public module * 2nd fix for VT Public module. [Koen Van Impe] * Fix error message in Public VT module. [Koen Van Impe] ## v2.4.120 (2020-01-21) ### New * Updated ipasn and added vt_graph documentation. [chrisr3d] * Enrichment module for querying APIVoid with domain attributes. [chrisr3d] ### Changes * Making ipasn module return asn object(s) [chrisr3d] - Latest changes on the returned value as string broke the freetext parser, because no asn number could be parsed when we return the full json blob as a freetext attribute - Now returning asn object(s) with a reference to the initial attribute * Bumped pipfile.lock with up-to-date libraries and new vt_graph_api library requirement. [chrisr3d] * Checking attributes category. [chrisr3d] - We check the category before adding the attribute to the event - Checking if the category is correct and if not, doing a case insensitive check - If the category is not correct after the 2 first tests, we simply delete it from the attribute and pymisp will give the attribute a default category value based on the atttribute type, at the creation of the attribute * Regenerated the modules documentation following the latest changes. [chrisr3d] * Updated documentation following the latest changes on the passive dns module. [chrisr3d] * Made circl_passivedns module able to return MISP objects. [chrisr3d] * Updated documentation following the latest changes on the passive ssl module. [chrisr3d] * Made circl_passivessl module able to return MISP objects. [chrisr3d] * Bump dependencies. [Raphaël Vinot] * Install faup in travis. [Raphaël Vinot] * Deactive emails tests, need update. [Raphaël Vinot] * Update email import module, support objects. [Raphaël Vinot] * Bump dependencies. [Raphaël Vinot] ### Fix * Fixed ipasn test input format + module version updated. [chrisr3d] * Updated ipasn test following the latest changes on the module. [chrisr3d] * Typo. [chrisr3d] * Fixed vt_graph imports. [chrisr3d] * Fixed pep8 in the new module and related libraries. [chrisr3d] * Fixed typo on function import. [chrisr3d] * [doc] Added APIVoid logo. [chrisr3d] * Making pep8 happy with whitespace after ':' [chrisr3d] * [tests] With values, tests are always better ... [chrisr3d] * [tests] Fixed copy paste issue. [chrisr3d] * [tests] Fixed error catching in passive dns and ssl modules. [chrisr3d] * [tests] Avoiding issues with btc addresses. [chrisr3d] * Making pep8 happy by having spaces around '+' operators. [chrisr3d] * [tests] Added missing variable. [chrisr3d] * Making pep8 happy. [chrisr3d] * Missing dependency in travis. [Raphaël Vinot] * Properly install pymisp with file object dependencies. [Raphaël Vinot] * Quick variable name fix. [chrisr3d] * OTX tests were failing, new entry. [Raphaël Vinot] * Somewhat broken emails needed some love. [Raphaël Vinot] * MIssing parameter in skip. [Raphaël Vinot] * Missing pushd. [Raphaël Vinot] * Missing sudo. [Raphaël Vinot] ### Other * Merge pull request #361 from VirusTotal/master. [Christian Studer] add vt_graph export module * Add vt-graph-api to the requirements. [Alvaro Garcia] * Add vt_graph export module. [Alvaro Garcia] * Merge pull request #360 from ec4n6/patch-1. [Alexandre Dulaunoy] Fix ipasn.py bug * Update ipasn.py. [Erick Cheng] * Add: Documentation for the new API Void module. [chrisr3d] * Add: [tests] Test case for the APIVoid module. [chrisr3d] * Revert "fix: [tests] Fixed copy paste issue" [chrisr3d] This reverts commit fd711475dd84749063f9ff15961453f90c804101. * Add: Test cases for reworked passive dns and ssl modules. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] ## v2.4.119 (2019-12-03) ### Changes * Bump dependencies. [Raphaël Vinot] * Use MISPObject in ransomcoindb. [Raphaël Vinot] * Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain. [chrisr3d] ### Fix * Making pep8 happy. [chrisr3d] * Fixed AssemblyLine input description. [chrisr3d] * Fixed input types list since domain should not be submitted to AssemblyLine. [chrisr3d] * Making pep8 happy. [chrisr3d] * Added missing AssemblyLine logo. [chrisr3d] * Avoiding KeyError exception when no result is found. [chrisr3d] ### Other * Merge pull request #356 from ostefano/lastline. [Alexandre Dulaunoy] add: Modules to query/import/submit data from/to Lastline * Add: Modules to query/import/submit data from/to Lastline. [Stefano Ortolani] * Revert "Merge pull request #341 from StefanKelm/master" [Raphaël Vinot] This reverts commit 1df0d9152ed3346a9432393177c89e137bfc0c64, reversing changes made to 6042619c6b7fb40fd77b5328f933e67e839e1e83. This PR was a fixing a typo in a test case. The typo is in a 3rd party service. * Merge pull request #341 from StefanKelm/master. [Raphaël Vinot] Update test_expansions.py * Update test_expansions.py. [StefanKelm] Tiniest of typos * Merge branch 'aaronkaplan-master' [Raphaël Vinot] * Oops , use relative import. [aaronkaplan] * Use a helpful user-agent string. [aaronkaplan] * Final url fix. [aaronkaplan] * Revert "fix url" [aaronkaplan] This reverts commit 44130e2bf9842c03fb80245b90a873917b56df74. * Revert "fix url again" [aaronkaplan] This reverts commit c5924aee2543b268b296a57096e636261676b63c. * Fix url again. [aaronkaplan] * Fix url. [aaronkaplan] * Mention the ransomcoindb in the README file as a new module. [aaronkaplan] * Remove pprint. [aaronkaplan] * Initial version of the ransomcoindb expansion module. [aaronkaplan] * Merge pull request #352 from aaronkaplan/patch-1. [Alexandre Dulaunoy] Update README.md * Update README.md. [AaronK] fixes #351 * Add: Added documentation for the AssemblyLine query module. [chrisr3d] * Add: Module to query AssemblyLine and parse the results. [chrisr3d] - Takes an AssemblyLine submission link to query the API and get the full submission report - Parses the potentially malicious files and the IPs, domains or URLs they are connecting to - Possible improvement of the parsing filters in order to include more data in the MISP event * Add: Added documentation and description in readme for the AssemblyLine submit module. [chrisr3d] * Add: Updated python dependencies to include the assemblyline_client library. [chrisr3d] * Add: New expansion module to submit samples and urls to AssemblyLine. [chrisr3d] ## v2.4.118 (2019-11-08) ### Changes * Using EQL module description from blaverick62. [chrisr3d] * [test expansion] Enhanced results parsing. [chrisr3d] * [travis] skip E226 as it's more a question of style. [Alexandre Dulaunoy] * [apiosintds] make flake8 happy. [Alexandre Dulaunoy] * [Pipfile] apiosintDS added as required by new module. [Alexandre Dulaunoy] * [env] Pipfile updated. [Alexandre Dulaunoy] * [pipenv] updated. [Alexandre Dulaunoy] * Avoids returning empty values + easier results parsing. [chrisr3d] * Taking into consideration if a user agent is specified in the module configuration. [chrisr3d] * Updated csv import documentation. [chrisr3d] ### Fix * Fixed csv file parsing. [chrisr3d] * Fixed Xforce Exchange authentication + rework. [chrisr3d] - Now able to return MISP objects - Support of the xforce exchange authentication with apikey & apipassword * Added urlscan & secuirtytrails modules in __init__ list. [chrisr3d] * Avoiding empty config error on passivetotal module. [chrisr3d] * More clarity on the exception raised on the securitytrails module. [chrisr3d] * Better exceptions handling on the passivetotal module. [chrisr3d] * Fixed results parsing for various module tests. [chrisr3d] * Fixed variable name. [chrisr3d] * Bumped Pipfile.lock with the latest libraries versions. [chrisr3d] * Fixed config parsing and the associated error message. [chrisr3d] * Fixed config parsing + results parsing. [chrisr3d] - Avoiding errors with config field when it is empty or the apikey is not set - Parsing all the results instead of only the first one * Fixed VT results. [chrisr3d] * Making urlscan module available in MISP for ip attributes. [chrisr3d] - As expected in the the handler function * Avoiding various modules to fail with uncritical issues. [chrisr3d] - Avoiding securitytrails to fail with an unavailable feature for free accounts - Avoiding urlhaus to fail with input attribute fields that are not critical for the query and results - Avoiding VT modules to fail when a certain resource does not exist in the dataset * Fixed config field parsing for various modules. [chrisr3d] - Same as previous commit * [expansion] Better config field handling for various modules. [chrisr3d] - Testing if config is present before trying to look whithin the config field - The config field should be there when the module is called form MISP, but it is not always the case when the module is queried from somewhere else * [test expansion] Using CVE with lighter results. [chrisr3d] * Avoid issues when some config fields are not set. [chrisr3d] * Updated pipfile.lock with the correct geoip2 library info. [chrisr3d] * Fixed requirements for pymisp and geoip python libraries. [chrisr3d] * Fixed Geoip with the supported python library + fixed Geolite db path management. [chrisr3d] * Removed unused self param turning the associated functions into static methods. [chrisr3d] * Updates following the latest CVE-search version. [chrisr3d] - Support of the new vulnerable configuration field for CPE version > 2.2 - Support of different 'unknown CWE' message * Fixed module names with - to avoid errors with python paths. [chrisr3d] * Fixed tesseract python library issues. [Christian Studer] - Avoiding 'tesseract is not installed or it's not in your path' issues * Using absolute path to open files instead of relative path. [chrisr3d] * Removed unused import\ [chrisr3d] * Handling issues when the otx api is queried too often in a short time. [chrisr3d] * Making pep8 happy. [chrisr3d] * Avoiding empty values + Fixed empty types error + Fixed filename KeyError. [chrisr3d] * Fixed ThreatMiner results parsing. [chrisr3d] * Catching wikidata errors properly + fixed errors parsing. [chrisr3d] * Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true. [chrisr3d] * Handling errors and exceptions for expansion modules tests that could fail due to a connection error. [chrisr3d] * Considering the case of empty results. [chrisr3d] * Catching results exceptions properly. [chrisr3d] * Catching exceptions and results properly depending on the cases. [chrisr3d] * Handling cases where there is no result from the query. [chrisr3d] * DBL spamhaus test. [chrisr3d] * Quick typo & dbl spamhaus test fixes. [chrisr3d] * Fixed pattern parsing + made the module hover only. [chrisr3d] * Travis tests should be happy now. [chrisr3d] * Copy paste syntax error. [chrisr3d] * Fixed greynoise test following the latest changes on the module. [chrisr3d] * Returning results in text format. [chrisr3d] - Makes the hover functionality display the full result instead of skipping the records list * Making pep8 happy. [chrisr3d] * Avoiding errors with uncommon lines. [chrisr3d] - Excluding first from data parsed all lines that are comments or empty - Skipping lines with failing indexes * Fixed unassigned variable name. [chrisr3d] * Removed no longer used variables. [chrisr3d] * Csv import rework & improvement. [chrisr3d] - More efficient parsing - Support of multiple csv formats - Possibility to customise headers - More improvement to come for external csv file * Making pep8 happy. [chrisr3d] * [tests] Fixed tests to avoid config issues with the cve module. [chrisr3d] - Config currently empty in the module, but being updated soon with a pending pull request ### Other * Add: Updated documentation with the EQL export module. [chrisr3d] * Merge branch 'master' of github.com:blaverick62/misp-modules. [chrisr3d] * Added documentation json for new modules. [Braden Laverick] * Updated README to include EQL modules. [Braden Laverick] * Add: Xforce Exchange module tests. [chrisr3d] * Merge pull request #347 from MISP/tests. [Christian Studer] More advanced expansion tests * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Add: Updated documentation with the latest modules info. [chrisr3d] * Updated README with new modules and fixed some links. [chrisr3d] * Add: Added test for vulners module. [chrisr3d] * Add: Added qrcode module test with its test image. