mirror of https://github.com/MISP/misp-website
5515 lines
152 KiB
Plaintext
5515 lines
152 KiB
Plaintext
# Changelog
|
||
|
||
|
||
## %%version%% (unreleased)
|
||
|
||
### Changes
|
||
|
||
* [gitchangelogrc] added. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
|
||
## v2.4.152 (2021-12-22)
|
||
|
||
### Changes
|
||
|
||
* [hashlookup] support for sha256 and bug fix for non-exising MD5. [Alexandre Dulaunoy]
|
||
|
||
* [Pipefile.lock] removed. [Alexandre Dulaunoy]
|
||
|
||
* [REQUIREMENTS] chardet issue - let installer decide. [Alexandre Dulaunoy]
|
||
|
||
* [REQUIREMENTS] aiohttp. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] pillow updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] lxml updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] updated. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [hashlookup] typo fixed. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #536 from qintel/feat/qintel_qsentry. [Alexandre Dulaunoy]
|
||
|
||
New Module: Qintel QSentry
|
||
|
||
* Feature: add qintel qsentry module documentation. [Calvin Krzywiec]
|
||
|
||
* Feature: add qintel qsentry expansion module. [Calvin Krzywiec]
|
||
|
||
|
||
## v2.4.151 (2021-11-19)
|
||
|
||
### New
|
||
|
||
* [doc] Passive SSH documentation. [Alexandre Dulaunoy]
|
||
|
||
### Changes
|
||
|
||
* [py] Dependency bump. Works on buuntu 18.04.x. [Steve Clement]
|
||
|
||
* [py] Pandas requirements update. [Steve Clement]
|
||
|
||
* [documentation] updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] updated. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [py] Dependency fix. [Steve Clement]
|
||
|
||
* [mkdocs] updated configuration for version 5 of mkdocs. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #534 from SteveClement/main. [Steve Clement]
|
||
|
||
* Merge pull request #533 from SteveClement/main. [Steve Clement]
|
||
|
||
* Merge pull request #532 from SteveClement/main. [Steve Clement]
|
||
|
||
* Merge pull request #529 from gallypette/main. [Alexandre Dulaunoy]
|
||
|
||
passive-ssh expansion module
|
||
|
||
* Merge branch 'MISP:main' into main. [Jean-Louis Huynen]
|
||
|
||
* Merge pull request #528 from rderkachrf/rf_release_2_0. [Alexandre Dulaunoy]
|
||
|
||
Release 2.0: Update Recorded future expansion module with the new data
|
||
|
||
* Update Recorded future expansion module with the new data. [rderkach]
|
||
|
||
In this release, we added new data that we have called Links.
|
||
It represents better and more filtered related data.
|
||
Also did some code formatting.
|
||
|
||
* Add: [passive-ssh] initial commit. [Jean-Louis Huynen]
|
||
|
||
* Merge pull request #526 from korrosivesec/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Add libcaca-dev to apt packages required
|
||
|
||
* Add libcaca-dev to apt packages required. [Kory Kyzar]
|
||
|
||
I needed to add libcaca-dev to make gtcaca.
|
||
|
||
## Before
|
||
```
|
||
misp@server:/usr/local/src/gtcaca/build$ cmake .. && make
|
||
-- The C compiler identification is GNU 7.5.0
|
||
-- The CXX compiler identification is GNU 7.5.0
|
||
-- Check for working C compiler: /usr/bin/cc
|
||
-- Check for working C compiler: /usr/bin/cc -- works
|
||
-- Detecting C compiler ABI info
|
||
-- Detecting C compiler ABI info - done
|
||
-- Detecting C compile features
|
||
-- Detecting C compile features - done
|
||
-- Check for working CXX compiler: /usr/bin/c++
|
||
-- Check for working CXX compiler: /usr/bin/c++ -- works
|
||
-- Detecting CXX compiler ABI info
|
||
-- Detecting CXX compiler ABI info - done
|
||
-- Detecting CXX compile features
|
||
-- Detecting CXX compile features - done
|
||
CMake system name: Linux
|
||
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1")
|
||
pkg config path:
|
||
-- Check if the system is big endian
|
||
-- Searching 16 bit integer
|
||
-- Looking for sys/types.h
|
||
-- Looking for sys/types.h - found
|
||
-- Looking for stdint.h
|
||
-- Looking for stdint.h - found
|
||
-- Looking for stddef.h
|
||
-- Looking for stddef.h - found
|
||
-- Check size of unsigned short
|
||
-- Check size of unsigned short - done
|
||
-- Using unsigned short
|
||
-- Check if the system is big endian - little endian
|
||
-- Checking for module 'caca'
|
||
-- No package 'caca' found
|
||
CMake Error at /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:415 (message):
|
||
A required package was not found
|
||
Call Stack (most recent call first):
|
||
/usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:593 (_pkg_check_modules_internal)
|
||
CMakeLists.txt:69 (pkg_check_modules)
|
||
|
||
|
||
-- Configuring incomplete, errors occurred!
|
||
See also "/usr/local/src/gtcaca/build/CMakeFiles/CMakeOutput.log".
|
||
```
|
||
|
||
## After
|
||
```
|
||
misp@server:/usr/local/src/gtcaca/build$ cmake .. && make
|
||
CMake system name: Linux
|
||
pkg config path:
|
||
-- Checking for module 'caca'
|
||
-- Found caca, version 0.99.beta19
|
||
libcaca link library: -lcaca
|
||
CMake system: Linux
|
||
-- Configuring done
|
||
-- Generating done
|
||
-- Build files have been written to: /usr/local/src/gtcaca/build
|
||
```
|
||
|
||
|
||
## v2.4.150 (2021-10-19)
|
||
|
||
### New
|
||
|
||
* [hashlookup] documentation added. [Alexandre Dulaunoy]
|
||
|
||
* [hashlookup] new hashlookup module added. [Alexandre Dulaunoy]
|
||
|
||
https://www.circl.lu/services/hashlookup/
|
||
|
||
* [hashlookup] new hashlookup module added. [Alexandre Dulaunoy]
|
||
|
||
### Changes
|
||
|
||
* [hashlookup] KnownMalicious field added. [Alexandre Dulaunoy]
|
||
|
||
* [hashlookup] add new fields such as source, SSDEEP and TLSH. [Alexandre Dulaunoy]
|
||
|
||
* [hashlookup] Using the actual attribute types for FileName & FileSize. [chrisr3d]
|
||
|
||
- Following the recent changes on the obejct template
|
||
to use `filename` as attribute type for the FileName
|
||
object relation instead of `text`
|
||
https://github.com/MISP/misp-objects/commit/d2b93f5aa69e0d9bfc549915b8f691cc5f62bf6c
|
||
|
||
* [hashlookup] logo updated. [Alexandre Dulaunoy]
|
||
|
||
* [logo] CIRCL logo added for hashlookup service. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [yara_query] Fixed module input parsing. [chrisr3d]
|
||
|
||
- The module used to work properly when called
|
||
from a single attribute enrichment, but was
|
||
broken when called from the hover enrichment
|
||
feature, because of the additional `persistent`
|
||
field used to define which type of hover
|
||
enrichment is queried
|
||
|
||
* [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record. [Alexandre Dulaunoy]
|
||
|
||
* Add missing dependency (ndjson) of cof2misp1. [Luciano Righetti]
|
||
|
||
* Added note about the Domaintools module being deprecated. [Andras Iklody]
|
||
|
||
- as requested by Domaintools, including a link to their own, up to date module
|
||
|
||
* [hashlookup] Fixed the errors handling. [chrisr3d]
|
||
|
||
- Since the modules system is waiting for a dict,
|
||
we return `misperrors` instead of the actual
|
||
value of the 'error' key, and the module will
|
||
no longer fail when there is no result to parse
|
||
|
||
* [greynoise] typo fixed. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #520 from aaronkaplan/fix-github-alerts. [Alexandre Dulaunoy]
|
||
|
||
Fix github's security alert: fix
|
||
|
||
* Fix github's security alert: fix * CVE-2021-28676 * CVE-2021-25287 * CVE-2021-28675 * CVE-2021-28678 * CVE-2021-25288 * CVE-2021-28677. [aaronkaplan]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #519 from Lastline-Inc/main. [Alexandre Dulaunoy]
|
||
|
||
Update dependency files
|
||
|
||
* Update dependency files. [Jason Zhang]
|
||
|
||
* Merge pull request #517 from mohlcyber/main. [Alexandre Dulaunoy]
|
||
|
||
Added McAfee MVISION Insights Expansion Module
|
||
|
||
* Added McAfee MVISION Insights. [Martin Ohl]
|
||
|
||
* Update README.md. [Martin Ohl]
|
||
|
||
* Create mcafee_insights_enrich.py. [Martin Ohl]
|
||
|
||
Module to expand IOC information with McAfee MVISION Insights
|
||
|
||
* Revert "fix: [greynoise] typo fixed" [Alexandre Dulaunoy]
|
||
|
||
This reverts commit e36e3ea117b2b6562eaad2008f23a98c5b69f9e5.
|
||
|
||
* Merge pull request #516 from Lastline-Inc/main. [Alexandre Dulaunoy]
|
||
|
||
Sanity checks
|
||
|
||
* Sanity checks. [Jason Zhang]
|
||
|
||
* Merge pull request #515 from GreyNoise-Intelligence/greynoise_update_doc_json. [Alexandre Dulaunoy]
|
||
|
||
Update the greynoise.json file
|
||
|
||
* Update greynoise.json. [Brad Chiappetta]
|
||
|
||
* Merge pull request #514 from GreyNoise-Intelligence/greynoise-add-cve-enhance-ip. [Alexandre Dulaunoy]
|
||
|
||
Add CVE Lookup and Enhance IP Lookup
|
||
|
||
* Documenation updates. [Brad Chiappetta]
|
||
|
||
* Add cve support and enhance ip lookups. [Brad Chiappetta]
|
||
|
||
|
||
## v2.4.148 (2021-08-09)
|
||
|
||
### Other
|
||
|
||
* Merge pull request #513 from Lastline-Inc/main. [Alexandre Dulaunoy]
|
||
|
||
Add vmware_nsx module
|
||
|
||
* Add vmware_nsx module. [Jason Zhang]
|
||
|
||
* Merge pull request #507 from aaronkaplan/cof2misp. [Alexandre Dulaunoy]
|
||
|
||
Cof2misp
|
||
|
||
* Fix the last issues of #493 (https://github.com/MISP/misp-modules/issues/493) [Aaron Kaplan]
|
||
|
||
* Unit test for dnsdbflex in lib/cof.py. [Aaron Kaplan]
|
||
|
||
* Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Push version. [aaronkaplan]
|
||
|
||
* Add a function to validate dnsdbflex output add dnsdbflex parser. It's rather easy. [aaronkaplan]
|
||
|
||
* Merge remote-tracking branch 'origin/cof2misp' into cof2misp. [aaronkaplan]
|
||
|
||
* Add a function to validate dnsdbflex output. [aaronkaplan]
|
||
|
||
|
||
## v2.4.145 (2021-06-28)
|
||
|
||
### Changes
|
||
|
||
* [virustotal_public] make flake8 happy. [Alexandre Dulaunoy]
|
||
|
||
* [travis] flake8 updated. [Alexandre Dulaunoy]
|
||
|
||
* [virustotal] make flake8 happy. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] remove the pypi index from the requirements. [Alexandre Dulaunoy]
|
||
|
||
This fixes #505 but we need to find a clean solution for Pipfile generating
|
||
it.
|
||
|
||
* [tests] btc_steroid not working via CI. [Alexandre Dulaunoy]
|
||
|
||
* [travis] remove old docker before install. [Alexandre Dulaunoy]
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
|
||
## v2.4.144 (2021-06-07)
|
||
|
||
### Other
|
||
|
||
* Merge pull request #501 from legoguy1000/virustotal-proxy. [Alexandre Dulaunoy]
|
||
|
||
Add proxy configs for virus total modules
|
||
|
||
* Add proxy configs for virus total modules. [Alex Resnick]
|
||
|
||
* Merge pull request #499 from RamboV/main. [Alexandre Dulaunoy]
|
||
|
||
Farsight DNSDB - Added Default Distribution Setting
|
||
|
||
* Updated Distribution Constant. [Rambatla Venkat Rao]
|
||
|
||
* Default distribution setting to DNSDB Objects. [Rambatla Venkat Rao]
|
||
|
||
* Added a default distribution setting to Objects. [Rambatla Venkat Rao]
|
||
|
||
|
||
## v2.4.143 (2021-05-14)
|
||
|
||
### Changes
|
||
|
||
* [test] onyphe no way to test without authentication keys. [Alexandre Dulaunoy]
|
||
|
||
* [cof2misp] bailiwick is optional. [Alexandre Dulaunoy]
|
||
|
||
* [doc] cof2misp documentation added. [Alexandre Dulaunoy]
|
||
|
||
* [cof2misp] debugging removed. [Alexandre Dulaunoy]
|
||
|
||
* [cof2misp] remove logging in the misp-modules. [Alexandre Dulaunoy]
|
||
|
||
* [cof2misp module] fix the import module/package "__init__.py" missing. [Alexandre Dulaunoy]
|
||
|
||
* [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* [farsight_passivedns] Handling exceptions raised from a query error. [chrisr3d]
|
||
|
||
- This can happen with for instance a wrong server URL
|
||
|
||
### Other
|
||
|
||
* Merge pull request #498 from sebdraven/master. [Alexandre Dulaunoy]
|
||
|
||
Refactorin onype module
|
||
|
||
* Fix bug on loop. [Sebdraven]
|
||
|
||
* Remove print and variable unsuable. [Sebdraven]
|
||
|
||
* Merge pull request #4 from MISP/main. [sebdraven]
|
||
|
||
merge
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge pull request #497 from aaronkaplan/cof2misp. [Alexandre Dulaunoy]
|
||
|
||
Cof2misp
|
||
|
||
* Oops, there was a minor error. print(..., file=sys.stDerr) . Typo! [root]
|
||
|
||
* Add license text. No logical changes in this commit. [aaronkaplan]
|
||
|
||
* Merge pull request #491 from aaronkaplan/cof2misp. [Alexandre Dulaunoy]
|
||
|
||
Version 0.2 of the cof2misp import module.
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Make teh special attributes *_ip and _domain not needed. See the discussion in https://github.com/MISP/misp-objects/pull/314. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Make stub strict parser. [aaronkaplan]
|
||
|
||
* Again, make flake8 happy. My local flake8 was already happy. hm. [aaronkaplan]
|
||
|
||
* Flake8, you suck. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Make flake8 happier. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan]
|
||
|
||
* Version 0.2 of the cof2misp import module. [aaronkaplan]
|
||
|
||
* Version 0.2 of the cof2misp import module. [aaronkaplan]
|
||
|
||
* Add summary ip, domain and hostname. [Sebdraven]
|
||
|
||
* Fix bug. [Sebdraven]
|
||
|
||
* Add reference. [Sebdraven]
|
||
|
||
* Add test to check. [Sebdraven]
|
||
|
||
* Fixe typo. [Sebdraven]
|
||
|
||
* Remove pass. [Sebdraven]
|
||
|
||
* Add object certificate. [Sebdraven]
|
||
|
||
* Add hostname. [Sebdraven]
|
||
|
||
* Update onyphe.py. [Sebdraven]
|
||
|
||
remove typo
|
||
|
||
* Check entry in result dico. [Sebdraven]
|
||
|
||
* Add logs. [Sebdraven]
|
||
|
||
* Fix logical test. [Sebdraven]
|
||
|
||
* Add logs. [Sebdraven]
|
||
|
||
* Add logs. [Sebdraven]
|
||
|
||
* Add logs. [Sebdraven]
|
||
|
||
* Add summary ip. [Sebdraven]
|
||
|
||
object domain
|
||
|
||
* Refactoring of the module. [Sebdraven]
|
||
|
||
|
||
## v2.4.142 (2021-04-26)
|
||
|
||
### New
|
||
|
||
* [logo] yeti logo added. [Alexandre Dulaunoy]
|
||
|
||
* [ChangeLog] added. [Alexandre Dulaunoy]
|
||
|
||
### Changes
|
||
|
||
* [doc] yeti logo added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] Makefile fixed. [Alexandre Dulaunoy]
|
||
|
||
* [doc] README cleanup and historical stuff removed. [Alexandre Dulaunoy]
|
||
|
||
* [doc] fix path of mkdocs output. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [tests] Back to the former ip address in the threatcrowd module test. [chrisr3d]
|
||
|
||
* [doc] Travis button was on the old master branch. [Alexandre Dulaunoy]
|
||
|
||
fix: [doc] Travis button was on the old master branch
|
||
|
||
* [doc] build script. [Alexandre Dulaunoy]
|
||
|
||
### Other
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #488 from sebdraven/master. [Alexandre Dulaunoy]
|
||
|
||
Module Yeti
|
||
|
||
* Add pyeti package. [Sebdraven]
|
||
|
||
* Merge branch 'main' [Sebdraven]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Fix typo. [Sebdraven]
|
||
|
||
* Remove variable unused. [Sebdraven]
|
||
|
||
* Remove import unused and add package in requirements. [Sebdraven]
|
||
|
||
* Create yeti.json. [Sebdraven]
|
||
|
||
add doc
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
pep 8 compliant
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove tags and entity
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add input
|
||
|
||
* Merge pull request #2 from MISP/master. [sebdraven]
|
||
|
||
Master
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add tests
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add ns record dst and src link
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add test to create result
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix edges
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix typo
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change params
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add ns_record object
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change loop
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix bug
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove tests
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
filter by id
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add src
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix keyerror
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix bug about id
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add test of id
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add log
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add descripton
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add file to add in attribute
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add tags for attribute
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove tag
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
test tags
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change tags method
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add related observable and AS
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove print debug
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
fix bugs key error
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add param
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
try typo
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove print
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove tests
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
test
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
try test
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add check
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
correct bug
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add log
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add log
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
correct typo
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add relation
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
refactoring and add Url neighboors
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add key results
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
delete attr
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
correction format strings
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
value attribute
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add relation
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
remove add
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change relations
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change modification
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
update relation
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change relation type
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add relationship
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add ref
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add test
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change attribute add
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change relationship
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
log json
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
log object
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change type attr and relation
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change relation type and misp event init
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add relation object
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add object
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
refactoring
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
using attribute
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
use format misp
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
modify acess dict
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add neighboors iocs to add the event
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
modify call yeti
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
Correct bugs
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change inherit
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
change path to access config settings
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add log
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add ip-dst to enrich
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add logs
|
||
|
||
* Yeti pluggin. [Sebdraven]
|
||
|
||
get_entities and get_neighboors
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add introspection method
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add method version
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
correct import
|
||
|
||
* Update REQUIREMENTS. [Sebdraven]
|
||
|
||
correct conflic
|
||
|
||
* Update yeti.py. [Sebdraven]
|
||
|
||
add config and struct
|
||
|
||
* Add new module. [Sebdraven]
|
||
|
||
new module yeti
|
||
|
||
* Update .gitignore. [Sebdraven]
|
||
|
||
update .gitignore to env pycharm
|
||
|
||
* Merge pull request #1 from MISP/master. [sebdraven]
|
||
|
||
Master
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
|
||
## v2.4.141 (2021-04-19)
|
||
|
||
### Changes
|
||
|
||
* [tests] LiveCI set for RBL tests (network connectivity issues in the CI) [Alexandre Dulaunoy]
|
||
|
||
* [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed. [chrisr3d]
|
||
|
||
* [rbl] Small changes on the rbl list and the results handling. [chrisr3d]
|
||
|
||
* [test] skip some tests if running in the CI (API limitation or specific host issues) [Alexandre Dulaunoy]
|
||
|
||
* [tests] historical records in threatcrowd. [Alexandre Dulaunoy]
|
||
|
||
* [test] fixing IP addresses. [Alexandre Dulaunoy]
|
||
|
||
* [passivetotal] new test IP address. [Alexandre Dulaunoy]
|
||
|
||
* [farsight] make PEP happy. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] openpyxl added. [Alexandre Dulaunoy]
|
||
|
||
* [travis] missing dep. [Alexandre Dulaunoy]
|
||
|
||
* [test expansion] IPv4 address of CIRCL updated. [Alexandre Dulaunoy]
|
||
|
||
* [coverage] install. [Alexandre Dulaunoy]
|
||
|
||
* [pipenv] removed. [Alexandre Dulaunoy]
|
||
|
||
* [travis] get rid of pipenv. [Alexandre Dulaunoy]
|
||
|
||
* [Pipfile.lock] updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] fix index of mkdocs. [Alexandre Dulaunoy]
|
||
|
||
* [documentation] updated. [Alexandre Dulaunoy]
|
||
|
||
* [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d]
|
||
|
||
- We get the datetime format instead of the raw
|
||
timestamp
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
* [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d]
|
||
|
||
- We get the datetime format instead of the raw
|
||
timestamp
|
||
|
||
* [farsight_passivedns] Added input types for more flex queries. [chrisr3d]
|
||
|
||
- Standard types still supported as before
|
||
- Name or ip lookup, with optional flex queries
|
||
- New attribute types added will only send flex
|
||
queries to the DNSDB API
|
||
|
||
* [doc] fix #460 - rh install. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] fix 463. [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* [tests] Fixed btc_steroids test assertion. [chrisr3d]
|
||
|
||
* [ocr_enrich] Making Pep8 happy. [chrisr3d]
|
||
|
||
* [tests] Fixed variable names that have been changed with the latest commit. [chrisr3d]
|
||
|
||
* [ocr_enrich] Fixed tesseract input format. [chrisr3d]
|
||
|
||
- It looks like the `image_to_string` method now
|
||
assumes RGB format and the `imdecode` method
|
||
seems to give BGR format, so we convert the
|
||
image array before
|
||
|
||
* [tests] Fixed tests for some modules waiting for standard MISP Attribute format as input. [chrisr3d]
|
||
|
||
* [tests] Fixed hibp test which requires an API key. [chrisr3d]
|
||
|
||
* [hibp] Fixed config handling to avoir KeyError exceptions. [chrisr3d]
|
||
|
||
* [test] dns module. [Alexandre Dulaunoy]
|
||
|
||
* [main] Disable duplicate JSON decoding. [Jakub Onderka]
|
||
|
||
* [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other. [Alexandre Dulaunoy]
|
||
|
||
* [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d]
|
||
|
||
- Getting generator as a list as it is already the
|
||
case for all the other results, so it avoids
|
||
issues to read the results by accidently looping
|
||
through the generator before it is actually
|
||
needed, which would lose the content of the
|
||
generator
|
||
- Also removed print that was accidently introduced
|
||
with the last commit
|
||
|
||
* [farsight_passivedns] Excluding last_seen value for now, in order to get the available results. [chrisr3d]
|
||
|
||
- With last_seen set we can easily get results
|
||
included in a certain time frame (between first
|
||
seen and last seen), but we do not get the
|
||
latest results. In order to get those ones, we
|
||
skip filtering on the time_last_before value
|
||
|
||
* [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d]
|
||
|
||
- Getting generator as a list as it is already the
|
||
case for all the other results, so it avoids
|
||
issues to read the results by accidently looping
|
||
through the generator before it is actually
|
||
needed, which would lose the content of the
|
||
generator
|
||
- Also removed print that was accidently introduced
|
||
with the last commit
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* [farsight_passivedns] Fixed queries to the API. [chrisr3d]
|
||
|
||
- Since flex queries input may be email addresses,
|
||
we nake sure we replace '@' by '.' in the flex
|
||
queries input.