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge pull request #346 from blaverick62/master. [Alexandre Dulaunoy] EQL Query Generation Modules * Removed extraneous comments and unused imports. [Braden Laverick] * Fixed python links. [Braden Laverick] * Changed file name to mass eql export. [Braden Laverick] * Fixed comments. [Braden Laverick] * Added ors for compound queries. [Braden Laverick] * Fixed syntax error. [Braden Laverick] * Changed to single attribute EQL. [Braden Laverick] * Added EQL enrichment module. [Braden Laverick] * Fixed string formatting. [Braden Laverick] * Fixed type error in JSON parsing. [Braden Laverick] * Attempting to import endgame module. [Braden Laverick] * Added endgame export to __all__ [Braden Laverick] * Added EQL export test module. [Braden Laverick] * Add: [test expansion] Added various tests for modules with api authentication. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Add: [test expansion] New modules tests. [chrisr3d] - Starting testing some modules with api keys - Testing new apiosintDS module * Merge pull request #344 from davidonzo/master. [Alexandre Dulaunoy] Added apiosintDS module to query OSINT.digitalside.it services * Added apiosintDS module to query OSINT.digitalside.it services. [Davide] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #345 from 0xmilkmix/fix_geoip2. [Alexandre Dulaunoy] updated to geoip2 to support mmdb format * Updated to geoip2 to support mmdb format. [milkmix] * Add: cve_advanced module test + functions to test attributes and objects results. [chrisr3d] * Merge pull request #342 from MISP/tests. [Christian Studer] More expansion tests * Merge branch 'tests' of github.com:MISP/misp-modules into tests. [chrisr3d] * Add: Tests for all the office, libreoffice, pdf & OCR enrich modules. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Add: threatminer module test. [chrisr3d] * Add: Tests for expansion modules with different input types. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #339 from MISP/tests. [Christian Studer] Expansion modules tests update * Add: Added tests for the rest of the easily testable expansion modules. [chrisr3d] - More tests for more complex modules to come soon * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge branch 'tests' of github.com:MISP/misp-modules. [chrisr3d] * Add: Tests for sigma queries and syntax validator modules. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] * Add: More modules tested. [chrisr3d] * Add: Added tests for some expansion modules without API key required. [chrisr3d] - More tests to come * Merge pull request #338 from MISP/features_csvimport. [Christian Studer] Fixed the CSV import module * Merge pull request #335 from FafnerKeyZee/patch-2. [Christian Studer] Travis should not be complaining with the tests after the latest update on "test_cve" * Adding custom API. [Fafner [_KeyZee_]] Adding the possibility to have our own API server. * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #334 from FafnerKeyZee/patch-1. [Alexandre Dulaunoy] Cleaning the error message * Cleaning the error message. [Fafner [_KeyZee_]] The original message can be confusing is the user change to is own API. ## v2.4.116 (2019-09-17) ### Other * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #329 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] Update mkdocs documentation * Fixing Install.md. [8ear] * Fix Install.md. [8ear] * Change Install documentation. [8ear] * Merge pull request #328 from 8ear/8ear-add-docker-capabilitites. [Alexandre Dulaunoy] Add Docker Capabilitites * Add .travis.yml command for docker build. [8ear] * Merge github.com:MISP/misp-modules into 8ear-add-docker-capabilitites. [8ear] * Disable not required package virtualenv for final stage. [8ear] * Fix entrypoint bug. [8ear] * Improve the Dockerfile. [8ear] * Add Dockerfile, Entrypoint and Healthcheck script. [8ear] * Update install doc. [8ear] * Bugfixing for MISP-modules. [8ear] * Add: New parameter to specify a custom CVE API to query. [chrisr3d] - Any API specified here must return the same format as the CIRCL CVE search one in order to be supported by the parsing functions, and ideally provide response to the same kind of requests (so the CWE search works as well) ## v2.4.114 (2019-08-30) ### Changes * [cuckooimport] Handle archives downloaded from both the WebUI and the API. [Pierre-Jean Grenier] ### Fix * Prevent symlink attacks. [Pierre-Jean Grenier] * Have I been pwned API changed again. [Raphaël Vinot] ### Other * Merge pull request #327 from zaphodef/cuckooimport. [Alexandre Dulaunoy] fix: prevent symlink attacks * Merge pull request #326 from zaphodef/cuckooimport. [Alexandre Dulaunoy] chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API ## v2.4.113 (2019-08-19) ### New * Rewrite cuckooimport. [Pierre-Jean Grenier] ### Changes * Update PyMISP version. [Pierre-Jean Grenier] ### Fix * Avoiding issues when no CWE id is provided. [chrisr3d] * Fixed unnecessary dictionary field call. [chrisr3d] - No longer necessary to go under 'Event' field since PyMISP does not contain it since the latest update ### Other * Merge pull request #322 from zaphodef/cuckooimport. [Alexandre Dulaunoy] Rewrite cuckooimport * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Add: Added initial event to reference it from the vulnerability object created out of it. [chrisr3d] ## v2.4.112 (2019-08-02) ### New * First version of an advanced CVE parser module. [chrisr3d] - Using cve.circl.lu as well as the initial module - Going deeper into the CVE parsing - More parsing to come with the CWE, CAPEC and so on ### Changes * [docs] add additional references. [Alexandre Dulaunoy] * [travis] revert. [Alexandre Dulaunoy] * [travis] github token. [Alexandre Dulaunoy] * [travis] mkdocs disabled for the time being. [Alexandre Dulaunoy] * [doc] Fix #317 - update the link to the latest version of the training. [Alexandre Dulaunoy] * [doc] README updated to the latest version. [Alexandre Dulaunoy] * [docs] symbolic link removed. [Alexandre Dulaunoy] * [docs] add logos symbolic link. [Alexandre Dulaunoy] * Add print to figure out what's going on on travis. [Raphaël Vinot] * Bump dependencies. [Raphaël Vinot] * Updated the module to work with the updated VirusTotal API. [chrisr3d] - Parsing functions updated to support the updated format of the VirusTotal API responses - The module can now return objects - /!\ This module requires a high number of requests limit rate to work as expected /!\ * Adding references between a domain and their siblings. [chrisr3d] * Getting domain siblings attributes uuid for further references. [chrisr3d] ### Fix * Using the attack-pattern object template (copy-paste typo) [chrisr3d] * Making pep8 happy. [chrisr3d] * Fixed cvss-score object relation name. [chrisr3d] * Avoid issues when there is no pe field in a windows file sample analysis. [chrisr3d] - For instance: doc file * Avoid adding file object twice if a KeyError exception comes for some unexpected reasons. [chrisr3d] * Testing if file & registry activities fields exist before trying to parse it. [chrisr3d] * Testing if there is some screenshot data before trying to fetch it. [chrisr3d] * Fixed direction of the relationship between files, PEs and their sections. [chrisr3d] - The file object includes a PE, and the PE includes sections, not the other way round * Fixed variable names. [chrisr3d] * Wrong change in last commit. [Raphaël Vinot] * Skip tests on haveibeenpwned.com if 403. Make pep8 happy. [Raphaël Vinot] * Changed the way references added at the end are saved. [chrisr3d] - Some references are saved until they are added at the end, to make it easier when needed - Here we changed the way they are saved, from a dictionary with some keys to identify each part to the actual dictionary with the keys the function add_reference needs, so we can directly use this dictionary as is when the references are added to the different objects * Fixed link in documentation. [chrisr3d] * Avoiding issues with non existing sample types. [chrisr3d] * Undetected urls are represented in lists. [chrisr3d] * Changed function name to avoid confusion with the same variable name. [chrisr3d] * Quick fix on siblings & url parsing. [chrisr3d] * Typo. [chrisr3d] * Parsing detected & undetected urls. [chrisr3d] * Various fixes about typo, variable names, data types and so on. [chrisr3d] * Making pep8 happy. [chrisr3d] ### Other * Merge pull request #319 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] Add `make deploy` to Makefile * Added docker and non-docker make commands. [8ear] * Add `make deploy` [8ear] * Merge pull request #318 from chrisr3d/master. [Christian Studer] Updated cve_advanced module to parse CWE and CAPEC data related to the CVE * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Add: Making vulnerability object reference to its related capec & cwe objects. [chrisr3d] * Add: Parsing CAPEC information related to the CVE. [chrisr3d] * Add: Parsing CWE related to the CVE. [chrisr3d] * Merge pull request #316 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] Add web documentation via mkdocs * Fix Bugs. [8ear] * Fix Fossa in index.md. [8ear] * Delete unused file. [8ear] * Change mkdocs deploy method. [8ear] * Change index.md. [8ear] * Merge branch 'master' into 8ear-add-mkdocs-documentation. [Max H] * Add: Parsing linux samples and their elf data. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Add: Parsing apk samples and their permissions. [chrisr3d] * Add: Added virustotal_public to the list of available modules. [chrisr3d] * Add: TODO comment for the next improvement. [chrisr3d] * Add: [documentation] Updated README and documentation with the virustotal modules changes. [chrisr3d] * Add: Parsing communicating samples returned by domain reports. [chrisr3d] * Add: Parsing downloaded samples as well as the referrer ones. [chrisr3d] * Add: Object for VirusTotal public API queries. [chrisr3d] - Lighter analysis of the report to avoid reaching the limit of queries per minute while recursing on the different elements * Add: Updated README file with the new module description. [chrisr3d] * Change contribute.md. [8ear] * Update index.md. [8ear] * Add mkdocs as a great web documentation. [8ear] * Merge pull request #1 from fossabot/master. [Max H] Add license scan report and status * Add license scan report and status. [fossabot] ## v2.4.110 (2019-07-08) ### New * [doc] Joe Sandbox added in the list. [Alexandre Dulaunoy] * Expansion module to query urlhaus API. [chrisr3d] - Using the next version of modules, taking a MISP attribute as input and able to return attributes and objects - Work still in process in the core part ### Changes * [documentation] Making URLhaus visible from the github page. [chrisr3d] - Because of the white color, the logo was not visible at all * Moved JoeParser class to make it reachable from expansion & import modules. [chrisr3d] * [install] REQUIREMENTS file updated. [Alexandre Dulaunoy] * [install] Pipfile.lock updated. [Alexandre Dulaunoy] * [requirements] Python API wrapper for the Joe Sandbox API added. [Alexandre Dulaunoy] * Bump dependencies. [Raphaël Vinot] * [pep8] try/except # noqa. [Steve Clement] Not sure how to make flake happy on this one. * Updated csvimport to support files from csv export + import MISP objects. [chrisr3d] ### Fix * Added missing add_attribute function. [chrisr3d] * [documentation] Fixed json file name. [chrisr3d] * [documentation] Fixed some description & logo. [chrisr3d] * Testing if an object is not empty before adding it the the event. [chrisr3d] * Making travis happy. [chrisr3d] * Support of the latest version of sigmatools. [chrisr3d] * We will display galaxies with tags. [chrisr3d] * Returning tags & galaxies with results. [chrisr3d] - Tags may exist with the current version of the parser - Galaxies are not yet expected from the