|
||
- We also run the flex queries with the input as
|
||
is first, before runnning them as second time
|
||
with '.' characters escaped: '\\.'
|
||
|
||
* Google.py module. [Jürgen Löhel]
|
||
|
||
The search result does not include always 3 elements. It's better to
|
||
enumerate here.
|
||
The googleapi fails sometimes. Retry it 3 times.
|
||
|
||
* Google.py module. [Jürgen Löhel]
|
||
|
||
Corrects import for gh.com/abenassi/Google-Search-API.
|
||
|
||
* Consider mail body as UTF-8 encoded. [Jakub Onderka]
|
||
|
||
### Other
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
* Fix; [tests] Changes on assertion statements that should fix the passivetotal, rbl & shodan tests. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
* Merge pull request #435 from JakubOnderka/remove-duplicate-decoding. [Alexandre Dulaunoy]
|
||
|
||
fix: [main] Remove duplicate JSON decoding
|
||
|
||
* Add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects. [chrisr3d]
|
||
|
||
- The object_relation `time_first` is added as the
|
||
`first_seen` value of the object
|
||
- Same with `time_last` -> `last_seen`
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d]
|
||
|
||
* Merge pull request #484 from GreyNoise-Intelligence/main. [Alexandre Dulaunoy]
|
||
|
||
Update to GreyNoise expansion module
|
||
|
||
* Update community api to released ver. [Brad Chiappetta]
|
||
|
||
* Fix ver info. [Brad Chiappetta]
|
||
|
||
* Updates for greynoise community api. [Brad Chiappetta]
|
||
|
||
* Merge pull request #485 from jgwilson42/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update README.md
|
||
|
||
* Update README.md. [James Wilson]
|
||
|
||
Ensure that the clone of misp-modules is owned by www-data
|
||
|
||
* Merge pull request #482 from MISP/new_features. [Alexandre Dulaunoy]
|
||
|
||
Farsight_passivedns module updated with new input types compatible with flex queries
|
||
|
||
* Add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d]
|
||
|
||
* Merge pull request #481 from cocaman/main. [Alexandre Dulaunoy]
|
||
|
||
Adding ThreatFox enrichment module
|
||
|
||
* Adding additional tags. [Corsin Camichel]
|
||
|
||
* First version of ThreatFox enrichment module. [Corsin Camichel]
|
||
|
||
* Merge pull request #480 from cocaman/patch-1. [Alexandre Dulaunoy]
|
||
|
||
updating "hibp" for API version 3
|
||
|
||
* Updating "hibp" for API version 3. [Corsin Camichel]
|
||
|
||
* Merge pull request #477 from jloehel/fix/google-module. [Alexandre Dulaunoy]
|
||
|
||
Fix/google module
|
||
|
||
* Merge pull request #476 from digihash/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update README.md
|
||
|
||
* Update README.md. [Kevin Holvoet]
|
||
|
||
Added fix based on https://github.com/MISP/MISP/issues/4045
|
||
|
||
* Merge pull request #475 from adammchugh/patch-3. [Alexandre Dulaunoy]
|
||
|
||
Fixed the censys version
|
||
|
||
* Fixed the censys version. [adammchugh]
|
||
|
||
Unsure how I managed to get the version so wrong, but I have updated it to the current version and confirmed as working.
|
||
|
||
* Merge pull request #474 from JakubOnderka/patch-4. [Alexandre Dulaunoy]
|
||
|
||
fix: Consider mail body as UTF-8 encoded
|
||
|
||
* Merge pull request #473 from adammchugh/patch-2. [Alexandre Dulaunoy]
|
||
|
||
Change to pandas version requirement to address pip install failure
|
||
|
||
* Included missing dependencies for censys and pyfaup. [adammchugh]
|
||
|
||
Added censys dependency
|
||
Added pyfaup dependency
|
||
|
||
* Change to pandas version requirement to address pip install failure. [adammchugh]
|
||
|
||
Updated pandas version to 1.1.5 to allow pip install as defined at https://github.com/MISP/misp-modules to complete successfully.
|
||
|
||
* Merge pull request #470 from adammchugh/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update assemblyline_submit.py - Add verify SSL option
|
||
|
||
* Update assemblyline_submit.py. [adammchugh]
|
||
|
||
* Update assemblyline_query.py. [adammchugh]
|
||
|
||
* Update assemblyline_submit.py. [adammchugh]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy]
|
||
|
||
* Update README long hyphen is not standard ASCII hyphen. [Alexandre Dulaunoy]
|
||
|
||
Fix #464
|
||
|
||
|
||
## v2.4.137 (2021-01-25)
|
||
|
||
### Changes
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
* Bump requirements. [Raphaël Vinot]
|
||
|
||
* [pipenv] Enable email extras for PyMISP. [Jakub Onderka]
|
||
|
||
### Fix
|
||
|
||
* Bump PyMISP dep to latest. [Raphaël Vinot]
|
||
|
||
* Use PyMISP from PyPi. [Raphaël Vinot]
|
||
|
||
* Use pymisp from pypi. [Raphaël Vinot]
|
||
|
||
* [pipenv] Missing clamd. [Jakub Onderka]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #466 from NoDataFound/main. [Alexandre Dulaunoy]
|
||
|
||
Corrected VMray rest API import
|
||
|
||
* Corrected VMray rest API import. [Cory Kennedy]
|
||
|
||
When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import.
|
||
|
||
* Merge pull request #457 from trustar/main. [Alexandre Dulaunoy]
|
||
|
||
added more explicit error messages for indicators that return no enri…
|
||
|
||
* Added more explicit error messages for indicators that return no enrichment data. [Jesse Hedden]
|
||
|
||
* Merge pull request #452 from kuselfu/main. [Alexandre Dulaunoy]
|
||
|
||
update vmray_import, add vmray_summary_json_import
|
||
|
||
* Fix imports and unused variables. [Jens Thom]
|
||
|
||
* Resolve merge conflict. [Jens Thom]
|
||
|
||
* Merge remote-tracking branch 'upstream/main' into main. [Jens Thom]
|
||
|
||
* Merge pull request #451 from JakubOnderka/versions-update. [Alexandre Dulaunoy]
|
||
|
||
fix: [pipenv] Missing clamd
|
||
|
||
* Merge pull request #450 from JakubOnderka/versions-update. [Alexandre Dulaunoy]
|
||
|
||
chg: [pipenv] Enable email extras for PyMISP
|
||
|
||
* Merge pull request #448 from HacknowledgeCH/export_defender_endpoint. [Alexandre Dulaunoy]
|
||
|
||
Export defender endpoint
|
||
|
||
* Fixed error reported by LGTM analysis. [milkmix]
|
||
|
||
* Added documentation. [milkmix]
|
||
|
||
* Added missing quotes. [milkmix]
|
||
|
||
* Added URL support. [milkmix]
|
||
|
||
* Typo in python src name. [milkmix]
|
||
|
||
* Initial work on Defender for Endpoint export module. [milkmix]
|
||
|
||
* * add parser for report version v1 and v2 * add summary JSON import module. [Jens Thom]
|
||
|
||
|
||
## v2.4.134 (2020-11-18)
|
||
|
||
### New
|
||
|
||
* [expansion] Added html_to_markdown module. [mokaddem]
|
||
|
||
It fetches the HTML from the provided URL, performs a bit of DOM
|
||
clean-up then convert it into markdown
|
||
|
||
* [clamav] Module for malware scan by ClamAV. [Jakub Onderka]
|
||
|
||
* [passivedns, passivessl] Add support for ip-src|port and ip-dst|port. [Jakub Onderka]
|
||
|
||
* Censys Expansion module. [Golbark]
|
||
|
||
* Expansion module to query MALWAREbazaar API with some hash attribute. [chrisr3d]
|
||
|
||
### Changes
|
||
|
||
* [pipenv] Updated lock Pipfile again. [chrisr3d]
|
||
|
||
* [pipenv] Updated lock Pipfile. [chrisr3d]
|
||
|
||
* Added socialscan library in Pipfile and updated the lock file. [chrisr3d]
|
||
|
||
* [documentation] Cleaner documentation directories & auto-generation. [chrisr3d]
|
||
|
||
Including:
|
||
- A move of the previous `doc` and `docs` directories to `documentation`
|
||
- `documentation` is now the default directory
|
||
- The documentation previously under `doc` is now in `documentation/website`
|
||
- The mkdocs previously under `docs` is now in `documentation/mkdocs`
|
||
- All single JSON documentation files have been JQed
|
||
- Some small improvements to list fields displaying
|
||
|
||
* [pipenv] Updated Pipfile. [chrisr3d]
|
||
|
||
* [documentation] Updated the farsight-passivedns documentation. [chrisr3d]
|
||
|
||
* [cpe] Added default limit to the results. [chrisr3d]
|
||
|
||
- Results returned by CVE-search are sorted by
|
||
cvss score and limited in number to avoid
|
||
potential massive amount of data retuned back
|
||
to MISP.
|
||
- Users can overwrite the default limit with the
|
||
configuration already present as optional, and
|
||
can also set the limit to 0 to get the full list
|
||
of results
|
||
|
||
* [farsight_passivedns] Now using the dnsdb2 python library. [chrisr3d]
|
||
|
||
- Also updated the results parsing to check in
|
||
each returned result for every field if they are
|
||
included, to avoid key errors if any field is
|
||
missing
|
||
|
||
* [cpe] Support of the new CVE-Search API. [chrisr3d]
|
||
|
||
* [doc] Updated the farsight_passivedns module documentation. [chrisr3d]
|
||
|
||
* [farsight_passivedns] More context added to the results. [chrisr3d]
|
||
|
||
- References between the passive-dns objects and
|
||
the initial attribute
|
||
- Comment on object attributes mentioning whether
|
||
the results come from an rrset or an rdata
|
||
lookup
|
||
|
||
* [farsight_passivedns] Rework of the module to return MISP objects. [chrisr3d]
|
||
|
||
- All the results are parsed as passive-dns MISP
|
||
objects
|
||
- More love to give to the parsing to add
|
||
references between the passive-dns objects and
|
||
the input attribute, depending on the type of
|
||
the query (rrset or rdata), or the rrtype
|
||
(to be determined)
|
||
|
||
* [cpe] Changed CVE-Search API default url. [chrisr3d]
|
||
|
||
* [clamav] Add reference to original attribute. [Jakub Onderka]
|
||
|
||
* [clamav] TCP port connection must be an integer. [Alexandre Dulaunoy]
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
* Updated expansion modules documentation. [chrisr3d]
|
||
|
||
- Added documentation for the missing modules
|
||
- Renamed some of the documentation files to match
|
||
with the module names and avoid issues within
|
||
the documentation file (README.md) with the link
|
||
of the miss-spelled module names
|
||
|
||
* Updated the bgpranking expansion module test. [chrisr3d]
|
||
|
||
* Updated documentation for the recently updated bgpranking module. [chrisr3d]
|
||
|
||
* Updated the bgpranking expansion module to return MISP objects. [chrisr3d]
|
||
|
||
- The module no longer returns freetext, since the
|
||
result returned to the freetext import as text
|
||
only allowed MISP to parse the same AS number as
|
||
the input attribute.