parser, nevertheless the principle is we want to return them as well if ever we have some galaxies from parsing a JoeSandbox report. Can be removed if we never galaxies at all * Removed duplicate finalize_results function call. [chrisr3d] * Making pep8 happy + added joe_import module in the init list. [chrisr3d] * Fixed variable name typo. [chrisr3d] * Fixed references between domaininfo/ipinfo & their targets. [chrisr3d] - Fixed references when no target id is set - Fixed domaininfo parsing when no ip is defined * Some quick fixes. [chrisr3d] - Fixed strptime matching because months are expressed in abbreviated format - Made data loaded while the parsing function is called, in case it has to be called multiple times at some point * Making pep8 & travis happy. [chrisr3d] * Added references between processes and the files they drop. [chrisr3d] * Avoiding network connection object duplicates. [chrisr3d] * Avoid creating a signer info object when the pe is not signed. [chrisr3d] * Avoiding dictionary indexes issues. [chrisr3d] - Using tuples as a dictionary indexes is better than using generators... * Avoiding attribute & reference duplicates. [chrisr3d] * Handling case of multiple processes in behavior field. [chrisr3d] - Also starting parsing file activities * Testing if some fields exist before trying to import them. [chrisr3d] - Testing for pe itself, pe versions and pe signature * Removed test print. [chrisr3d] * Fixed output format to match with the recent changes on modules. [chrisr3d] * Making pep8 happy. [chrisr3d] * Checking not MISP header fields. [chrisr3d] - Rejecting fields not recognizable by MISP * Using pymisp classes & methods to parse the module results. [chrisr3d] * Clearer user config messages displayed in the import view. [chrisr3d] * Removed unused library. [chrisr3d] * Make pep8 happy. [chrisr3d] * [pep8] More fixes. [Steve Clement] * [pep8] More pep8 happiness. [Steve Clement] * [pep8] Fixes. [Steve Clement] * Fixed standard MISP csv format header. [root] - The csv header we can find in data produced from MISP restSearch csv format is the one to use to recognize a csv file produced by MISP * Fixed introspection fields for csvimport & goamlimport. [root] - Added format field for goaml so the module is known as returning MISP attributes & objects - Fixed introspection to make the format, user config and input source fields visible from MISP (format also added at the same time) * Fixed libraries import that changed with the latest merge. [root] * Fixed fields parsing to support files from csv export with additional context. [chrisr3d] * Handling the case of Context included in the csv file exported from MISP. [chrisr3d] * Fixed changes omissions in handler function. [chrisr3d] * Fixed object_id variable name typo. [root] * Making json_decode even happier with full json format. [chrisr3d] - Using MISPEvent because it is cleaner & easier - Also cleaner implementation globally * Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part. [chrisr3d] ### Other * Add: [documentation] Added some missing documentation for the most recently added modules. [chrisr3d] * Add: [documentation] Added documentation for Joe Sandbox & URLhaus. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #309 from Kortho/patch-2. [Steve Clement] changed service pointer * Changed service pointer. [Kortho] Changed so the service starts the modules in the venv where they are installed * Merge pull request #308 from Kortho/patch-1. [Steve Clement] Fixed missing dependencies for RHEL install * Fixed missing dependencies for RHEL install. [Kortho] Added dependencies needed for installing the python library pdftotext * Add: Added screenshot of the behavior of the analyzed sample. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #307 from ninoseki/fix-missing-links. [Alexandre Dulaunoy] Fix missing links in README.md * Fix missing links in README.md. [Manabu Niseki] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #306 from MISP/new_module. [Alexandre Dulaunoy] New modules able to return MISP objects * Add: Added new modules to the list. [chrisr3d] * Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #305 from joesecurity/new_module. [Alexandre Dulaunoy] joesandbox_query.py: improve behavior in unexpected circumstances * Joesandbox_query.py: improve behavior in unexpected circumstances. [Georg Schölly] * Add: New expansion module to query Joe Sandbox API with a report link. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'joesecurity-joesandbox_submit' [Alexandre Dulaunoy] * Merge branch 'joesandbox_submit' of https://github.com/joesecurity/misp-modules into joesecurity-joesandbox_submit. [Alexandre Dulaunoy] * Add expansion for joe sandbox. [Georg Schölly] * Merge pull request #304 from joesecurity/new_module. [Alexandre Dulaunoy] add support for url analyses * Support url analyses. [Georg Schölly] * Improve forwards-compatibility. [Georg Schölly] * Add: Parsing MITRE ATT&CK tactic matrix related to the Joe report. [chrisr3d] * Add: Parsing domains, urls & ips contacted by processes. [chrisr3d] * Add: Starting parsing dropped files. [chrisr3d] * Add: Starting parsing network behavior fields. [chrisr3d] * Add: Parsing registry activities under processes. [chrisr3d] * Add: Parsing processes called by the file analyzed in the joe sandbox report. [chrisr3d] * Add: Parsing some object references at the end of the process. [chrisr3d] * Add: [new_module] Module to import data from Joe sandbox reports. [chrisr3d] - Parsing file, pe and pe-section objects from the report file info field - Deeper file info parsing to come - Other fields parsing to come as well * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #300 from cudeso/master. [Alexandre Dulaunoy] Bugfix for "sources" ; do not include as IDS for "access" registry keys * Bugfix for "sources" ; do not include as IDS for "access" registry keys. [Koen Van Impe] - Bugfix to query "operations" in files, mutex, registry - Do not set IDS flag for registry 'access' operations * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * New VMRay modules (#299) [Steve Clement] New VMRay modules * New VMRay modules. [Koen Van Impe] New JSON output format of VMRay Prepare for automation (via PyMISP) with workflow taxonomy tags * Merge pull request #1 from MISP/master. [Koen Van Impe] Sync * Add: Added urlhaus in the expansion modules init list. [root] * Merge branch 'new_module' of https://github.com/MISP/misp-modules into new_module. [root] * Merge branch 'features_csvimport' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] * Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root] * Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] ## v2.4.106 (2019-04-27) ### New * Devel mode. [Raphaël Vinot] Fix #293 * Modules for greynoise, haveibeenpwned and macvendors. [Raphaël Vinot] * Add missing dependency (backscatter) [Raphaël Vinot] * Add systemd launcher. [Raphaël Vinot] * Intel471 module. [Raphaël Vinot] * [btc] Very simple BTC expansion chg: [req] yara-python is preferred. [Steve Clement] * First version of a yara rule creation expansion module. [chrisr3d] * Documentation concerning modules explained in markdown file. [chrisr3d] * Expansion hover module to check spamhaus DBL for a domain name. [chrisr3d] ### Changes * [doc] install of deps updated. [Alexandre Dulaunoy] * Bump REQUIREMENTS. [Raphaël Vinot] * Bump dependencies. [Raphaël Vinot] * [doc] new MISP expansion modules added for PDF, OCR, DOCX, XLSX, PPTX , ODS and ODT. [Alexandre Dulaunoy] * [init] cleanup for pep. [Alexandre Dulaunoy] * [pdf-enrich] updated. [Alexandre Dulaunoy] * [Pipfile] collection removed. [Alexandre Dulaunoy] * Bump dependencies. [Raphaël Vinot] * [doc] Added new dependencies and updated RHEL/CentOS howto. (#295) [Steve Clement] chg: [doc] Added new dependencies and updated RHEL/CentOS howto. * [doc] Added new dependencies and updated RHEL/CentOS howto. [Steve Clement] * [init] removed trailing whitespace. [Alexandre Dulaunoy] * [ocr] re module not used - removed. [Alexandre Dulaunoy] * Bump dependencies, update REQUIREMENTS file. [Raphaël Vinot] * [doc] cuckoo_submit module added. [Alexandre Dulaunoy] * Require python3 instead of python 3.6. [Raphaël Vinot] * [travis] because we all need sudo. [Alexandre Dulaunoy] * [travis] because everyone need a bar. [Alexandre Dulaunoy] * [doc] qrcode and Cisco FireSight added. [Alexandre Dulaunoy] * [qrcode] add requirements. [Alexandre Dulaunoy] * [qrcode] added to the __init__ [Alexandre Dulaunoy] * [qrcode] flake8 needs some drugs. [Alexandre Dulaunoy] * [qrcode] various fixes to make it PEP compliant. [Alexandre Dulaunoy] * Bump dependencies. [Raphaël Vinot] Fix CVE-2019-11324 (urllib3) * Bump Dependencies. [Raphaël Vinot] * [doc] Updated README to reflect current virtualenv efforts. TODO: pipenv. [Steve Clement] * [doc] new modules added. [Alexandre Dulaunoy] * Bump dependencies. [Raphaël Vinot] * Bump dependencies. [Raphaël Vinot] * Bump Requirements. [Raphaël Vinot] * [doc] asciidoctor requirement removed (new PDF module use reportlab) [Alexandre Dulaunoy] * Bump dependencies, add update script. [Raphaël Vinot] * [doc] PDF export. [Alexandre Dulaunoy] * [pdfexport] make flake8 happy. [Alexandre Dulaunoy] * [pipenv] fix the temporary issue that python-yara is not officially released. [Alexandre Dulaunoy] * [requirements] reportlab added. [Alexandre Dulaunoy] * [pipenv] Pipfile.lock updated. [Alexandre Dulaunoy] * [requirements] updated. [Alexandre Dulaunoy] * [PyMISP] dep updated to the latest version. [Alexandre Dulaunoy] * PyMISP requirement. [Alexandre Dulaunoy] * [pypi] Made sure url-normalize installs less stric. [Steve Clement] * [btc_scam_check] fix spacing for making flake 8 happy. [Alexandre Dulaunoy] * [backscatter.io] blind fix regarding undefined value. [Alexandre Dulaunoy] * [doc] backscatter.io updated. [Alexandre Dulaunoy] * [doc] backscatter.io documentation added. [Alexandre Dulaunoy] * [backscatter.io] remove blank line at the end of the file. [Alexandre Dulaunoy] * [backscatter.io] Exception handler fixed for recent version of Python. [Alexandre Dulaunoy] * Bump dependencies. [Raphaël Vinot] * Use pipenv, update bgpranking/ipasn modules. [Raphaël Vinot] * [doc] Nexthink module added. [Alexandre Dulaunoy] * [doc] osquery export module added. [Alexandre Dulaunoy] * [doc] Nexthink export format added. [Alexandre Dulaunoy] * [doc] cannot type today. [Alexandre Dulaunoy] * [intel471] module added. [Alexandre Dulaunoy] * Regenerated documentation markdown file. [chrisr3d] * [onyphe] fix #252. [Alexandre Dulaunoy] * [btc] Removed simple PoC for btc expansion. [Steve Clement] * [doc] btc module added. [Alexandre Dulaunoy] * [doc] generated documentation updated. [Alexandre Dulaunoy] * [doc] btc module added to documentation. [Alexandre Dulaunoy] * [tools] Added psutil as a dependency to detect misp-modules PID. [Steve Clement] * [init] Added try/catch in case misp-modules is already running on a port, or port is in use... [Steve Clement] * Validating yara rules after their creation. [chrisr3d] * [documentation] osquery logo added. [Alexandre Dulaunoy] * [documentation] generated. [Alexandre Dulaunoy] * [docs] Added some missing dependencies and instructions for virtualenv deployment. [Steve Clement] * [doc] documentation generator updated to include links to source code. [Alexandre Dulaunoy] * Changed documentation markdown file name. [chrisr3d] * Structurded data. [chrisr3d] * Modified the mapping dictionary to support misp-objects updates. [chrisr3d] * Modified output format. [chrisr3d] * Add new dependency (oauth2) [Raphaël Vinot] * Dnspython3 has been superseded by the regular dnspython kit. [Raphaël Vinot] * Wikidata module added. [Alexandre Dulaunoy] * SPARQLWrapper added (for wikidata module) [Alexandre Dulaunoy] ### Fix * Re-enable python 3.6 support. [Raphaël Vinot] * CTRL+C is working again. [Raphaël Vinot] Fix #292 * Make flake8 happy. [Raphaël Vinot] * [doc] Small typo fix. [Steve Clement] * Pep8 foobar. [Raphaël Vinot] * Add the