|
||
- The new result returned with the updated module
|
||
is an asn object describing more precisely the
|
||
AS number, and its ranking for a given day
|
||
|
||
* Turned the Shodan expansion module into a misp_standard format module. [chrisr3d]
|
||
|
||
- As expected with the misp_standard modules, the
|
||
input is a full attribute and the module is able
|
||
to return attributes and objects
|
||
- There was a lot of data that was parsed as regkey
|
||
attributes by the freetext import, the module now
|
||
parses properly the different field of the result
|
||
of the query returned by Shodan
|
||
|
||
* Updated documentation about the greynoise module. [chrisr3d]
|
||
|
||
* Updated Greynoise tests following the latest changes on the expansion module. [chrisr3d]
|
||
|
||
* Making use of the Greynoise v2 API. [chrisr3d]
|
||
|
||
* Bump deps. [Raphaël Vinot]
|
||
|
||
* [doc] Added details about faup. [Steve Clement]
|
||
|
||
* [doc] in case btc expansion fails, give another hint at why it fails. [Steve Clement]
|
||
|
||
* [travis] Added gtcaca and liblua to faup. [Steve Clement]
|
||
|
||
* [travis] Added py3.8. [Steve Clement]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
Should fix https://github.com/MISP/MISP/issues/5739
|
||
|
||
* Quick ransomdncoin test just to make sure the module loads. [chrisr3d]
|
||
|
||
- I do not have any api key right now, so the test
|
||
should just reach the error
|
||
|
||
* Catching missing config issue. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* [pipenv] Removed duplicated dnsdb2 entry that I missed while merging conflict. [chrisr3d]
|
||
|
||
* Removed debugging print command. [chrisr3d]
|
||
|
||
* [tests] Less specific assertion for the rbl module test. [chrisr3d]
|
||
|
||
* [farsight_passivedns] Fixed pep8 backslash issue. [chrisr3d]
|
||
|
||
* [farsight_passivedns] Fixed issue with variable name. [chrisr3d]
|
||
|
||
* [documentation] Added missing cpe module documentation. [chrisr3d]
|
||
|
||
* [cpe] Fixed typo in vulnerable-configuration object relation fields. [chrisr3d]
|
||
|
||
* [farsight_passivedns] Fixed typo in the lookup fields. [chrisr3d]
|
||
|
||
* [farsight_passivedns] Uncommented mandatory field that was commented for tests. [chrisr3d]
|
||
|
||
* [tests] Small fixes on the expansion tests. [chrisr3d]
|
||
|
||
* [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version. [chrisr3d]
|
||
|
||
* [documentation] Updated links to the scripts, with the default branch no longer being master, but main. [chrisr3d]
|
||
|
||
* Typo. [chrisr3d]
|
||
|
||
* Updated Pipfile. [chrisr3d]
|
||
|
||
* [cpe] Typos and variable name issues fixed + Making the module available in MISP. [chrisr3d]
|
||
|
||
* [cve-advanced] Using the cpe and weakness attribute types. [chrisr3d]
|
||
|
||
* [cve_advanced] Avoiding potential MISP object references issues. [chrisr3d]
|
||
|
||
- Adding objects as dictionaries in an event may
|
||
cause issues in some cases. It is better to pass
|
||
the MISP object as is, as it is already a valid
|
||
object since the MISPObject class is used
|
||
|
||
* [virustotal_public] Resolve key error when user enrich hostname. [chrisr3d]
|
||
|
||
- Same as #424
|
||
|
||
* [virustotal] Resolve key error when user enrich hostname. [Jakub Onderka]
|
||
|
||
* Typo in EMailObject. [Raphaël Vinot]
|
||
|
||
Fix #427
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Fixed pep8. [chrisr3d]
|
||
|
||
* Fixed pep8 + some copy paste issues introduced with the latest commits. [chrisr3d]
|
||
|
||
* Avoid issues with the attribute value field name. [chrisr3d]
|
||
|
||
- The module setup allows 'value1' as attribute
|
||
value field name, but we want to make sure that
|
||
users passing standard misp format with 'value'
|
||
instead, will not have issues, as well as
|
||
keeping the current setup
|
||
|
||
* [virustotal] Subdomains is optional in VT response. [Jakub Onderka]
|
||
|
||
* Fixed list of sigma backends. [chrisr3d]
|
||
|
||
* Fixed validators dependency issues. [chrisr3d]
|
||
|
||
- Possible rollback if we get issues with virustotal
|
||
|
||
* Removed multiple spaces to comply with pep8. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Removed trustar_import module name in init to avoid validation issues. [chrisr3d]
|
||
|
||
(until it is submitted via PR?)
|
||
|
||
* [circl_passivessl] Return proper error for IPv6 addresses. [Jakub Onderka]
|
||
|
||
* [circl_passivessl] Return not found error. [Jakub Onderka]
|
||
|
||
If passivessl returns empty response, return Not found error instead of error in log
|
||
|
||
* [circl_passivedns] Return not found error. [Jakub Onderka]
|
||
|
||
If passivedns returns empty response, return Not found error instead of error in log
|
||
|
||
* [pep] Comply to PEP E261. [Steve Clement]
|
||
|
||
* [travis] gtcaca has no build directory. [Steve Clement]
|
||
|
||
* [pip] pyfaup required. [Steve Clement]
|
||
|
||
* [doc] corrected filenames for 2 docs. [Christophe Vandeplas]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Catching errors in the reponse of the query to URLhaus. [chrisr3d]
|
||
|
||
* Making pep8 happy with indentation. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Removed unused import. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Making the module config available so the module works. [chrisr3d]
|
||
|
||
* [VT] Disable SHA512 query for VT. [Jakub Onderka]
|
||
|
||
### Other
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge pull request #429 from MISP/new_module. [Christian Studer]
|
||
|
||
New module using socialscan to check the availability of an email address or username on some online platforms
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Add: Added documentation for the socialscan new module. [chrisr3d]
|
||
|
||
- Also quick fix of the message for an invalid
|
||
result or response concerning the queried email
|
||
address or username
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge pull request #445 from chrisr3d/main. [Christian Studer]
|
||
|
||
Added missing cpe module documentation
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Add: [farsight-passivedns] Optional feature to submit flex queries. [chrisr3d]
|
||
|
||
- The rrset and rdata queries remain the same but
|
||
with the parameter `flex_queries`, users can
|
||
also get the results of the flex rrnames & flex
|
||
rdata regex queries about their domain, hostname
|
||
or ip address
|
||
- Results can thus include passive-dns objects
|
||
containing the `raw_rdata` object_relation added
|
||
with 0a3e948
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d]
|
||
|
||
* Merge pull request #443 from trustar/main. [Alexandre Dulaunoy]
|
||
|
||
fixed typo causing firstSeen and lastSeen to not be pulled from enric…
|
||
|
||
* Fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data. [Jesse Hedden]
|
||
|
||
* Merge pull request #440 from MISP/chrisr3d_patch. [Alexandre Dulaunoy]
|
||
|
||
Farsight passivedns module update
|
||
|
||
* Merge pull request #437 from chrisr3d/main. [Alexandre Dulaunoy]
|
||
|
||
New expansion module to get the vulnerabilities related to a CPE
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge pull request #436 from MISP/new-html-to-markdown. [Christian Studer]
|
||
|
||
new: [expansion] Added html_to_markdown module
|
||
|
||
* Add: Documentation for the html_to_markdown expansion module. [chrisr3d]
|
||
|
||
* Add: Added documentation for the cpe module. [chrisr3d]
|
||
|
||
* Add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities. [chrisr3d]
|
||
|
||
* Merge pull request #432 from JakubOnderka/clamav. [Alexandre Dulaunoy]
|
||
|
||
chg: [clamav] Add reference to original attribute
|
||
|
||
* Merge pull request #431 from JakubOnderka/clamav. [Alexandre Dulaunoy]
|
||
|
||
new: [clamav] Module for malware scan by ClamAV
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Raphaël Vinot]
|
||
|
||
* Merge pull request #424 from JakubOnderka/vt-subdomains-fix. [Christian Studer]
|
||
|
||
fix: [virustotal] Resolve key error when user enrich hostname
|
||
|
||
* Merge pull request #426 from hildenjohannes/main. [Alexandre Dulaunoy]
|
||
|
||
Recorded Future module: Add proxy support and User-Agent header
|
||
|
||
* Add proxy support and User-Agent header. [johannesh]
|
||
|
||
* Merge pull request #425 from elhoim/elhoim-patch-1. [Alexandre Dulaunoy]
|
||
|
||
Disable correlation for detection-ratio attribute in virustotal.py
|
||
|
||
* Disable correlation for detection-ratio in virustotal.py. [David André]
|
||
|
||
* Merge pull request #422 from trustar/feat/EN-5047/MISP-manual-update. [Alexandre Dulaunoy]
|
||
|
||
Feat/en 5047/misp manual update
|
||
|
||
* Merge branch 'main' into feat/EN-5047/MISP-manual-update. [Jesse Hedden]
|
||
|
||
* Merge pull request #420 from hildenjohannes/main. [Alexandre Dulaunoy]
|
||
|
||
Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b969…
|
||
|
||
* Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b9694a1627fc. [johannesh]
|
||
|
||
* Merge pull request #417 from trustar/feat/EN-4664/trustar-misp. [Alexandre Dulaunoy]
|
||
|
||
Feat/en 4664/trustar misp
|
||
|
||
* Added description to readme. [Jesse Hedden]
|
||
|
||
* Merge branch 'master' of github.com:trustar/misp-modules into feat/EN-4664/trustar-misp. [Jesse Hedden]
|
||
|
||
* Removed obsoleted module name. [Jesse Hedden]
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge pull request #416 from hildenjohannes/main. [Alexandre Dulaunoy]
|
||
|
||
Add Recorded Future module documentation
|
||
|
||
* Improve wording. [johannesh]
|
||
|
||
* Add Recorded Future module documentation. [johannesh]
|
||
|
||
* Add: Specific error message for misp_standard format expansion modules. [chrisr3d]
|
||
|
||
- Checking if the input format is respected and
|
||
displaying an error message if it is not
|
||
|
||
* Merge pull request #415 from hildenjohannes/main. [Alexandre Dulaunoy]
|
||
|
||
Add Recorded Future expansion module
|
||
|
||
* Add Recorded Future expansion module. [johannesh]
|
||
|
||
* Added comments. [Jesse Hedden]
|
||
|
||
* Added comments. [Jesse Hedden]
|
||
|
||
* Added comments. [Jesse Hedden]
|
||
|
||
* Added error checking. [Jesse Hedden]
|
||
|
||
* Updating to include metadata and alter type of trustar link generated. [Jesse Hedden]
|
||
|
||
* Merge pull request #1 from trustar/feat/EN-4664/trustar-misp. [Jesse Hedden]
|
||
|
||
Feat/en 4664/trustar misp
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d]
|
||
|
||
* Merge pull request #411 from JakubOnderka/vt-subdomains-fix. [Alexandre Dulaunoy]
|
||
|
||
fix: [virustotal] Subdomains is optional in VT response
|
||
|
||
* Merge remote-tracking branch 'origin' into main. [chrisr3d]
|
||
|
||
* Add: Trustar python library added to Pipfile. [chrisr3d]
|
||
|
||
* Merge branch 'trustar-feat/EN-4664/trustar-misp' [chrisr3d]
|
||
|
||
* Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp. [chrisr3d]
|
||
|
||
* Removed obsolete file. [Jesse Hedden]
|
||
|
||
* Corrected variable name. [Jesse Hedden]
|
||
|
||
* Fixed indent. [Jesse Hedden]
|
||
|
||
* Fixed incorrect attribute name. [Jesse Hedden]
|
||
|
||
* Fixed metatag; convert summaries generator to list for error handling. [Jesse Hedden]
|
||
|
||
* Added strip to remove potential whitespace. [Jesse Hedden]
|
||
|
||
* Removed extra parameter. [Jesse Hedden]
|
||
|
||
* Added try/except for TruSTAR API errors and additional comments. [Jesse Hedden]
|
||
|
||
* Added comments and increased page size to max for get_indicator_summaries. [Jesse Hedden]
|
||
|
||
* Uploaded TruSTAR logo. [Jesse Hedden]
|
||
|
||
* Updated client metatag and version. [Jesse Hedden]
|
||
|
||
* Added module documentation. [Jesse Hedden]
|
||
|
||
* Added client metatag to trustar client. [Jesse Hedden]
|
||
|
||
* Ready for code review. [Jesse Hedden]
|
||
|
||
* WIP: initial push. [Jesse Hedden]
|
||
|
||
* Initial commit. not a working product. need to create a class to manage the MISP event and TruStar client. [Jesse Hedden]
|
||
|
||
* Merge pull request #381 from MISP/new_module. [Christian Studer]
|
||
|
||
New module for MALWAREbazaar
|
||
|
||
* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge pull request #407 from JakubOnderka/patch-3. [Alexandre Dulaunoy]
|
||
|
||
fix: [circl_passivessl] Return proper error for IPv6 addresses
|
||
|
||
* Merge pull request #406 from JakubOnderka/ip-port. [Alexandre Dulaunoy]
|
||
|
||
new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port
|
||
|
||
* Merge pull request #405 from JakubOnderka/patch-2. [Alexandre Dulaunoy]
|
||
|
||
fix: [circl_passivedns] Return not found error
|
||
|
||
* Merge pull request #402 from MISP/dependabot/pip/httplib2-0.18.0. [Alexandre Dulaunoy]
|
||
|
||
build(deps): bump httplib2 from 0.17.0 to 0.18.0
|
||
|
||
* Build(deps): bump httplib2 from 0.17.0 to 0.18.0. [dependabot[bot]]
|
||
|
||
Bumps [httplib2](https://github.com/httplib2/httplib2) from 0.17.0 to 0.18.0.