new module sin the list of modules availables. [Raphaël Vinot] * Typos in variable names. [Raphaël Vinot] * Remove unused import. [Raphaël Vinot] * Tornado expects a KILL now. [Raphaël Vinot] * [exportpdf] update documentation. [Falconieri] * [exportpdf] custom path parameter. [Falconieri] * [exportpdf] add parameters. [Falconieri] * [exportpdf] mising whitespace. [Falconieri] * [exportpdf] problem on one line. [Falconieri] * [exportpdf] add configmodule parameter for galaxy. [Falconieri] * [reportlab] Textual description parameter. [Falconieri] * [pdfexport] Bugfix on PyMisp exportpdf call. [Falconieri] * Systemd service. [Raphaël Vinot] * Regenerated documentation. [chrisr3d] * Description fixed. [chrisr3d] * Pep8 related fixes. [Raphaël Vinot] * Make flake8 happy. [Raphaël Vinot] * Change in the imports in other sigma module. [Raphaël Vinot] * Change in the imports. [Raphaël Vinot] * Change module name. [Raphaël Vinot] * Allow redis details to be retrieved from environment variables. [Ruiwen Chua] * Remove tests on python 3.5. [Raphaël Vinot] * Make pep8 happy. [Raphaël Vinot] * Removed not valid input type. [chrisr3d] * Cleaned up not used variables. [chrisr3d] * Updated rbl module result format. [chrisr3d] - More readable as str than dumped json * Added Macaddress.io module in the init list. [chrisr3d] * Typo on input type. [chrisr3d] * Fixed type of the result in case of exception. [chrisr3d] - Set as str since some exception types are not jsonable * Added hostname attribute support as it is intended. [chrisr3d] * Threatanalyzer_import - bugfix for TA6.1 behavior. [Christophe Vandeplas] * Displaying documentation items of each module by alphabetic order. [chrisr3d] - Also regenerated updated documentation markdown * Updated yara import error message. [chrisr3d] - Better to 'pip install -I -r REQUIREMENTS' to have the correct yara-python version working for all the modules, than having another one failing with yara hash & pe modules * Specifying a yara-python version that works for hash & pe yara modules. [chrisr3d] * Making yara query an expansion module for single attributes atm. [chrisr3d] * Catching errors while parsing additional info in requests. [chrisr3d] * Reduced logos size. [chrisr3d] * Typo for separator between each explained module. [chrisr3d] * Making python 3.5 happy with the exception type ImportError. [chrisr3d] * Fixed exception type for python 3.5. [chrisr3d] * Fixed exception type. [chrisr3d] * Fixed syntax error. [chrisr3d] * Fixed indentation error. [chrisr3d] * Fixed 1 variable misuse + cleaned up variable names. [chrisr3d] - Fixed use of 'domain' variable instead of 'email' - Cleaned up variable names to avoid redefinition of built-in variables * Avoiding adding attributes that are already in the event. [chrisr3d] * Fixed quick variable issue. [chrisr3d] * Cleaned up test function not used anymore. [chrisr3d] * Multiple attributes parsing support. [chrisr3d] - Fixing one of my previous changes not processing multiple attributes parsing * Removed print. [chrisr3d] * Some cleanup and output types fixed. [chrisr3d] - hashes types specified in output * Quick cleanup. [chrisr3d] * Quick cleanup. [chrisr3d] * Ta_import - bugfixes. [Christophe Vandeplas] * [cleanup] Quick clean up on exception type. [chrisr3d] * [cleanup] Quick clean up on yaml load function. [chrisr3d] * [cleanup] Quick clean up on exception type. [chrisr3d] * Put the report location parsing in a try/catch statement as it is an optional field. [chrisr3d] * Put the stix2-pattern library import in a try statement. [chrisr3d] --> Error more easily caught * Removed STIX related libraries, files, documentation, etc. [chrisr3d] * Avoid trying to build attributes with not intended fields. [chrisr3d] - Previously: if the header field is not an attribute type, then it was added as an attribute field. PyMISP then used to skip it if needed - Now: Those fields are discarded before they are put in an attribute * Using userConfig to define the header instead of moduleconfig. [chrisr3d] * Fixed input & output of the module. [chrisr3d] * Added an object checking. [Christian Studer] - Checking if there are objects in the event, and then if there is at least 1 transaction object - This prevents the module from crashing, but does not guaranty having a valid GoAML file (depending on objects and their relations) * Fixed input & output of the module. [chrisr3d] Also updated some functions * Fixed typo of the aml type for country codes. [chrisr3d] * Typo in references mapping dictionary. [chrisr3d] * Added an object checking. [chrisr3d] - Checking if there are objects in the event, and then if there is at least 1 transaction object - This prevents the module from crashing, but does not guaranty having a valid GoAML file (depending on objects and their relations) * Added the moduleinfo field need to have MISP event in standard format. [chrisr3d] * Missing cve module test. [Alexandre Dulaunoy] * Goamlexport added. [Alexandre Dulaunoy] * Python version in Travis. [Alexandre Dulaunoy] * Solved reading problems for some files. [chrisr3d] * Skipping empty lines. [chrisr3d] * Make travis happy. [Raphaël Vinot] * OpenIOC importer. [Raphaël Vinot] * #137 when a CVE is not found, a return message is given. [Alexandre Dulaunoy] * Use the proper formatting method and not the horrible % one. [Hannah Ward] * Misp-modules are by default installed in /bin. [Alexandre Dulaunoy] * Module_config should be set as introspection relies on it. [Alexandre Dulaunoy] * Types array. [Alexandre Dulaunoy] * Run the server as "python3 misp-modules" [Raphaël Vinot] * Stupid off-by-n line... [Alexandre Dulaunoy] ### Other * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Removed trailing whitespaces. [Sascha Rommelfangen] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * New modules added. [Sascha Rommelfangen] * New requirements for new modules. [Sascha Rommelfangen] * Introduction of new modules. [Sascha Rommelfangen] * Merge remote-tracking branch 'upstream/master' [Steve Clement] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] * Renamed file. [Sascha Rommelfangen] * Renamed module. [Sascha Rommelfangen] * Initial version of OCR expansion module. [Sascha Rommelfangen] * Merge pull request #291 from Evert0x/submitcuckoo. [Alexandre Dulaunoy] Expansion module - File/URL submission to Cuckoo Sandbox * Generate latest version of documentation. [Ricardo van Zutphen] * Document Cuckoo expansion module. [Ricardo van Zutphen] * Use double quotes and provide headers correctly. [Ricardo van Zutphen] * Update Cuckoo module to support files and URLs. [Ricardo van Zutphen] * Update __init__.py. [Evert0x] * Create cuckoo_submit.py. [Evert0x] * Brackets are difficult... [Sascha Rommelfangen] * Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module. [Alexandre Dulaunoy] * Initial version of QR code reader. [Sascha Rommelfangen] Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code. Identified values can be inserted into the event. * Merge branch 'iceone23-patch-1' [Raphaël Vinot] * Create cisco_firesight_manager_ACL_rule_export.py. [iceone23] Cisco Firesight Manager ACL Rule Export module * Merge pull request #289 from SteveClement/master. [Steve Clement] fix: [doc] Small typo fix * Merge remote-tracking branch 'upstream/master' [Steve Clement] * Merge pull request #285 from wesinator/patch-1. [Alexandre Dulaunoy] Fix command highlighting * Fix command highlighting. [Ԝеѕ] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] * Merge pull request #284 from Vincent-CIRCL/master. [Alexandre Dulaunoy] fix: [exportpdf] custom path parameter * Merge pull request #283 from Vincent-CIRCL/master. [Alexandre Dulaunoy] fix: [exportpdf] add parameters * Merge pull request #281 from Vincent-CIRCL/master. [Alexandre Dulaunoy] fix: [exportpdf] add configmodule parameter for galaxy * Merge pull request #282 from cgi1/patch-1. [Alexandre Dulaunoy] Adding virtualenv to apt-get install * Adding virtualenv to apt-get install. [cgi1] * Merge pull request #279 from Vincent-CIRCL/master. [Alexandre Dulaunoy] fix: [reportlab] Textual description parameter * Chr: Restart the modules after update. [Raphaël Vinot] * Fixed a bug when checking malformed BTC addresses. [Sascha Rommelfangen] * Merge remote-tracking branch 'upstream/master' [Steve Clement] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #278 from Vincent-CIRCL/master. [Alexandre Dulaunoy] chg: [pdfexport] Fix pdf export, by calling new PyMISP tool for Misp Event export * Fix [exportpdf] update parameters for links generation. [Falconieri] * Tidy: Remove old dead export code. [Falconieri] * Test 1 - PDF call. [Falconieri] * Print values. [Vincent-CIRCL] * Test update. [Vincent-CIRCL] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #276 from iwitz/patch-1. [Alexandre Dulaunoy] Add RHEL installation instructions * Add: rhel installation instructions. [iwitz] * Add: [doc] Added backscatter.io logo + regenerated documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] * Merge pull request #274 from 9b/master. [Alexandre Dulaunoy] Backscatter.io expansion module * Use the write var on return. [9b] * Stubbed module. [9b] * Add: New module to check if a bitcoin address has been abused. [chrisr3d] - Also related update of documentation * Sometimes server doesn't return expected values. fixed. [Sascha Rommelfangen] * Merge pull request #266 from MISP/pipenv. [Raphaël Vinot] chg: Use pipenv, update bgpranking/ipasn modules, fix imports for sigma * Merge pull request #259 from ruiwen/fix_redis. [Alexandre Dulaunoy] fix: allow redis details to be retrieved from environment variables * Add: [doc] link documentation to README. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #258 from HacknowledgeCH/export_nexthink. [Alexandre Dulaunoy] Export nexthink * Added 2 blank lines to comply w/ pep8. [milkmix] * Removed unused re module. [milkmix] * Added documentation. [milkmix] * Added domain attributes support. [milkmix] * Support for md5 and sha1 hashes. [milkmix] * First export feature: sha1 attributes nxql query. [milkmix] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] * Add: Added missing expansion modules in readme. [chrisr3d] * Add: Completed documentation for expansion modules. [chrisr3d] * Add: Updated more expansion documentation files. [chrisr3d] * Add: Added new documentation for hashdd module. [chrisr3d] * Add: Update to support sha1 & sha256 attributes. [chrisr3d] * Add: More documentation on expansion modules. [chrisr3d] * Add: Started filling some expansion modules documentation. [chrisr3d] * Add: Added yara_query module documentation, update yara_syntax_validator documentation & generated updated documentation markdown. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Add: Added test files for yara to test yara library & potentially yara syntax. [chrisr3d] * Add: Added imphash to input attribute types. [chrisr3d] * Cosmetic output change. [Sascha Rommelfangen] * Debug removed. [Sascha Rommelfangen] * API changes reflected. [Sascha Rommelfangen] * Merge pull request #253 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] Validation of yara rules * Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] * Merge pull request #251 from MISP/rommelfs-patch-4. [Raphaël Vinot] bug fix regarding leftovers between runs * Bug fix regarding leftovers between runs. [Sascha Rommelfangen] * Merge pull request #250 from SteveClement/btc. [Steve Clement] chg: [btc] Removed simple PoC for btc expansion. * Merge pull request #249 from MISP/rommelfs-patch-3. [Steve Clement] added btc_steroids * Added btc_steroids. [Sascha Rommelfangen] * Merge pull request #248 from rommelfs/master. [Sascha Rommelfangen] Pull request for master * Added btc_steroids to the list. [Sascha Rommelfangen] * Initial version of a Bitcoin module. [Sascha Rommelfangen] * Merge pull request #247 from SteveClement/btc. [Alexandre Dulaunoy] new: [module] Added very simple BitCoin expansion/hover module * Merge pull request #245 from chrisr3d/master. [Alexandre Dulaunoy] YARA rules from hashes expansion module * Updated list of modules in readme. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Add: [documentation] osquery logo. [Alexandre Dulaunoy] * Merge pull request #241 from 0xmilkmix/doc_osqueryexport. [Alexandre Dulaunoy] Added basic documentation for OS query * Merge branch 'master' into doc_osqueryexport. [Alexandre Dulaunoy] * Merge pull request #240 from 0xmilkmix/support_osquery_win_named_obj. [Alexandre Dulaunoy] super simple support for mutexes through winbaseobj in osquery 3.3 * Merge branch 'master' into support_osquery_win_named_obj. [Alexandre Dulaunoy] * Merge pull request #242 from 0xmilkmix/module_writting. [Steve Clement] chg: [doc] Additional documentation for export module * Documentation for export module. [milkmix] * Super simple support for mutexes through winbaseobj in osquery 3.3. [milkmix] * Added basic documentation. [milkmix] * Merge pull request #239 from SteveClement/master. [Steve Clement] chg: [docs] Added some missing dependencies and instructions for virtualenv deployment * Merge pull request #237 from 0xmilkmix/export_osquery. [Alexandre Dulaunoy] Export osquery * Merge branch 'master' into export_osquery. [Julien Bachmann] * Merge pull request #232 from CodeLineFi/master. [Alexandre Dulaunoy] macaddres.io module - Date conversion bug fixed * Merge branch 'master' into master. [Alexandre Dulaunoy] * Merge pull request #233 from chrisr3d/documentation. [Christian Studer] Modules documentation * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Updated documentation result file. [chrisr3d] * Add: Added documentation for expansion modules. [chrisr3d] * Add: Started adding logos on documentation for each module. [chrisr3d] * Renamed directory to have consistency in names. [chrisr3d] * Removed documentation about a module deleted from the repository. [chrisr3d] * Merging readme. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] * First try of documentation for import & export modules. [chrisr3d] - Providing information about the general purpose of the modules, their requirements, how to use them (if there are special features), some references about the format concerned or the vendors, and their input and output. - Documentation to be completed by additional fields of documentation and / or more detailed descriptions * Added Documentation explanations on readme file. [chrisr3d] * CSV import documentation first try. [chrisr3d] * GoAML modules documentation first try. [chrisr3d] * Updated README. Added a link to the integration tutorial. [Codelinefi-admin] * Fixed a bug with wrong dates conversion. [Codelinefi-admin] * Merge branch 'vulnersCom-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/vulnersCom/misp-modules into vulnersCom-master. [Alexandre Dulaunoy] * Fixed getting of the Vulners AI score. [isox] * Merge pull request #230 from lctrcl/master. [Alexandre Dulaunoy] * Merge branch 'master' into master. [lctrcl] * Merge pull request #229 from lctrcl/master. [Alexandre Dulaunoy] New vulners module added * HotFix: Vulners AI score. [Igor Ivanov] * Code cleanup and formatting. [Igor Ivanov] * Added exploit information. [Igor Ivanov] * Initial Vulners module PoC. [Igor Ivanov] * Merge pull request #226 from CodeLineFi/master. [Alexandre Dulaunoy] New macaddress.io hover module added * Macaddress.io hover module added. [Codelinefi-admin] * Merge pull request #223 from chrisr3d/master. [Christian Studer] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #222 from chrisr3d/master. [Christian Studer] Clean up + fix of some modules * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #221 from MISP/rommelfs-patch-2. [Alexandre Dulaunoy] fixed typo * Fixed typo. [Sascha Rommelfangen] via #220 * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #218 from surbo/patch-1. [Alexandre Dulaunoy] Update urlscan.py * Update urlscan.py. [SuRb0] Added hash to the search so you can take advantage of the new file down load function on urlscan.io. You can use this to pivot on file hashes and find out domains that hosting the same malicious file. * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #217 from threatsmyth/master. [Alexandre Dulaunoy] Add error handling for DNS failures, reduce imports, and simplify attribute comments * Merge branch 'master' into master. [David J] * Merge pull request #215 from threatsmyth/master. [Alexandre Dulaunoy] Create urlscan.py * Add error handling for DNS failures, reduce imports, and simplify misp_comments. [David J] * Create urlscan.py. [David J] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #214 from chrisr3d/chrisr3d_patch. [Alexandre Dulaunoy] New module to check DBL Spamhaus * Merge branch 'chrisr3d_patch' of github.com:chrisr3d/misp-modules. [chrisr3d] * Add: Added DBL spamhaus module documentation and in expansion init file. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Ta_import - bugfixes for TA 6.1. [Christophe Vandeplas] * Merge pull request #210 from chrisr3d/master. [Christian Studer] Put the report location parsing in a try/catch statement as it is an optional field * Merge pull request #209 from cvandeplas/master. [Christophe Vandeplas] ta_import - support for TheatAnalyzer 6.1 * Ta_import - support for TheatAnalyzer 6.1. [Christophe Vandeplas] * Securitytrails.com expansion module added. [Alexandre Dulaunoy] * Merge pull request #208 from sebdraven/dnstrails. [Alexandre Dulaunoy] module securitytrails * Merge branch 'master' into dnstrails. [sebdraven] * Merge pull request #206 from chrisr3d/master. [Alexandre Dulaunoy] Expansion module displaying SIEM signatures from a sigma rule * Merge branch 'master' into master. [Alexandre Dulaunoy] * Remove the never release Python code in Travis. [Alexandre Dulaunoy] * Remove Python 3.4 and Python 3.7 added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #202 from SteveClement/master. [Alexandre Dulaunoy] Removed test modules from view * - Removed test modules from view - Moved skeleton expansion module to it's proper place. [Steve Clement] * Merge pull request #201 from chrisr3d/master. [Alexandre Dulaunoy] add: STIX2 pattern syntax validator * Add: Experimental expansion module to display the SIEM signatures from a sigma rule. [chrisr3d] * Add: stix2 pattern validator requirements. [chrisr3d] * Add: STIX2 pattern syntax validator. [chrisr3d] * Merge pull request #199 from SteveClement/master. [Alexandre Dulaunoy] Added (Multipage) PDF support to OCR Module, minor refactor * - Reverted to <3.6 compatibility. [Steve Clement] * - Fixed log output. [Steve Clement] * - Forgot to import sys. [Steve Clement] * - Added logger functionality for debug sessions. [Steve Clement] * - content was already a wand.obj. [Steve Clement] * Merge remote-tracking branch 'upstream/master' [Steve Clement] * Threatanalyzer_import - order of category tuned. [Christophe Vandeplas] * Merge branch 'master' of github.com:SteveClement/misp-modules. [Steve Clement] * Merge branch 'master' into master. [Alexandre Dulaunoy] * - Some more comments - Removed libmagic, wand can handle it better. [Steve Clement] * - Set tornado timeout to 300 seconds. [Steve Clement] * - Quick comment ToDo: Avoid using Magic in future releases. [Steve Clement] * - added wand requirement - fixed missing return png byte-stream - move module import to handler to catch and report errorz. [Steve Clement] * - fixed typo move image back in scope. [Steve Clement] * - Added initial PDF support, nothing is processed yet - Test to replace PIL with wand. [Steve Clement] * Change type of status. [Sebdraven] * Remove print. [Sebdraven] * Last commit for release. [Sebdraven] * Add logs. [Sebdraven] * Add searching_stats. [Sebdraven] * Add searching_stats. [Sebdraven] * Correct key. [Sebdraven] * Correct key. [Sebdraven] * Correct param. [Sebdraven] * Add searching domains. [Sebdraven] * Add searching domains. [Sebdraven] * Add return. [Sebdraven] * Add logs. [Sebdraven] * Add whois expand to test. [Sebdraven] * Add whois expand to test. [Sebdraven] * Correct index error. [Sebdraven] * Error call functions. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add status_ok to true. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Correct out of bound returns. [Sebdraven] * Correct key and return of functions. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Correct typo. [Sebdraven] * Test whois history. [Sebdraven] * History whois dns. [Sebdraven] * Correct typo. [Sebdraven] * Rename misp modules. [Sebdraven] * Add a test to check if the list is not empty. [Sebdraven] * Add a test to check if the list is not empty. [Sebdraven] * Add logs. [Sebdraven] * Debug whois. [Sebdraven] * Debug ipv4 or ipv6. [Sebdraven] * Add debug. [Sebdraven] * Debug. [Sebdraven] * Change status. [Sebdraven] * Change history dns. [Sebdraven] * Add logs to debug. [Sebdraven] * Correct call function. [Sebdraven] * Add history mx and soa. [Sebdraven] * Add history dns and handler exception. [Sebdraven] * Add history dns. [Sebdraven] * Switch type ip. [Sebdraven] * Refactoring expand_whois. [Sebdraven] * Correct typo. [Sebdraven] * Add ipv6 and ipv4. [Sebdraven] * Change type. [Sebdraven] * Change type. [Sebdraven] * Change loop. [Sebdraven] * Add time sleep in each request. [Sebdraven] * Control return of records. [Sebdraven] * Add history ipv4. [Sebdraven] * Add logs. [Sebdraven] * Change categories. [Sebdraven] * Concat results. [Sebdraven] * Change name keys. [Sebdraven] * Change return value. [Sebdraven] * Add logs. [Sebdraven] * Change errors. [Sebdraven] * Add logs. [Sebdraven] * Add expand whois. [Sebdraven] * Typo. [Sebdraven] * Add categories and comments. [Sebdraven] * Add expand subdomains. [Sebdraven] * Add expand subdomains. [Sebdraven] * Change categories. [Sebdraven] * Changes keys. [Sebdraven] * Add status ! [Sebdraven] * Add methods. [Sebdraven] * Add expand domains. [Sebdraven] * Add link pydnstrain in requirements. [Sebdraven] * Add new module dnstrails. [Sebdraven] * Merge pull request #198 from chrisr3d/master. [Alexandre Dulaunoy] Sigma syntax validator expansion module + some updates * Updated README to add sigma & some other missing modules. [chrisr3d] * Updated the list of modules (removed stiximport) [chrisr3d] * Add: Sigma syntax validator expansion module. [chrisr3d] --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list * Updated the list of expansion modules. [chrisr3d] * Corrected typos and unused imports. [milkmix] * Added support for scheduledtasks. [milkmix] * Added support for service-displayname, regkey|value. [milkmix] * Initial implementation supporting regkey. mutexes support waiting osquery table. [milkmix] * Merge pull request #197 from sebdraven/onyphe_full_module. [Alexandre Dulaunoy] Onyphe full module * Add return handle domains. [Sebdraven] * Add search. [Sebdraven] * Add domain to expand. [Sebdraven] * Correct bugs. [Sebdraven] * Add domain expansion. [Sebdraven] * Add comment. [Sebdraven] * Correct bugs. [Sebdraven] * Correct comments. [Sebdraven] * Add threat list expansion. [Sebdraven] * Change method to concat methods. [Sebdraven] * Set status after requests. [Sebdraven] * Set status after requests. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Add logs. [Sebdraven] * Pep 8. [Sebdraven] * Correct bug. [Sebdraven] * Add datascan expansion. [Sebdraven] * Add reverse infos. [Sebdraven] * Add reverse infos. [Sebdraven] * Add reverse infos. [Sebdraven] * Add reverse infos. [Sebdraven] * Add forward infos. [Sebdraven] * Add comment of attributes. [Sebdraven] * Add comment of attributes. [Sebdraven] * Error loops. [Sebdraven] * Error method. [Sebdraven] * Error type. [Sebdraven] * Error keys. [Sebdraven] * Add expansion synscan. [Sebdraven] * Change key access domains. [Sebdraven] * Change add in results. [Sebdraven] * Add logs. [Sebdraven] * Correct error keys. [Sebdraven] * Test patries expansion. [Sebdraven] * Add onyphe full module. [Sebdraven] * Add onyphe full module and code the stub. [Sebdraven] * Merge pull request #194 from chrisr3d/master. [Alexandre Dulaunoy] Removed STIX1 related requirements to avoid version issues * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #193 from sebdraven/onyphe_module. [Alexandre Dulaunoy] Onyphe module * Delete vcs.xml. [sebdraven] * Correct codecov. [Sebdraven] * Pep 8 compliant. [Sebdraven] * Correct type of comments. [Sebdraven] * Correct typo. [Sebdraven] * Correct typo. [Sebdraven] * Add domains forward. [Sebdraven] * Add domains. [Sebdraven] * Add targeting os. [Sebdraven] * Add category for AS number. [Sebdraven] * Change keys. [Sebdraven] * Change type. [Sebdraven] * Add category. [Sebdraven] * Add as number with onyphe. [Sebdraven] * Add as number with onyphe. [Sebdraven] * Error indentation. [Sebdraven] * Correct key in map result. [Sebdraven] * Correct a bug. [Sebdraven] * Add pastebin url imports. [Sebdraven] * Add onyphe module. [Sebdraven] * Updated requirements to avoid version issues in the MISP packer installation script. [chrisr3d] * Update countrycode.py. [Andras Iklody] * Add: mixing modules. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #190 from chrisr3d/master. [Alexandre Dulaunoy] Updated csv import following our recent discussions * Updated delimiter finder function. [chrisr3d] * Add: Added user config to specify if there is a header in the csv to import. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #189 from chrisr3d/master. [Andras Iklody] Using userConfig to define the header instead of moduleconfig * Merge pull request #188 from cvandeplas/master. [Christophe Vandeplas] ta import - noise removal * Merge branch 'master' into master. [Christophe Vandeplas] * Merge pull request #187 from cvandeplas/master. [Christophe Vandeplas] threatanalyzer_import - minor generic noise removal * Threatanalyzer_import - minor generic noise removal. [Christophe Vandeplas] * Ta import - more filter for pollution. [Christophe Vandeplas] * Threatanalyzer_import - minor generic noise removal. [Christophe Vandeplas] * Merge pull request #185 from cvandeplas/master. [Christophe Vandeplas] threatanalyzer_import - loads sample info + pollution fix * Threatanalyzer_import - loads sample info + pollution fix. [Christophe Vandeplas] * Merge pull request #184 from cvandeplas/master. [Christophe Vandeplas] threatanalyzer_import - fix regkey issue * Threatanalyzer_import - fix regkey issue. [Christophe Vandeplas] * Merge pull request #177 from TheDr1ver/patch-1. [Alexandre Dulaunoy] fix missing comma * Fix missing comma. [Nick Driver] fix ip-dst and vulnerability input * Merge pull request #176 from cudeso/master. [Alexandre Dulaunoy] Fix VMRay API access error * Fix VMRay API access error. [Koen Van Impe] hotfix for the "Unable to access VMRay API" error * Merge remote-tracking branch 'MISP/master' [Koen Van Impe] * Merge pull request #173 from m3047/master. [Alexandre Dulaunoy] Add exception blocks for query errors. * Add exception blocks for query errors. [Fred Morris] * Merge pull request #170 from P4rs3R/patch-1. [Alexandre Dulaunoy] Improving regex (validating e-mail) * Improving regex (validating e-mail) [x41\x43] Line 48: The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom) and needed to be with start (^) and end ($). This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete. Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14. * Merge pull request #169 from chrisr3d/master. [Alexandre Dulaunoy] Updated GoAML import including Object References * Clarified functions arguments using a class. [chrisr3d] * Add: Added Object References in the objects imported. [chrisr3d] * Merge pull request #168 from chrisr3d/goaml. [Alexandre Dulaunoy] GoAML import module & GoAML export updates * Merge branch 'master' of github.com:MISP/misp-modules into goaml. [chrisr3d] * Merge pull request #167 from chrisr3d/csvimport. [Alexandre Dulaunoy] Updated csvimport * Merge branch 'csvimport' of github.com:chrisr3d/misp-modules into goaml. [chrisr3d] * Removed print. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into csvimport. [chrisr3d] * Merge pull request #165 from chrisr3d/goaml. [Alexandre Dulaunoy] fix: Added an object checking * Add: added goamlimport. [chrisr3d] * Fixed some details about the module output. [chrisr3d] * Converting GoAML into MISPEvent. [chrisr3d] * Now parsing all the transaction attributes. [chrisr3d] * Add: Added dictionary to map aml types into MISP types. [chrisr3d] * Typo. [chrisr3d] * Merge branch 'master' of github.com:chrisr3d/misp-modules into aml_import. [chrisr3d] * Merge pull request #164 from chrisr3d/master. [Alexandre Dulaunoy] Latest fixes to make GoAML export module work * Add: Added an example file generated by GoAML export module. [chrisr3d] * Added GoAML export module in description. [chrisr3d] * Reading the entire document, to create a big dictionary containing the data, as a beginning. [chrisr3d] * Add: new expansion module to check hashes against hashdd.com including NSLR dataset. [Alexandre Dulaunoy] * Merge pull request #163 from chrisr3d/master. [Alexandre Dulaunoy] GoAML export * Typo. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162. [Andras Iklody] * Explicit name. [chrisr3d] Avoiding confusion with the coming import module for goaml * Added "t_to" and "t_from" required fields: funds code & country. [chrisr3d] * Added a required field & the latest attributes in transaction. [chrisr3d] * Added report expected information fields. [chrisr3d] * Simplified ObjectReference dictionary reading. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * Add: YARA syntax validator. [Alexandre Dulaunoy] * Merge pull request #161 from eCrimeLabs/ecrimelabs_dev. [Alexandre Dulaunoy] Added Yara syntax validation expansion module * Added Yara syntax validation expansion module. [Dennis Rand] * Added some report information. [chrisr3d] Also changed the ObjectReference parser to replace all the if conditions by a dictionary reading * Suporting the recent objects added to misp-objects. [chrisr3d] - Matching the aml documents structure - Some parts of the document still need to be added * Wip: added location & signatory information. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-modules into test. [chrisr3d] * Merge pull request #157 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] added csvimport to __init__.py * Added csvimport to __init__.py. [Thomas Gardner] * Add: CSV import module added. [Alexandre Dulaunoy] * Outputting xml format. [chrisr3d] Also mapping MISP and GoAML types * First tests for the GoAML export module. [chrisr3d] * Merge pull request #156 from chrisr3d/master. [Alexandre Dulaunoy] CSV import * Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] * 3.7-alpha removed. [Alexandre Dulaunoy] * Updated delimiter finder method. [chrisr3d] * Fixed data treatment & other updates. [chrisr3d] * Updated delimiter parsing & data reading functions. [chrisr3d] * First version of csv import module. [chrisr3d] - If more than 1 misp type is recognized, for each one an attribute is created - Needs to have header set by user as parameters of the module atm - Review needed to see the feasibility with fields that can create confusion and be interpreted both as misp type or attribute field (for instance comment is a misp type and an attribute field) * Merge pull request #154 from cvandeplas/master. [Raphaël Vinot] added CrowdStrike Falcon Intel Indicators expansion module * Added CrowdStrike Falcon Intel Indicators expansion module. [Christophe Vandeplas] * Add: RBL added. [Alexandre Dulaunoy] * Merge pull request #150 from chrisr3d/master. [Alexandre Dulaunoy] RBL check module * Merge github.com:MISP/misp-modules. [chrisr3d] * Merge pull request #149 from cvandeplas/master. [Alexandre Dulaunoy] Added ThreatAnalyzer sandbox import * Added ThreatAnalyzer sandbox import. [Christophe Vandeplas] Experimental module - some parts should be migrated to * Check an IPv4 address against known RBLs. [chrisr3d] * Fix farsight_passivedns - rdata 404 not found. [Christophe Vandeplas] * Added ThreatStream and PDF export. [Alexandre Dulaunoy] * Merge branch 'robertnixon2003-master' + a small fix. [Alexandre Dulaunoy] * Fix the __init__ import. [Alexandre Dulaunoy] * Update threatStream_misp_export.py. [Robert Nixon] * Updated __init__.py. [Robert Nixon] Added reference to new ThreatStream export module * Added threatStream_misp_export.py. [Robert Nixon] * Merge branch 'cvandeplas-master' [Alexandre Dulaunoy] * Fixes missing init file in dnsdb library folder. [Christophe Vandeplas] * New Farsight DNSDB Passive DNS expansion module. [Christophe Vandeplas] * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * Merge pull request #144 from attritionorg/patch-1. [Andras Iklody] minor touch-ups on error messages for user friendliness * Minor touch-ups on error messages for user friendliness. [Jericho] * Merge pull request #140 from cudeso/master. [Alexandre Dulaunoy] VulnDB Queries * VulnDB Queries. [Koen Van Impe] Search on CVE at https://vulndb.cyberriskanalytics.com/ https://www.riskbasedsecurity.com/ Get extended CVE info, links + CPE * Merge remote-tracking branch 'MISP/master' [Koen Van Impe] * Add quick and dirty pdf export. [Raphaël Vinot] * Merge pull request #139 from Rafiot/master. [Raphaël Vinot] fix: OpenIOC importer * Merge pull request #135 from DomainTools/domaintools-patch-1. [Raphaël Vinot] Added code to allow 3rd party modules * Added default parameter for new -m flag. [Viktor von Drakk] * Added code to allow 3rd party modules. [Viktor von Drakk] The new '-m pip.module.name' feature allows a pip-installed module to be specified on the command line and then loaded into the available modules without having to copy-paste files into the appropriate directories of this package. * Broken links fixed. [Alexandre Dulaunoy] * ThreatConnect export module added. [Alexandre Dulaunoy] * Merge pull request #133 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] ThreatConnect export module * Added threat_connect_export to export_mod.__init__ [Thomas Gardner] * Added test files for threat_connect_export. [Thomas Gardner] * Added threat_connect_export.py. [Thomas Gardner] * Merge pull request #129 from seamustuohy/utf_hate. [Raphaël Vinot] Added support for malformed internationalized email headers * Added support for malformed internationalized email headers. [seamus tuohy] When an emails contains headers that use Unicode without properly crafing them to comform to RFC-6323 the email import module would crash. (See issue #119 & issue #93) To address this I have added additional layers of encoding/decoding to any possibly internationalized email headers. This decodes properly formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately. When an unknown encoding is encountered it is returned as an 'encoded-word' per RFC2047. This commit also adds unit-tests that tests properly formed and malformed UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8, UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers and attachment file names. * Merge branch 'master' into utf_hate. [seamus tuohy] * Added unit tests for UTF emails. [seamus tuohy] * OTX and ThreatCrowd added. [Alexandre Dulaunoy] * Merge pull request #130 from chrisdoman/master. [Alexandre Dulaunoy] Add AlienVault OTX and ThreatCrowd Expansions * Add AlienVault OTX and ThreatCrowd Expansions. [Chris Doman] * Use proper version of PyMISP. [Raphaël Vinot] * Update travis, fix open ioc import. [Raphaël Vinot] * Merge pull request #122 from truckydev/master. [Alexandre Dulaunoy] Add tags on import with ioc import module * Replace tab by space. [Tristan METAYER] * Add a field for user to add tag for this import. [Tristan METAYER] * Merge pull request #121 from truckydev/master. [Andras Iklody] If filename add iocfilename as attachment * Typo correction. [Tristan METAYER] * Add user config to not add file as attachement in a box. [Tristan METAYER] * If filename add iocfilename as attachment. [Tristan METAYER] * Merge pull request #118 from truckydev/master. [Alexandre Dulaunoy] Add indent field for export * Add indent field