|
||
- [Release notes](https://github.com/httplib2/httplib2/releases)
|
||
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG)
|
||
- [Commits](https://github.com/httplib2/httplib2/compare/v0.17.0...v0.18.0)
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge pull request #395 from SteveClement/master. [Steve Clement]
|
||
|
||
chg: [deps] pyfaup seems to be required but not installed
|
||
|
||
* Merge pull request #393 from vmray-labs/update-vmray-module. [Alexandre Dulaunoy]
|
||
|
||
Update vmray_submit module
|
||
|
||
* Update vmray_submit. [Matthias Meidinger]
|
||
|
||
The submit module hat some smaller issues with the reanalyze flag.
|
||
The source for the enrichment object has been changed and the robustness
|
||
of user supplied config parsing improved.
|
||
|
||
* Merge pull request #388 from Golbark/censys_expansion. [Christophe Vandeplas]
|
||
|
||
new: usr: Censys Expansion module
|
||
|
||
* Fix variable issue in the loop. [Golbark]
|
||
|
||
* Adding support for more input types, including multi-types. [Golbark]
|
||
|
||
* Add: Added documentation for the latest new modules. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #380 from JakubOnderka/patch-1. [Christian Studer]
|
||
|
||
csvimport: Return error if input is not valid UTF-8
|
||
|
||
* Csvimport: Return error if input is not valid UTF-8. [Jakub Onderka]
|
||
|
||
* Merge pull request #379 from cudeso/master. [Alexandre Dulaunoy]
|
||
|
||
Cytomic Orion MISP Module
|
||
|
||
* Documentation for Cytomic Orion. [Koen Van Impe]
|
||
|
||
* Update __init__ [Koen Van Impe]
|
||
|
||
* Make Travis (a little bit) happy. [Koen Van Impe]
|
||
|
||
* Cytomic Orion MISP Module. [Koen Van Impe]
|
||
|
||
An expansion module to enrich attributes in MISP and share indicators
|
||
of compromise with Cytomic Orion
|
||
|
||
* Merge pull request #377 from 0xbennyv/master. [Alexandre Dulaunoy]
|
||
|
||
Added SophosLabs Intelix as expansion module
|
||
|
||
* Removed Unused Import. [bennyv]
|
||
|
||
* Fixed handler error handling for missing config. [bennyv]
|
||
|
||
* Fixed formatting in README.md. [bennyv]
|
||
|
||
* Updated the README.md for SOPHOSLabs Intelix. [bennyv]
|
||
|
||
* Initial Build of SOPHOSLabs Intelix Product. [bennyv]
|
||
|
||
* Merge pull request #374 from M0un/projet-m2-oun-gindt. [Christian Studer]
|
||
|
||
Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No…
|
||
|
||
* Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls. [Mathilde Oun et Vincent Gindt]
|
||
|
||
* Merge pull request #373 from seanthegeek/patch-1. [Christian Studer]
|
||
|
||
Create missing __init__.py for _ransomcoindb
|
||
|
||
* Revert change inteded for other patch. [Sean Whalen]
|
||
|
||
* Install cmake to build faup. [Sean Whalen]
|
||
|
||
* Create __init__.py. [Sean Whalen]
|
||
|
||
* Merge pull request #371 from GlennHD/master. [Christian Studer]
|
||
|
||
Added GeoIP_City and GeoIP_ASN Database Modules
|
||
|
||
* Update geoip_asn.py. [GlennHD]
|
||
|
||
* Update geoip_city.py. [GlennHD]
|
||
|
||
* Added geoip_asn and geoip_city to load. [GlennHD]
|
||
|
||
* Added GeoIP_ASN Enrichment module. [GlennHD]
|
||
|
||
* Added GeoIP_City Enrichment module. [GlennHD]
|
||
|
||
* Added GeoIP City and GeoIP ASN Info. [GlennHD]
|
||
|
||
* Merge pull request #370 from JakubOnderka/vt-query-sha512. [Alexandre Dulaunoy]
|
||
|
||
fix: [VT] Disable SHA512 query for VT
|
||
|
||
* Merge pull request #368 from andurin/lastline_verifyssl. [Christian Studer]
|
||
|
||
Lastline verify_ssl option
|
||
|
||
* Lastline verify_ssl option. [Hendrik]
|
||
|
||
Helps people with on-prem boxes
|
||
|
||
|
||
## v2.4.121 (2020-02-06)
|
||
|
||
### Fix
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* [tests] Fixed BGP raking module test. [chrisr3d]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #367 from joesecurity/master. [Christian Studer]
|
||
|
||
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
|
||
|
||
* Joe: (1) allow users to disable PE object import (2) set 'to_ids' to False. [Georg Schölly]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #365 from ostefano/analysis. [Alexandre Dulaunoy]
|
||
|
||
change: migrate to analysis API when submitting files to Lastline
|
||
|
||
* Change: migrate to analysis API when submitting tasks to Lastline. [Stefano Ortolani]
|
||
|
||
* Merge pull request #364 from cudeso/master. [Christian Studer]
|
||
|
||
2nd fix for VT Public module
|
||
|
||
* 2nd fix for VT Public module. [Koen Van Impe]
|
||
|
||
* Fix error message in Public VT module. [Koen Van Impe]
|
||
|
||
|
||
## v2.4.120 (2020-01-21)
|
||
|
||
### New
|
||
|
||
* Updated ipasn and added vt_graph documentation. [chrisr3d]
|
||
|
||
* Enrichment module for querying APIVoid with domain attributes. [chrisr3d]
|
||
|
||
### Changes
|
||
|
||
* Making ipasn module return asn object(s) [chrisr3d]
|
||
|
||
- Latest changes on the returned value as string
|
||
broke the freetext parser, because no asn number
|
||
could be parsed when we return the full json
|
||
blob as a freetext attribute
|
||
- Now returning asn object(s) with a reference to
|
||
the initial attribute
|
||
|
||
* Bumped pipfile.lock with up-to-date libraries and new vt_graph_api library requirement. [chrisr3d]
|
||
|
||
* Checking attributes category. [chrisr3d]
|
||
|
||
- We check the category before adding the
|
||
attribute to the event
|
||
- Checking if the category is correct and if not,
|
||
doing a case insensitive check
|
||
- If the category is not correct after the 2 first
|
||
tests, we simply delete it from the attribute
|
||
and pymisp will give the attribute a default
|
||
category value based on the atttribute type, at
|
||
the creation of the attribute
|
||
|
||
* Regenerated the modules documentation following the latest changes. [chrisr3d]
|
||
|
||
* Updated documentation following the latest changes on the passive dns module. [chrisr3d]
|
||
|
||
* Made circl_passivedns module able to return MISP objects. [chrisr3d]
|
||
|
||
* Updated documentation following the latest changes on the passive ssl module. [chrisr3d]
|
||
|
||
* Made circl_passivessl module able to return MISP objects. [chrisr3d]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Install faup in travis. [Raphaël Vinot]
|
||
|
||
* Deactive emails tests, need update. [Raphaël Vinot]
|
||
|
||
* Update email import module, support objects. [Raphaël Vinot]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
### Fix
|
||
|
||
* Fixed ipasn test input format + module version updated. [chrisr3d]
|
||
|
||
* Updated ipasn test following the latest changes on the module. [chrisr3d]
|
||
|
||
* Typo. [chrisr3d]
|
||
|
||
* Fixed vt_graph imports. [chrisr3d]
|
||
|
||
* Fixed pep8 in the new module and related libraries. [chrisr3d]
|
||
|
||
* Fixed typo on function import. [chrisr3d]
|
||
|
||
* [doc] Added APIVoid logo. [chrisr3d]
|
||
|
||
* Making pep8 happy with whitespace after ':' [chrisr3d]
|
||
|
||
* [tests] With values, tests are always better ... [chrisr3d]
|
||
|
||
* [tests] Fixed copy paste issue. [chrisr3d]
|
||
|
||
* [tests] Fixed error catching in passive dns and ssl modules. [chrisr3d]
|
||
|
||
* [tests] Avoiding issues with btc addresses. [chrisr3d]
|
||
|
||
* Making pep8 happy by having spaces around '+' operators. [chrisr3d]
|
||
|
||
* [tests] Added missing variable. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Missing dependency in travis. [Raphaël Vinot]
|
||
|
||
* Properly install pymisp with file object dependencies. [Raphaël Vinot]
|
||
|
||
* Quick variable name fix. [chrisr3d]
|
||
|
||
* OTX tests were failing, new entry. [Raphaël Vinot]
|
||
|
||
* Somewhat broken emails needed some love. [Raphaël Vinot]
|
||
|
||
* MIssing parameter in skip. [Raphaël Vinot]
|
||
|
||
* Missing pushd. [Raphaël Vinot]
|
||
|
||
* Missing sudo. [Raphaël Vinot]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #361 from VirusTotal/master. [Christian Studer]
|
||
|
||
add vt_graph export module
|
||
|
||
* Add vt-graph-api to the requirements. [Alvaro Garcia]
|
||
|
||
* Add vt_graph export module. [Alvaro Garcia]
|
||
|
||
* Merge pull request #360 from ec4n6/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Fix ipasn.py bug
|
||
|
||
* Update ipasn.py. [Erick Cheng]
|
||
|
||
* Add: Documentation for the new API Void module. [chrisr3d]
|
||
|
||
* Add: [tests] Test case for the APIVoid module. [chrisr3d]
|
||
|
||
* Revert "fix: [tests] Fixed copy paste issue" [chrisr3d]
|
||
|
||
This reverts commit fd711475dd84749063f9ff15961453f90c804101.
|
||
|
||
* Add: Test cases for reworked passive dns and ssl modules. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
|
||
## v2.4.119 (2019-12-03)
|
||
|
||
### Changes
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Use MISPObject in ransomcoindb. [Raphaël Vinot]
|
||
|
||
* Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Fixed AssemblyLine input description. [chrisr3d]
|
||
|
||
* Fixed input types list since domain should not be submitted to AssemblyLine. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Added missing AssemblyLine logo. [chrisr3d]
|
||
|
||
* Avoiding KeyError exception when no result is found. [chrisr3d]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #356 from ostefano/lastline. [Alexandre Dulaunoy]
|
||
|
||
add: Modules to query/import/submit data from/to Lastline
|
||
|
||
* Add: Modules to query/import/submit data from/to Lastline. [Stefano Ortolani]
|
||
|
||
* Revert "Merge pull request #341 from StefanKelm/master" [Raphaël Vinot]
|
||
|
||
This reverts commit 1df0d9152ed3346a9432393177c89e137bfc0c64, reversing
|
||
changes made to 6042619c6b7fb40fd77b5328f933e67e839e1e83.
|
||
|
||
This PR was a fixing a typo in a test case. The typo is in a 3rd party
|
||
service.