for export. [Tristan METAYER] * Merge pull request #115 from FloatingGhost/master. [Alexandre Dulaunoy] fix: Use the proper formatting method and not the horrible % one * Missing expansion modules added in README. [Alexandre Dulaunoy] * ThreatMiner added. [Alexandre Dulaunoy] * Merge pull request #114 from kx499/master. [Alexandre Dulaunoy] ThreatMiner Expansion module * Bug fixes. [kx499] * Threatminer initial commit. [kx499] * Cosmetic changes. [Raphaël Vinot] * Merge pull request #111 from kx499/master. [Raphaël Vinot] Handful of changes to VirusTotal module * Bug fixes, tweaks, and python3 learning curve :) [kx499] * Initial commit of IPRep module. [kx499] * Fixed spacing, addressed error handling for public api, added subdomains, and added context comment. [kx499] * OpenIOC import module added. [Alexandre Dulaunoy] * Add OpenIOC import module. [Raphaël Vinot] * Merge pull request #109 from truckydev/master. [Alexandre Dulaunoy] add information about offline installation * Add information about offline installation. [truckydev] * Merge pull request #106 from truckydev/master. [Alexandre Dulaunoy] Lite export of an event * Exclude internal reference. [Tristan METAYER] * Add lite Export module. [Tristan METAYER] * Merge pull request #100 from rmarsollier/master. [Alexandre Dulaunoy] Some improvements of virustotal plugin * Some improvements of virustotal plugin. [rmarsollier] * Merge pull request #96 from johestephan/master. [Raphaël Vinot] XForce Exchange v1 (alpha) * Passed local run check. [Joerg Stephan] * V1. [Joerg Stephan] * Removed urrlib2. [Joerg Stephan] * Python3 changes. [Joerg Stephan] * Merged xforce exchange. [Joerg Stephan] * XForce Exchange v1 (alpha) [Joerg Stephan] * Merge pull request #56 from RichieB2B/ncsc-nl/mispjson. [Alexandre Dulaunoy] Simple import module to import MISP JSON format * Updated description to reflect merging use case. [Richard van den Berg] * Simple import module to import MISP JSON format. [Richard van den Berg] * Merge pull request #92 from seamustuohy/duck_typing_failure. [Alexandre Dulaunoy] Email import no longer unzips major compressed text document formats. * Email import no longer unzips major compressed text document formats. [seamus tuohy] Let this commit serve as a warning about the perils of duck typing. Word documents (docx,odt,etc) were being uncompressed when they were attached to emails. The email importer now checks a list of well known extensions and will not attempt to unzip them. It is stuck using a list of extensions instead of using file magic because many of these formats produce an application/zip mimetype when scanned. * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * Merge pull request #91 from Rafiot/master. [Raphaël Vinot] Improve email import module * Keep zip content as binary. [Raphaël Vinot] * Fix tests, cleanup. [Raphaël Vinot] * Improve support of email attachments. [Raphaël Vinot] Related to #90 * Merge pull request #89 from Rafiot/fix_87. [Raphaël Vinot] Improve VT support. * Standardised key checking. [Hannah Ward] * Fixed checking for submission_names in VT JSON. [Hannah Ward] * Update virustotal.py. [CheYenBzh] * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * Training materials updated + Cuckoo JSON import module was missing. [Alexandre Dulaunoy] * Improve support of email importer if headers are missing. [Raphaël Vinot] Fix #88 * Remove python 3.3 support. [Raphaël Vinot] * Fix python 3.6 support. [Raphaël Vinot] * Make PEP8 happy. [Raphaël Vinot] * Add email_import in the modules loaded by default. [Raphaël Vinot] * Make PEP8 happy. [Raphaël Vinot] * Fix failing test (bug in the mail parser?) [Raphaël Vinot] * Add additional email parsing and tests. [seamus tuohy] Added additional attribute parsing and corresponding unit-tests. E-mail attachment and url extraction added in this commit. This includes unpacking zipfiles and simple password cracking of encrypted zipfiles. * Fixed basic errors. [seamus tuohy] * Merged with current master. [seamus tuohy] * Merge pull request #85 from rmarsollier/master. [Raphaël Vinot] add libjpeg-dev as a dep to allow pillow to be installed succesfully * Add libjpeg-dev as a dep to allow pillow to be installed succesfully. [robin.marsollier@conix.fr] * GeoIP module added. [Alexandre Dulaunoy] * Merge pull request #84 from MISP/amuehlem-master. [Raphaël Vinot] Fix PR * Do not crash if the dat file is not available. [Raphaël Vinot] * Fix path to config file. [Raphaël Vinot] * Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master. [Raphaël Vinot] * Added empty line to end of config file. [Andreas Muehlemann] * Removed DEFAULT section from configfile. [Andreas Muehlemann] * Fixed more typos. [Andreas Muehlemann] * Fixed typo. [Andreas Muehlemann] * Changed configparser from python2 to python3. [Andreas Muehlemann] * Updated missing parenthesis. [Andreas Muehlemann] * Merge branch 'geoip_country' [Andreas Muehlemann] * Removed unneeded config option for misp. [Andreas Muehlemann] * Removed debug message. [Andreas Muehlemann] * Added config option to geoip_country.py. [Andreas Muehlemann] * Added pygeoip to the REQUIREMENTS list. [Andreas Muehlemann] * Updated geoip_country to __init__.py. [Andreas Muehlemann] * Added geoip_country.py. [Andreas Muehlemann] * Better error reporting. [Raphaël Vinot] * Catch exception. [Raphaël Vinot] * Add reverse lookup. [Raphaël Vinot] * Refactoring of domaintools expansion module. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * Merge pull request #83 from stoep/master. [Alexandre Dulaunoy] Added cuckooimport.py * Added cuckooimport.py. [Ubuntu] * DomainTools module added. [Alexandre Dulaunoy] * Remove domaintools tests. [Raphaël Vinot] * Add test for domaintools. [Raphaël Vinot] * Merge pull request #78 from deralexxx/patch-2. [Alexandre Dulaunoy] Update README.md * Update README.md. [Alexander J] mentioning import / export modules * Merge pull request #76 from deralexxx/patch-1. [Alexandre Dulaunoy] Update README.md * Update README.md. [Alexander J] * Merge pull request #75 from Rafiot/domtools. [Raphaël Vinot] Add Domain Tools module * Update requirements list. [Raphaël Vinot] * Add domaintools to the import list. [Raphaël Vinot] * Fix Typo. [Raphaël Vinot] * Add domain profile and reputation. [Raphaël Vinot] * Add more comments. [Raphaël Vinot] * Fix typo. [Raphaël Vinot] * Remove json.dumps. [Raphaël Vinot] * Avoid passing None in comments. [Raphaël Vinot] * Add comments to fields when possible. [Raphaël Vinot] * Add initial Domain Tools module. [Raphaël Vinot] * Merge pull request #74 from cudeso/master. [Raphaël Vinot] Extra VTI detections * Merge remote-tracking branch 'MISP/master' [Koen Van Impe] * Update README.md. [Raphaël Vinot] * Merge pull request #73 from FloatingGhost/master. [Raphaël Vinot] Use SpooledTemp, not NamedTemp file * Use git for everything we can. [Hannah Ward] * Ok we'll use the dep from misp-stix-converter. Surely this'll work? [Hannah Ward] * Use the CIRCL pymisp. Silly @rafiot ;) [Hannah Ward] * Travis should now use the master branch. [Hannah Ward] * Maybe it'll take the git repo now? [Hannah Ward] * Added pymisp to reqs. [Hannah Ward] * Don't cache anything pls travis. [Hannah Ward] * Removed unneeded modules. [Hannah Ward] * Use SpooledTemp, not NamedTemp file. [Hannah Ward] * VMRay import module added. [Alexandre Dulaunoy] * Merge pull request #72 from FloatingGhost/master. [Raphaël Vinot] Migrated stiximport to use misp-stix-converter * Moved to misp_stix_converter. [Hannah Ward] * Merge pull request #70 from cudeso/master. [Raphaël Vinot] Submit malware samples * Extra VTI detections. [Koen Van Impe] * Submit malware samples. [Koen Van Impe] _submit now includes malware samples (zipped content from misp) _import checks when no vti_results are returned + bugfix * Fix STIX import module. [Raphaël Vinot] * Multiple clanges in the vmray modules. [Raphaël Vinot] * Generic fix to load modules requiring a local library * Fix python3 support * PEP8 related cleanups * Merge pull request #68 from cudeso/master. [Andras Iklody] VMRay Import & Submit module * VMRay Import & Submit module. [Koen Van Impe] * First commit * No support for archives (yet) submit * Merge pull request #59 from rgraf/master. [Alexandre Dulaunoy] label replaced by text, which is existing attribute * Label replaced by text, which is existing attribute. [Roman Graf] * Adding basic test mockup. [seamus tuohy] * Adding more steps to module testing. [seamus tuohy] * Added attachment and url support. [seamus tuohy] * Added email meta-data import module. [seamus tuohy] This email meta-data import module collects basic meta-data from an e-mail and populates an event with it. It populates the email subject, source addresses, destination addresses, subject, and any attachment file names. This commit also contains unit-tests for this module as well as updates to the readme. Readme updates are additions aimed to make it easier for outsiders to build modules. * Merge pull request #58 from rgraf/master. [Alexandre Dulaunoy] Added expansion for Wikidata. * Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. [Roman Graf] * Merge pull request #55 from amuehlem/reversedns. [Raphaël Vinot] added new module reversedns.py, added reversedns to __init__.py * Added new module reversedns.py, added reversedns to __init__.py. [Andreas Muehlemann] * Merge pull request #53 from MISP/Rafiot-patch-1. [Alexandre Dulaunoy] Dump host info as text * Dump host info as text. [Raphaël Vinot] * Fix typo. [Raphaël Vinot] * Merge pull request #52 from Rafiot/master. [Alexandre Dulaunoy] Add simple Shodan module * Add simple Shodan module. [Raphaël Vinot] * Merge pull request #49 from FloatingGhost/master. [Alexandre Dulaunoy] Removed useless pickle storage of stiximport * Removed useless pickle storage of stiximport. [Hannah Ward] * Create LICENSE. [Alexandre Dulaunoy] * Update README.md. [Andras Iklody] * Typo fixed. [Alexandre Dulaunoy] * CEF export module added. [Alexandre Dulaunoy] * Cef_export module added. [Alexandre Dulaunoy] * Merge pull request #47 from FloatingGhost/CEF_Export. [Alexandre Dulaunoy] CEF export, fixes in CountryCode, virustotal * Removed silly subdomain module. [Hannah Ward] * Added CEF export module. [Hannah Ward] * Now searches within observable_compositions. [Hannah Ward] * Removed calls to print. [Hannah Ward] * Added body.json to gitignore. [Hannah Ward] * Added virustotal tests. [Hannah Ward] * CountryCode JSON now is only grabbed once per server run. [Hannah Ward] * Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] * Merge pull request #46 from Rafiot/master. [Raphaël Vinot] Make misp-modules really asynchronous * Add timeout for the modules, cleanup. [Raphaël Vinot] * Fix python 3.3 and 3.4. [Raphaël Vinot] * Make misp-modules really asynchronous. [Raphaël Vinot] * Improve tornado parallel. [Raphaël Vinot] * Coroutine decorator added to post handler. [Alexandre Dulaunoy] * -d option added - enabling debug on queried modules. [Alexandre Dulaunoy] * New modules added to __init__ [Alexandre Dulaunoy] * README updated for the new modules. [Alexandre Dulaunoy] * Merge pull request #45 from FloatingGhost/master. [Alexandre Dulaunoy] 2 new modules -- VirusTotal and CountryCode * Modified readme with virustotal/countrycode. [Hannah Ward] * Added virustotal module. [Hannah Ward] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] * Merge pull request #44 from Rafiot/travis. [Alexandre Dulaunoy] Add coverage, update logging * Add coverage, update logging. [Raphaël Vinot] * Merge pull request #43 from FloatingGhost/master. [Alexandre Dulaunoy] StixImport now uses TemporaryFile rather than a named file in /tmp * Improved virustotal module. [Hannah Ward] * Added countrycode, working on virustotal. [Hannah Ward] * Added lookup by country code. [Hannah Ward] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] * Fix a link to the STIX import module reference. [Alexandre Dulaunoy] * Stiximport now uses temporary files to store stix data. [Hannah Ward] Set max size