|
||
|
||
* Merge pull request #341 from StefanKelm/master. [Raphaël Vinot]
|
||
|
||
Update test_expansions.py
|
||
|
||
* Update test_expansions.py. [StefanKelm]
|
||
|
||
Tiniest of typos
|
||
|
||
* Merge branch 'aaronkaplan-master' [Raphaël Vinot]
|
||
|
||
* Oops , use relative import. [aaronkaplan]
|
||
|
||
* Use a helpful user-agent string. [aaronkaplan]
|
||
|
||
* Final url fix. [aaronkaplan]
|
||
|
||
* Revert "fix url" [aaronkaplan]
|
||
|
||
This reverts commit 44130e2bf9842c03fb80245b90a873917b56df74.
|
||
|
||
* Revert "fix url again" [aaronkaplan]
|
||
|
||
This reverts commit c5924aee2543b268b296a57096e636261676b63c.
|
||
|
||
* Fix url again. [aaronkaplan]
|
||
|
||
* Fix url. [aaronkaplan]
|
||
|
||
* Mention the ransomcoindb in the README file as a new module. [aaronkaplan]
|
||
|
||
* Remove pprint. [aaronkaplan]
|
||
|
||
* Initial version of the ransomcoindb expansion module. [aaronkaplan]
|
||
|
||
* Merge pull request #352 from aaronkaplan/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Update README.md
|
||
|
||
* Update README.md. [AaronK]
|
||
|
||
fixes #351
|
||
|
||
* Add: Added documentation for the AssemblyLine query module. [chrisr3d]
|
||
|
||
* Add: Module to query AssemblyLine and parse the results. [chrisr3d]
|
||
|
||
- Takes an AssemblyLine submission link to query
|
||
the API and get the full submission report
|
||
- Parses the potentially malicious files and the
|
||
IPs, domains or URLs they are connecting to
|
||
- Possible improvement of the parsing filters in
|
||
order to include more data in the MISP event
|
||
|
||
* Add: Added documentation and description in readme for the AssemblyLine submit module. [chrisr3d]
|
||
|
||
* Add: Updated python dependencies to include the assemblyline_client library. [chrisr3d]
|
||
|
||
* Add: New expansion module to submit samples and urls to AssemblyLine. [chrisr3d]
|
||
|
||
|
||
## v2.4.118 (2019-11-08)
|
||
|
||
### Changes
|
||
|
||
* Using EQL module description from blaverick62. [chrisr3d]
|
||
|
||
* [test expansion] Enhanced results parsing. [chrisr3d]
|
||
|
||
* [travis] skip E226 as it's more a question of style. [Alexandre Dulaunoy]
|
||
|
||
* [apiosintds] make flake8 happy. [Alexandre Dulaunoy]
|
||
|
||
* [Pipfile] apiosintDS added as required by new module. [Alexandre Dulaunoy]
|
||
|
||
* [env] Pipfile updated. [Alexandre Dulaunoy]
|
||
|
||
* [pipenv] updated. [Alexandre Dulaunoy]
|
||
|
||
* Avoids returning empty values + easier results parsing. [chrisr3d]
|
||
|
||
* Taking into consideration if a user agent is specified in the module configuration. [chrisr3d]
|
||
|
||
* Updated csv import documentation. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* Fixed csv file parsing. [chrisr3d]
|
||
|
||
* Fixed Xforce Exchange authentication + rework. [chrisr3d]
|
||
|
||
- Now able to return MISP objects
|
||
- Support of the xforce exchange authentication
|
||
with apikey & apipassword
|
||
|
||
* Added urlscan & secuirtytrails modules in __init__ list. [chrisr3d]
|
||
|
||
* Avoiding empty config error on passivetotal module. [chrisr3d]
|
||
|
||
* More clarity on the exception raised on the securitytrails module. [chrisr3d]
|
||
|
||
* Better exceptions handling on the passivetotal module. [chrisr3d]
|
||
|
||
* Fixed results parsing for various module tests. [chrisr3d]
|
||
|
||
* Fixed variable name. [chrisr3d]
|
||
|
||
* Bumped Pipfile.lock with the latest libraries versions. [chrisr3d]
|
||
|
||
* Fixed config parsing and the associated error message. [chrisr3d]
|
||
|
||
* Fixed config parsing + results parsing. [chrisr3d]
|
||
|
||
- Avoiding errors with config field when it is
|
||
empty or the apikey is not set
|
||
- Parsing all the results instead of only the
|
||
first one
|
||
|
||
* Fixed VT results. [chrisr3d]
|
||
|
||
* Making urlscan module available in MISP for ip attributes. [chrisr3d]
|
||
|
||
- As expected in the the handler function
|
||
|
||
* Avoiding various modules to fail with uncritical issues. [chrisr3d]
|
||
|
||
- Avoiding securitytrails to fail with an unavailable
|
||
feature for free accounts
|
||
- Avoiding urlhaus to fail with input attribute
|
||
fields that are not critical for the query and
|
||
results
|
||
- Avoiding VT modules to fail when a certain
|
||
resource does not exist in the dataset
|
||
|
||
* Fixed config field parsing for various modules. [chrisr3d]
|
||
|
||
- Same as previous commit
|
||
|
||
* [expansion] Better config field handling for various modules. [chrisr3d]
|
||
|
||
- Testing if config is present before trying to
|
||
look whithin the config field
|
||
- The config field should be there when the module
|
||
is called form MISP, but it is not always the
|
||
case when the module is queried from somewhere else
|
||
|
||
* [test expansion] Using CVE with lighter results. [chrisr3d]
|
||
|
||
* Avoid issues when some config fields are not set. [chrisr3d]
|
||
|
||
* Updated pipfile.lock with the correct geoip2 library info. [chrisr3d]
|
||
|
||
* Fixed requirements for pymisp and geoip python libraries. [chrisr3d]
|
||
|
||
* Fixed Geoip with the supported python library + fixed Geolite db path management. [chrisr3d]
|
||
|
||
* Removed unused self param turning the associated functions into static methods. [chrisr3d]
|
||
|
||
* Updates following the latest CVE-search version. [chrisr3d]
|
||
|
||
- Support of the new vulnerable configuration
|
||
field for CPE version > 2.2
|
||
- Support of different 'unknown CWE' message
|
||
|
||
* Fixed module names with - to avoid errors with python paths. [chrisr3d]
|
||
|
||
* Fixed tesseract python library issues. [Christian Studer]
|
||
|
||
- Avoiding 'tesseract is not installed or it's not in your path' issues
|
||
|
||
* Using absolute path to open files instead of relative path. [chrisr3d]
|
||
|
||
* Removed unused import\ [chrisr3d]
|
||
|
||
* Handling issues when the otx api is queried too often in a short time. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Avoiding empty values + Fixed empty types error + Fixed filename KeyError. [chrisr3d]
|
||
|
||
* Fixed ThreatMiner results parsing. [chrisr3d]
|
||
|
||
* Catching wikidata errors properly + fixed errors parsing. [chrisr3d]
|
||
|
||
* Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true. [chrisr3d]
|
||
|
||
* Handling errors and exceptions for expansion modules tests that could fail due to a connection error. [chrisr3d]
|
||
|
||
* Considering the case of empty results. [chrisr3d]
|
||
|
||
* Catching results exceptions properly. [chrisr3d]
|
||
|
||
* Catching exceptions and results properly depending on the cases. [chrisr3d]
|
||
|
||
* Handling cases where there is no result from the query. [chrisr3d]
|
||
|
||
* DBL spamhaus test. [chrisr3d]
|
||
|
||
* Quick typo & dbl spamhaus test fixes. [chrisr3d]
|
||
|
||
* Fixed pattern parsing + made the module hover only. [chrisr3d]
|
||
|
||
* Travis tests should be happy now. [chrisr3d]
|
||
|
||
* Copy paste syntax error. [chrisr3d]
|
||
|
||
* Fixed greynoise test following the latest changes on the module. [chrisr3d]
|
||
|
||
* Returning results in text format. [chrisr3d]
|
||
|
||
- Makes the hover functionality display the full
|
||
result instead of skipping the records list
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Avoiding errors with uncommon lines. [chrisr3d]
|
||
|
||
- Excluding first from data parsed all lines that
|
||
are comments or empty
|
||
- Skipping lines with failing indexes
|
||
|
||
* Fixed unassigned variable name. [chrisr3d]
|
||
|
||
* Removed no longer used variables. [chrisr3d]
|
||
|
||
* Csv import rework & improvement. [chrisr3d]
|
||
|
||
- More efficient parsing
|
||
- Support of multiple csv formats
|
||
- Possibility to customise headers
|
||
- More improvement to come for external csv file
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* [tests] Fixed tests to avoid config issues with the cve module. [chrisr3d]
|
||
|
||
- Config currently empty in the module, but being
|
||
updated soon with a pending pull request
|
||
|
||
### Other
|
||
|
||
* Add: Updated documentation with the EQL export module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:blaverick62/misp-modules. [chrisr3d]
|
||
|
||
* Added documentation json for new modules. [Braden Laverick]
|
||
|
||
* Updated README to include EQL modules. [Braden Laverick]
|
||
|
||
* Add: Xforce Exchange module tests. [chrisr3d]
|
||
|
||
* Merge pull request #347 from MISP/tests. [Christian Studer]
|
||
|
||
More advanced expansion tests
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Add: Updated documentation with the latest modules info. [chrisr3d]
|
||
|
||
* Updated README with new modules and fixed some links. [chrisr3d]
|
||
|
||
* Add: Added test for vulners module. [chrisr3d]
|
||
|
||
* Add: Added qrcode module test with its test image. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge pull request #346 from blaverick62/master. [Alexandre Dulaunoy]
|
||
|
||
EQL Query Generation Modules
|
||
|
||
* Removed extraneous comments and unused imports. [Braden Laverick]
|
||
|
||
* Fixed python links. [Braden Laverick]
|
||
|
||
* Changed file name to mass eql export. [Braden Laverick]
|
||
|
||
* Fixed comments. [Braden Laverick]
|
||
|
||
* Added ors for compound queries. [Braden Laverick]
|
||
|
||
* Fixed syntax error. [Braden Laverick]
|
||
|
||
* Changed to single attribute EQL. [Braden Laverick]
|
||
|
||
* Added EQL enrichment module. [Braden Laverick]
|
||
|
||
* Fixed string formatting. [Braden Laverick]
|
||
|
||
* Fixed type error in JSON parsing. [Braden Laverick]
|
||
|
||
* Attempting to import endgame module. [Braden Laverick]
|
||
|
||
* Added endgame export to __all__ [Braden Laverick]
|
||
|
||
* Added EQL export test module. [Braden Laverick]
|
||
|
||
* Add: [test expansion] Added various tests for modules with api authentication. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Add: [test expansion] New modules tests. [chrisr3d]
|
||
|
||
- Starting testing some modules with api keys
|
||
- Testing new apiosintDS module
|
||
|
||
* Merge pull request #344 from davidonzo/master. [Alexandre Dulaunoy]
|
||
|
||
Added apiosintDS module to query OSINT.digitalside.it services
|
||
|
||
* Added apiosintDS module to query OSINT.digitalside.it services. [Davide]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #345 from 0xmilkmix/fix_geoip2. [Alexandre Dulaunoy]
|
||
|
||
updated to geoip2 to support mmdb format
|
||
|
||
* Updated to geoip2 to support mmdb format. [milkmix]
|
||
|
||
* Add: cve_advanced module test + functions to test attributes and objects results. [chrisr3d]
|
||
|
||
* Merge pull request #342 from MISP/tests. [Christian Studer]
|
||
|
||
More expansion tests
|
||
|
||
* Merge branch 'tests' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Add: Tests for all the office, libreoffice, pdf & OCR enrich modules. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Add: threatminer module test. [chrisr3d]
|
||
|
||
* Add: Tests for expansion modules with different input types. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #339 from MISP/tests. [Christian Studer]
|
||
|
||
Expansion modules tests update
|
||
|
||
* Add: Added tests for the rest of the easily testable expansion modules. [chrisr3d]
|
||
|
||
- More tests for more complex modules to come soon
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge branch 'tests' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Add: Tests for sigma queries and syntax validator modules. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d]
|
||
|
||
* Add: More modules tested. [chrisr3d]
|
||
|
||
* Add: Added tests for some expansion modules without API key required. [chrisr3d]
|
||
|
||
- More tests to come
|
||
|
||
* Merge pull request #338 from MISP/features_csvimport. [Christian Studer]
|
||
|
||
Fixed the CSV import module
|
||
|
||
* Merge pull request #335 from FafnerKeyZee/patch-2. [Christian Studer]
|
||
|
||
Travis should not be complaining with the tests after the latest update on "test_cve"
|
||
|
||
* Adding custom API. [Fafner [_KeyZee_]]
|
||
|
||
Adding the possibility to have our own API server.
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #334 from FafnerKeyZee/patch-1. [Alexandre Dulaunoy]
|
||
|
||
Cleaning the error message
|
||
|
||
* Cleaning the error message. [Fafner [_KeyZee_]]
|
||
|
||
The original message can be confusing is the user change to is own API.
|
||
|
||
|
||
## v2.4.116 (2019-09-17)
|
||
|
||
### Other
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #329 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy]
|
||
|
||
Update mkdocs documentation
|
||
|
||
* Fixing Install.md. [8ear]
|
||
|
||
* Fix Install.md. [8ear]
|
||
|
||
* Change Install documentation. [8ear]
|
||
|
||
* Merge pull request #328 from 8ear/8ear-add-docker-capabilitites. [Alexandre Dulaunoy]
|
||
|
||
Add Docker Capabilitites
|
||
|
||
* Add .travis.yml command for docker build. [8ear]
|
||
|
||
* Merge github.com:MISP/misp-modules into 8ear-add-docker-capabilitites. [8ear]
|
||
|
||
* Disable not required package virtualenv for final stage. [8ear]
|
||
|
||
* Fix entrypoint bug. [8ear]
|
||
|
||
* Improve the Dockerfile. [8ear]
|
||
|
||
* Add Dockerfile, Entrypoint and Healthcheck script. [8ear]
|
||
|
||
* Update install doc. [8ear]
|
||
|
||
* Bugfixing for MISP-modules. [8ear]
|
||
|
||
* Add: New parameter to specify a custom CVE API to query. [chrisr3d]
|
||
|
||
- Any API specified here must return the same
|
||
format as the CIRCL CVE search one in order to
|
||
be supported by the parsing functions, and
|
||
ideally provide response to the same kind of
|
||
requests (so the CWE search works as well)
|
||
|
||
|
||
## v2.4.114 (2019-08-30)
|
||
|
||
### Changes
|
||
|
||
* [cuckooimport] Handle archives downloaded from both the WebUI and the API. [Pierre-Jean Grenier]
|
||
|
||
### Fix
|
||
|
||
* Prevent symlink attacks. [Pierre-Jean Grenier]
|
||
|
||
* Have I been pwned API changed again. [Raphaël Vinot]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #327 from zaphodef/cuckooimport. [Alexandre Dulaunoy]
|
||
|
||
fix: prevent symlink attacks
|
||
|
||
* Merge pull request #326 from zaphodef/cuckooimport. [Alexandre Dulaunoy]
|
||
|
||
chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API
|
||
|
||
|
||
## v2.4.113 (2019-08-19)
|
||
|
||
### New
|
||
|
||
* Rewrite cuckooimport. [Pierre-Jean Grenier]
|
||
|
||
### Changes
|
||
|
||
* Update PyMISP version. [Pierre-Jean Grenier]
|
||
|
||
### Fix
|
||
|
||
* Avoiding issues when no CWE id is provided. [chrisr3d]
|
||
|
||
* Fixed unnecessary dictionary field call. [chrisr3d]
|
||
|
||
- No longer necessary to go under 'Event' field
|
||
since PyMISP does not contain it since the
|
||
latest update
|
||
|
||
### Other
|
||
|
||
* Merge pull request #322 from zaphodef/cuckooimport. [Alexandre Dulaunoy]
|
||
|
||
Rewrite cuckooimport
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Add: Added initial event to reference it from the vulnerability object created out of it. [chrisr3d]
|
||
|
||
|
||
## v2.4.112 (2019-08-02)
|
||
|
||
### New
|
||
|
||
* First version of an advanced CVE parser module. [chrisr3d]
|
||
|
||
- Using cve.circl.lu as well as the initial module
|
||
- Going deeper into the CVE parsing
|
||
- More parsing to come with the CWE, CAPEC and so on
|
||
|
||
### Changes
|
||
|
||
* [docs] add additional references. [Alexandre Dulaunoy]
|
||
|
||
* [travis] revert. [Alexandre Dulaunoy]
|
||
|
||
* [travis] github token. [Alexandre Dulaunoy]
|
||
|
||
* [travis] mkdocs disabled for the time being. [Alexandre Dulaunoy]
|
||
|
||
* [doc] Fix #317 - update the link to the latest version of the training. [Alexandre Dulaunoy]
|
||
|
||
* [doc] README updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* [docs] symbolic link removed. [Alexandre Dulaunoy]
|
||
|
||
* [docs] add logos symbolic link. [Alexandre Dulaunoy]
|
||
|
||
* Add print to figure out what's going on on travis. [Raphaël Vinot]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Updated the module to work with the updated VirusTotal API. [chrisr3d]
|
||
|
||
- Parsing functions updated to support the updated
|
||
format of the VirusTotal API responses
|
||
- The module can now return objects
|
||
- /!\ This module requires a high number of
|
||
requests limit rate to work as expected /!\
|
||
|
||
* Adding references between a domain and their siblings. [chrisr3d]
|
||
|
||
* Getting domain siblings attributes uuid for further references. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* Using the attack-pattern object template (copy-paste typo) [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Fixed cvss-score object relation name. [chrisr3d]
|
||
|
||
* Avoid issues when there is no pe field in a windows file sample analysis. [chrisr3d]
|
||
|
||
- For instance: doc file
|
||
|
||
* Avoid adding file object twice if a KeyError exception comes for some unexpected reasons. [chrisr3d]
|
||
|
||
* Testing if file & registry activities fields exist before trying to parse it. [chrisr3d]
|
||
|
||
* Testing if there is some screenshot data before trying to fetch it. [chrisr3d]
|
||
|
||
* Fixed direction of the relationship between files, PEs and their sections. [chrisr3d]
|
||
|
||
- The file object includes a PE, and the PE
|
||
includes sections, not the other way round
|
||
|
||
* Fixed variable names. [chrisr3d]
|
||
|
||
* Wrong change in last commit. [Raphaël Vinot]
|
||
|
||
* Skip tests on haveibeenpwned.com if 403. Make pep8 happy. [Raphaël Vinot]
|
||
|
||
* Changed the way references added at the end are saved. [chrisr3d]
|
||
|
||
- Some references are saved until they are added
|
||
at the end, to make it easier when needed
|
||
- Here we changed the way they are saved, from a
|
||
dictionary with some keys to identify each part
|
||
to the actual dictionary with the keys the
|
||
function add_reference needs, so we can directly
|
||
use this dictionary as is when the references are
|
||
added to the different objects
|
||
|
||
* Fixed link in documentation. [chrisr3d]
|
||
|
||
* Avoiding issues with non existing sample types. [chrisr3d]
|
||
|
||
* Undetected urls are represented in lists. [chrisr3d]
|
||
|
||
* Changed function name to avoid confusion with the same variable name. [chrisr3d]
|
||
|
||
* Quick fix on siblings & url parsing. [chrisr3d]
|
||
|
||
* Typo. [chrisr3d]
|
||
|
||
* Parsing detected & undetected urls. [chrisr3d]
|
||
|
||
* Various fixes about typo, variable names, data types and so on. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
### Other
|
||
|
||
* Merge pull request #319 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy]
|
||
|
||
Add `make deploy` to Makefile
|
||
|
||
* Added docker and non-docker make commands. [8ear]
|
||
|
||
* Add `make deploy` [8ear]
|
||
|
||
* Merge pull request #318 from chrisr3d/master. [Christian Studer]
|
||
|
||
Updated cve_advanced module to parse CWE and CAPEC data related to the CVE
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Add: Making vulnerability object reference to its related capec & cwe objects. [chrisr3d]
|
||
|
||
* Add: Parsing CAPEC information related to the CVE. [chrisr3d]
|
||
|
||
* Add: Parsing CWE related to the CVE. [chrisr3d]
|
||
|
||
* Merge pull request #316 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy]
|
||
|
||
Add web documentation via mkdocs
|
||
|
||
* Fix Bugs. [8ear]
|
||
|
||
* Fix Fossa in index.md. [8ear]
|
||
|
||
* Delete unused file. [8ear]
|
||
|
||
* Change mkdocs deploy method. [8ear]
|
||
|
||
* Change index.md. [8ear]
|
||
|
||
* Merge branch 'master' into 8ear-add-mkdocs-documentation. [Max H]
|
||
|
||
* Add: Parsing linux samples and their elf data. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Add: Parsing apk samples and their permissions. [chrisr3d]
|
||
|
||
* Add: Added virustotal_public to the list of available modules. [chrisr3d]
|
||
|
||
* Add: TODO comment for the next improvement. [chrisr3d]
|
||
|
||
* Add: [documentation] Updated README and documentation with the virustotal modules changes. [chrisr3d]
|
||
|
||
* Add: Parsing communicating samples returned by domain reports. [chrisr3d]
|
||
|
||
* Add: Parsing downloaded samples as well as the referrer ones. [chrisr3d]
|
||
|
||
* Add: Object for VirusTotal public API queries. [chrisr3d]
|
||
|
||
- Lighter analysis of the report to avoid reaching
|
||
the limit of queries per minute while recursing
|
||
on the different elements
|
||
|
||
* Add: Updated README file with the new module description. [chrisr3d]
|
||
|
||
* Change contribute.md. [8ear]
|
||
|
||
* Update index.md. [8ear]
|
||
|
||
* Add mkdocs as a great web documentation. [8ear]
|
||
|
||
* Merge pull request #1 from fossabot/master. [Max H]
|
||
|
||
Add license scan report and status
|
||
|
||
* Add license scan report and status. [fossabot]
|
||
|
||
|
||
## v2.4.110 (2019-07-08)
|
||
|
||
### New
|
||
|
||
* [doc] Joe Sandbox added in the list. [Alexandre Dulaunoy]
|
||
|
||
* Expansion module to query urlhaus API. [chrisr3d]
|
||
|
||
- Using the next version of modules, taking a
|
||
MISP attribute as input and able to return
|
||
attributes and objects
|
||
- Work still in process in the core part
|
||
|
||
### Changes
|
||
|
||
* [documentation] Making URLhaus visible from the github page. [chrisr3d]
|
||
|
||
- Because of the white color, the logo was not
|
||
visible at all
|
||
|
||
* Moved JoeParser class to make it reachable from expansion & import modules. [chrisr3d]
|
||
|
||
* [install] REQUIREMENTS file updated. [Alexandre Dulaunoy]
|
||
|
||
* [install] Pipfile.lock updated. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] Python API wrapper for the Joe Sandbox API added. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* [pep8] try/except # noqa. [Steve Clement]
|
||
|
||
Not sure how to make flake happy on this one.