in config, in bytes * Merge pull request #42 from MISP/pr/41. [Alexandre Dulaunoy] Cleanup on the stix import module * Merge remote-tracking branch 'origin/master' into pr/41. [Raphaël Vinot] * Add info about the import modules. [Alexandre Dulaunoy] * Make PEP8 happy \o/ [Raphaël Vinot] * Move stiximport.py to misp_modules/modules/import_mod/ [Raphaël Vinot] * There was a missing comma. [Hannah Ward] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #40 from Rafiot/master. [Alexandre Dulaunoy] Remove bin script, use cleaner way. Fix last commit. * Remove bin script, use cleaner way. Fix last commit. [Raphaël Vinot] * Merge pull request #39 from Rafiot/master. [Alexandre Dulaunoy] Use entry_points instead of scripts in the install. * Use entry_points instead of scripts. [Raphaël Vinot] * Pip --upgrade must be always called (to have modules updated) [Alexandre Dulaunoy] * Added STIX to setup.py. [Hannah Ward] * Added STIX to reqs. [Hannah Ward] * Merge branch 'stix_import' [Hannah Ward] * Added tests, also disregards related_observables. Because they're useless. [Hannah Ward] * Fixed observables within an indicator not being added. [Hannah Ward] * Stiximport will now consume campaigns. [Hannah Ward] * Stiximport will now identify file hashes. [Hannah Ward] * I can't spell. [Hannah Ward] * Added STIXImport to readme. [Hannah Ward] * Threat actors now get imported by stix. [Hannah Ward] * Added docs to stiximport. [Hannah Ward] * Added stix import -- works for IPs/Domains. [Hannah Ward] * Update to the DNS module to support domain|ip. [iglocska] * Small change to the skeleton export. [iglocska] * Merge remote-tracking branch 'origin/import-test' [iglocska] * Added test export module. [Iglocska] * Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] * Merge pull request #37 from Rafiot/master. [Raphaël Vinot] Update documentation. * Update documentation. [Raphaël Vinot] Fix https://github.com/MISP/MISP/issues/1424 * Merge branch 'import-test' of github.com:MISP/misp-modules into import-test. [Alexandre Dulaunoy] * Merge pull request #36 from Rafiot/import-test. [Alexandre Dulaunoy] Pass the server port as integer to the uwhois client * Pass the server port as integer to the uwhois client. [Raphaël Vinot] * Merge pull request #35 from Rafiot/import-test. [Alexandre Dulaunoy] Add whois module * Add whois module. [Raphaël Vinot] * First version of an Optical Character Recognition (OCR) module for MISP. [Alexandre Dulaunoy] * First version of the import skeleton. [Iglocska] * Added simple import skeleton. [Iglocska] * Merge pull request #33 from Rafiot/master. [Raphaël Vinot] fix: run the server as "python3 misp-modules" * Added category to the return format description. [Iglocska] * Merge pull request #31 from treyka/patch-1. [Alexandre Dulaunoy] Refine the installation procedure * Refine the installation procedure. [Trey Darley] Tweak this to make it more inline with the MISP installation docs, start misp-modules at startup via /etc/rc.local * Install documentation updated. [Alexandre Dulaunoy] * Merge pull request #28 from Rafiot/pip. [Alexandre Dulaunoy] Make it a package * Also run travis tests on the system-wide instance. [Raphaël Vinot] * Fix typos in the readme. [Raphaël Vinot] * Fix travis. [Raphaël Vinot] * Make sure misp-modules can be launched from anywhere. [Raphaël Vinot] * Proper testcases. [Raphaël Vinot] * Make it a package. [Raphaël Vinot] * Merge pull request #29 from iglocska/master. [Alexandre Dulaunoy] Added skeleton structure for new modules * Added skeleton structure for new modules. [Iglocska] * Fixed a bug introduced by previous commit if started from the current directory. [Alexandre Dulaunoy] * Merge pull request #26 from Rafiot/master. [Alexandre Dulaunoy] Automatic chdir when the modules are started * Automatic chdir when the modules are started. [Raphaël Vinot] * Merge pull request #25 from eu-pi/eupi_expansion_fix. [Alexandre Dulaunoy] [EUPI] Fix expansion for empty EUPI response * [EUPI] Fix expansion for empty EUPI response. [Rogdham] Offer no enrichment instead of displaying an error message * Merge pull request #24 from eu-pi/eupi_hover. [Alexandre Dulaunoy] [EUPI] Change module for a simple hover status * [EUPI] Simplify hover. [Rogdham] * Merge pull request #23 from Rafiot/master. [Raphaël Vinot] [EUPI] Return error message if unknown * [EUPI] Return error message is unknown. [Raphaël Vinot] * Merge pull request #22 from Rafiot/master. [Raphaël Vinot] [EUPI] Do not return empty results * [EUPI] Do not return empty results. [Raphaël Vinot] * ASN History added. [Alexandre Dulaunoy] * Merge pull request #21 from Rafiot/master. [Raphaël Vinot] [ASN description] Fix input type * [ASN description] Fix input type. [Raphaël Vinot] * Merge pull request #20 from Rafiot/master. [Raphaël Vinot] Add ASN Description expansion module * Add ASN Description expansion module. [Raphaël Vinot] * Merge pull request #19 from Rafiot/master. [Raphaël Vinot] Fix last commit * Fix last commit. [Raphaël Vinot] * Merge pull request #18 from Rafiot/master. [Raphaël Vinot] Improve rendering of IP ASN * Improve rendering of IP ASN. [Raphaël Vinot] * Merge pull request #17 from Rafiot/master. [Raphaël Vinot] Fix again IPASN module * Fix again IPASN module. [Raphaël Vinot] * Merge pull request #16 from Rafiot/master. [Raphaël Vinot] Fix IPASN module * Fix IPASN module. [Raphaël Vinot] * Ipasn module added. [Alexandre Dulaunoy] * Merge pull request #15 from Rafiot/master. [Alexandre Dulaunoy] Add IPASN history module * Add IPASN history module. [Raphaël Vinot] * Merge pull request #14 from eu-pi/listen-addr. [Alexandre Dulaunoy] Add option to specify listen address * Add option to specify listen address. [Rogdham] * EUPI module added. [Alexandre Dulaunoy] * Merge pull request #13 from Rafiot/master. [Raphaël Vinot] Fix eupi module * Fix eupi module. [Raphaël Vinot] * Merge pull request #12 from Rafiot/master. [Raphaël Vinot] Add EUPI module * Add redis server. [Raphaël Vinot] * Add EUPI module. [Raphaël Vinot] * Skip modules that cannot import. [Alexandre Dulaunoy] * Skip dot files. [Alexandre Dulaunoy] * Value is not required. [Alexandre Dulaunoy] * Cache helper added. [Alexandre Dulaunoy] The cache helper is a simple helper to cache data in Redis back-end. The format in the cache is the following: m::sha1(key) -> value. Default expiration is 86400 seconds. * Skeleton for misp-modules helpers added. [Alexandre Dulaunoy] Helpers will support modules with basic functionalities like caching or alike. * Option -p added to specify the TCP port of the misp-modules server. [Alexandre Dulaunoy] * Intelmq req. removed. [Alexandre Dulaunoy] * Argparse used for the test mode. [Alexandre Dulaunoy] * Deleted. [Alexandre Dulaunoy] * Intelmq is an experimental module (not production ready) [Alexandre Dulaunoy] * Merge pull request #11 from Rafiot/master. [Raphaël Vinot] Fix test mode * Fix test mode. [Raphaël Vinot] * Fix install commands. [Raphaël Vinot] * Add Travis logo. [Raphaël Vinot] * Merge pull request #10 from Rafiot/travis. [Raphaël Vinot] Add basic travis file * Add basic travis file. [Raphaël Vinot] * Merge pull request #9 from Rafiot/master. [Alexandre Dulaunoy] Please PEP8 on all expansions * Merge branch 'master' of https://github.com/MISP/misp-modules. [Raphaël Vinot] * Merge pull request #8 from aaronkaplan/master. [Alexandre Dulaunoy] initial example of intelmq connector/enrichtment. Need to change to u… * Initial example of intelmq connector/enrichtment. Need to change to use the eventDB RESTful API, not the postgresql DB. [aaronkaplan] * Update README.md. [Raphaël Vinot] * Dns module test with option added. [Alexandre Dulaunoy] * New modules added. [Alexandre Dulaunoy] * Dns MISP module - option to specify nameserver added. [Alexandre Dulaunoy] * Slides reference added. [Alexandre Dulaunoy] * Add missing requirements. [Alexandre Dulaunoy] * Merge pull request #7 from Rafiot/master. [Alexandre Dulaunoy] Make loader more flexible * Make PEP8 happy. [Raphaël Vinot] * Add CIRCL pssl module. [Raphaël Vinot] * Make loader more flexible. [Raphaël Vinot] * First module to test the freetext import functionality. [Alexandre Dulaunoy] * CIRCL Passive DNS output attributes updated. [Alexandre Dulaunoy] * PyPDNS requirement added. [Alexandre Dulaunoy] * CIRCL Passive DNS added. [Alexandre Dulaunoy] * Tests updated to include CIRCL passive dns. [Alexandre Dulaunoy] * Test file for passivetotal updated. [Alexandre Dulaunoy] * Merge pull request #5 from passivetotal/master. [Alexandre Dulaunoy] Rewrote the entire PassiveTotal extension * Rewrote the entire PassiveTotal extension. [Brandon Dixon] * Return a text attribute for an hover only module. [Alexandre Dulaunoy] * How to start MISP modules. [Alexandre Dulaunoy] * 2.4.28 includes misp modules by default. [Alexandre Dulaunoy] * Types are now described. [Alexandre Dulaunoy] * Debug removed. [Alexandre Dulaunoy] * Convert the base64 to ascii. [Iglocska] * Module-type added as default. [Alexandre Dulaunoy] * Return base64 value of the archived data. [Alexandre Dulaunoy] * Merge pull request #2 from iglocska/master. [Alexandre Dulaunoy] Some changes to the sourcecache expansion * Merge branch 'alternate_response' [Iglocska] * Some changes to the sourcecache expansion. [Iglocska] - return attachment or malware sample * Cve module tests added. [Alexandre Dulaunoy] * CVE hover expansion module. [Alexandre Dulaunoy] An hover module is a module returning a JSON that can be used as hover element in the MISP UI. * Sourcecache module includes the metadata config. [Alexandre Dulaunoy] * README updated to reflect config parameters changes. [Alexandre Dulaunoy] * Removed unused attributes. [Alexandre Dulaunoy] * Sample JSON files reflecting config changes. [Alexandre Dulaunoy] * Config parameters are now exposed via the meta information. [Alexandre Dulaunoy] config uses a specific list of values exposed via the introspection of the module. config is now passed as an additional dictionary to the request. MISP attributes include only MISP attributes. * Sourcecache module added. [Alexandre Dulaunoy] * A minimal caching module added to cache link or url from MISP. [Alexandre Dulaunoy] * Typo fixed + meta output. [Alexandre Dulaunoy] * Minimal functions requirements updated + PR request. [Alexandre Dulaunoy] * Exclude dot files from modules list to be loaded. [Alexandre Dulaunoy] * Example of module introspection including meta information. [Alexandre Dulaunoy] * Module meta added to return version, description and author per module. [Alexandre Dulaunoy] * Authentication notes added. [Alexandre Dulaunoy] * Passivetotal module added. [Alexandre Dulaunoy] * First version of a passivetotal MISP expansion module. [Alexandre Dulaunoy] * Default DNS updated. [Alexandre Dulaunoy] * Add a note regarding error codes. [Alexandre Dulaunoy] * Handling of error added. [Alexandre Dulaunoy] * Merge pull request #1 from Rafiot/master. [Alexandre Dulaunoy] Make PEP8 happy. * Make PEP8 happy. [Raphaël Vinot] * Output updated (type of module added) [Alexandre Dulaunoy] * Add a version per default. [Alexandre Dulaunoy] * Add type per module. [Alexandre Dulaunoy] * Format updated following Andras updates. [Alexandre Dulaunoy] * Default var directory added. [Alexandre Dulaunoy] * Python pip REQUIREMENTS file added. [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/MISP/misp-modules. [Iglocska] * Minimal logging added to the server. [Alexandre Dulaunoy] * Debug messages removed. [Alexandre Dulaunoy] * Minimal documentation added. [Alexandre Dulaunoy] * Curl is now silent. [Alexandre Dulaunoy] * Changed the output format to include all matching attribute types. [Iglocska] - changed the output format to give us a bit more flexibility - return an array of results - return the valid misp attribute types for each result * Basic test cases added. [Alexandre Dulaunoy] * MISP dns expansion module. [Alexandre Dulaunoy] * First version of a web services to provide ReST API to MISP expansion services. [Alexandre Dulaunoy]