|
||
|
||
* Updated csvimport to support files from csv export + import MISP objects. [chrisr3d]
|
||
|
||
### Fix
|
||
|
||
* Added missing add_attribute function. [chrisr3d]
|
||
|
||
* [documentation] Fixed json file name. [chrisr3d]
|
||
|
||
* [documentation] Fixed some description & logo. [chrisr3d]
|
||
|
||
* Testing if an object is not empty before adding it the the event. [chrisr3d]
|
||
|
||
* Making travis happy. [chrisr3d]
|
||
|
||
* Support of the latest version of sigmatools. [chrisr3d]
|
||
|
||
* We will display galaxies with tags. [chrisr3d]
|
||
|
||
* Returning tags & galaxies with results. [chrisr3d]
|
||
|
||
- Tags may exist with the current version of the
|
||
parser
|
||
- Galaxies are not yet expected from the parser,
|
||
nevertheless the principle is we want to return
|
||
them as well if ever we have some galaxies from
|
||
parsing a JoeSandbox report. Can be removed if
|
||
we never galaxies at all
|
||
|
||
* Removed duplicate finalize_results function call. [chrisr3d]
|
||
|
||
* Making pep8 happy + added joe_import module in the init list. [chrisr3d]
|
||
|
||
* Fixed variable name typo. [chrisr3d]
|
||
|
||
* Fixed references between domaininfo/ipinfo & their targets. [chrisr3d]
|
||
|
||
- Fixed references when no target id is set
|
||
- Fixed domaininfo parsing when no ip is defined
|
||
|
||
* Some quick fixes. [chrisr3d]
|
||
|
||
- Fixed strptime matching because months are
|
||
expressed in abbreviated format
|
||
- Made data loaded while the parsing function is
|
||
called, in case it has to be called multiple
|
||
times at some point
|
||
|
||
* Making pep8 & travis happy. [chrisr3d]
|
||
|
||
* Added references between processes and the files they drop. [chrisr3d]
|
||
|
||
* Avoiding network connection object duplicates. [chrisr3d]
|
||
|
||
* Avoid creating a signer info object when the pe is not signed. [chrisr3d]
|
||
|
||
* Avoiding dictionary indexes issues. [chrisr3d]
|
||
|
||
- Using tuples as a dictionary indexes is better
|
||
than using generators...
|
||
|
||
* Avoiding attribute & reference duplicates. [chrisr3d]
|
||
|
||
* Handling case of multiple processes in behavior field. [chrisr3d]
|
||
|
||
- Also starting parsing file activities
|
||
|
||
* Testing if some fields exist before trying to import them. [chrisr3d]
|
||
|
||
- Testing for pe itself, pe versions and pe signature
|
||
|
||
* Removed test print. [chrisr3d]
|
||
|
||
* Fixed output format to match with the recent changes on modules. [chrisr3d]
|
||
|
||
* Making pep8 happy. [chrisr3d]
|
||
|
||
* Checking not MISP header fields. [chrisr3d]
|
||
|
||
- Rejecting fields not recognizable by MISP
|
||
|
||
* Using pymisp classes & methods to parse the module results. [chrisr3d]
|
||
|
||
* Clearer user config messages displayed in the import view. [chrisr3d]
|
||
|
||
* Removed unused library. [chrisr3d]
|
||
|
||
* Make pep8 happy. [chrisr3d]
|
||
|
||
* [pep8] More fixes. [Steve Clement]
|
||
|
||
* [pep8] More pep8 happiness. [Steve Clement]
|
||
|
||
* [pep8] Fixes. [Steve Clement]
|
||
|
||
* Fixed standard MISP csv format header. [root]
|
||
|
||
- The csv header we can find in data produced from
|
||
MISP restSearch csv format is the one to use to
|
||
recognize a csv file produced by MISP
|
||
|
||
* Fixed introspection fields for csvimport & goamlimport. [root]
|
||
|
||
- Added format field for goaml so the module is
|
||
known as returning MISP attributes & objects
|
||
- Fixed introspection to make the format, user
|
||
config and input source fields visible from
|
||
MISP (format also added at the same time)
|
||
|
||
* Fixed libraries import that changed with the latest merge. [root]
|
||
|
||
* Fixed fields parsing to support files from csv export with additional context. [chrisr3d]
|
||
|
||
* Handling the case of Context included in the csv file exported from MISP. [chrisr3d]
|
||
|
||
* Fixed changes omissions in handler function. [chrisr3d]
|
||
|
||
* Fixed object_id variable name typo. [root]
|
||
|
||
* Making json_decode even happier with full json format. [chrisr3d]
|
||
|
||
- Using MISPEvent because it is cleaner & easier
|
||
- Also cleaner implementation globally
|
||
|
||
* Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part. [chrisr3d]
|
||
|
||
### Other
|
||
|
||
* Add: [documentation] Added some missing documentation for the most recently added modules. [chrisr3d]
|
||
|
||
* Add: [documentation] Added documentation for Joe Sandbox & URLhaus. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #309 from Kortho/patch-2. [Steve Clement]
|
||
|
||
changed service pointer
|
||
|
||
* Changed service pointer. [Kortho]
|
||
|
||
Changed so the service starts the modules in the venv where they are installed
|
||
|
||
* Merge pull request #308 from Kortho/patch-1. [Steve Clement]
|
||
|
||
Fixed missing dependencies for RHEL install
|
||
|
||
* Fixed missing dependencies for RHEL install. [Kortho]
|
||
|
||
Added dependencies needed for installing the python library pdftotext
|
||
|
||
* Add: Added screenshot of the behavior of the analyzed sample. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d]
|
||
|
||
* Merge pull request #307 from ninoseki/fix-missing-links. [Alexandre Dulaunoy]
|
||
|
||
Fix missing links in README.md
|
||
|
||
* Fix missing links in README.md. [Manabu Niseki]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge pull request #306 from MISP/new_module. [Alexandre Dulaunoy]
|
||
|
||
New modules able to return MISP objects
|
||
|
||
* Add: Added new modules to the list. [chrisr3d]
|
||
|
||
* Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge pull request #305 from joesecurity/new_module. [Alexandre Dulaunoy]
|
||
|
||
joesandbox_query.py: improve behavior in unexpected circumstances
|
||
|
||
* Joesandbox_query.py: improve behavior in unexpected circumstances. [Georg Schölly]
|
||
|
||
* Add: New expansion module to query Joe Sandbox API with a report link. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'joesecurity-joesandbox_submit' [Alexandre Dulaunoy]
|
||
|
||
* Merge branch 'joesandbox_submit' of https://github.com/joesecurity/misp-modules into joesecurity-joesandbox_submit. [Alexandre Dulaunoy]
|
||
|
||
* Add expansion for joe sandbox. [Georg Schölly]
|
||
|
||
* Merge pull request #304 from joesecurity/new_module. [Alexandre Dulaunoy]
|
||
|
||
add support for url analyses
|
||
|
||
* Support url analyses. [Georg Schölly]
|
||
|
||
* Improve forwards-compatibility. [Georg Schölly]
|
||
|
||
* Add: Parsing MITRE ATT&CK tactic matrix related to the Joe report. [chrisr3d]
|
||
|
||
* Add: Parsing domains, urls & ips contacted by processes. [chrisr3d]
|
||
|
||
* Add: Starting parsing dropped files. [chrisr3d]
|
||
|
||
* Add: Starting parsing network behavior fields. [chrisr3d]
|
||
|
||
* Add: Parsing registry activities under processes. [chrisr3d]
|
||
|
||
* Add: Parsing processes called by the file analyzed in the joe sandbox report. [chrisr3d]
|
||
|
||
* Add: Parsing some object references at the end of the process. [chrisr3d]
|
||
|
||
* Add: [new_module] Module to import data from Joe sandbox reports. [chrisr3d]
|
||
|
||
- Parsing file, pe and pe-section objects from the
|
||
report file info field
|
||
- Deeper file info parsing to come
|
||
- Other fields parsing to come as well
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge pull request #300 from cudeso/master. [Alexandre Dulaunoy]
|
||
|
||
Bugfix for "sources" ; do not include as IDS for "access" registry keys
|
||
|
||
* Bugfix for "sources" ; do not include as IDS for "access" registry keys. [Koen Van Impe]
|
||
|
||
- Bugfix to query "operations" in files, mutex, registry
|
||
- Do not set IDS flag for registry 'access' operations
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* New VMRay modules (#299) [Steve Clement]
|
||
|
||
New VMRay modules
|
||
|
||
* New VMRay modules. [Koen Van Impe]
|
||
|
||
New JSON output format of VMRay
|
||
Prepare for automation (via PyMISP) with workflow taxonomy tags
|
||
|
||
* Merge pull request #1 from MISP/master. [Koen Van Impe]
|
||
|
||
Sync
|
||
|
||
* Add: Added urlhaus in the expansion modules init list. [root]
|
||
|
||
* Merge branch 'new_module' of https://github.com/MISP/misp-modules into new_module. [root]
|
||
|
||
* Merge branch 'features_csvimport' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d]
|
||
|
||
* Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
* Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root]
|
||
|
||
* Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root]
|
||
|
||
* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d]
|
||
|
||
|
||
## v2.4.106 (2019-04-27)
|
||
|
||
### New
|
||
|
||
* Devel mode. [Raphaël Vinot]
|
||
|
||
Fix #293
|
||
|
||
* Modules for greynoise, haveibeenpwned and macvendors. [Raphaël Vinot]
|
||
|
||
* Add missing dependency (backscatter) [Raphaël Vinot]
|
||
|
||
* Add systemd launcher. [Raphaël Vinot]
|
||
|
||
* Intel471 module. [Raphaël Vinot]
|
||
|
||
* [btc] Very simple BTC expansion chg: [req] yara-python is preferred. [Steve Clement]
|
||
|
||
* First version of a yara rule creation expansion module. [chrisr3d]
|
||
|
||
* Documentation concerning modules explained in markdown file. [chrisr3d]
|
||
|
||
* Expansion hover module to check spamhaus DBL for a domain name. [chrisr3d]
|
||
|
||
### Changes
|
||
|
||
* [doc] install of deps updated. [Alexandre Dulaunoy]
|
||
|
||
* Bump REQUIREMENTS. [Raphaël Vinot]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* [doc] new MISP expansion modules added for PDF, OCR, DOCX, XLSX, PPTX , ODS and ODT. [Alexandre Dulaunoy]
|
||
|
||
* [init] cleanup for pep. [Alexandre Dulaunoy]
|
||
|
||
* [pdf-enrich] updated. [Alexandre Dulaunoy]
|
||
|
||
* [Pipfile] collection removed. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* [doc] Added new dependencies and updated RHEL/CentOS howto. (#295) [Steve Clement]
|
||
|
||
chg: [doc] Added new dependencies and updated RHEL/CentOS howto.
|
||
|
||
* [doc] Added new dependencies and updated RHEL/CentOS howto. [Steve Clement]
|
||
|
||
* [init] removed trailing whitespace. [Alexandre Dulaunoy]
|
||
|
||
* [ocr] re module not used - removed. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies, update REQUIREMENTS file. [Raphaël Vinot]
|
||
|
||
* [doc] cuckoo_submit module added. [Alexandre Dulaunoy]
|
||
|
||
* Require python3 instead of python 3.6. [Raphaël Vinot]
|
||
|
||
* [travis] because we all need sudo. [Alexandre Dulaunoy]
|
||
|
||
* [travis] because everyone need a bar. [Alexandre Dulaunoy]
|
||
|
||
* [doc] qrcode and Cisco FireSight added. [Alexandre Dulaunoy]
|
||
|
||
* [qrcode] add requirements. [Alexandre Dulaunoy]
|
||
|
||
* [qrcode] added to the __init__ [Alexandre Dulaunoy]
|
||
|
||
* [qrcode] flake8 needs some drugs. [Alexandre Dulaunoy]
|
||
|
||
* [qrcode] various fixes to make it PEP compliant. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
Fix CVE-2019-11324 (urllib3)
|
||
|
||
* Bump Dependencies. [Raphaël Vinot]
|
||
|
||
* [doc] Updated README to reflect current virtualenv efforts. TODO: pipenv. [Steve Clement]
|
||
|
||
* [doc] new modules added. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Bump Requirements. [Raphaël Vinot]
|
||
|
||
* [doc] asciidoctor requirement removed (new PDF module use reportlab) [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies, add update script. [Raphaël Vinot]
|
||
|
||
* [doc] PDF export. [Alexandre Dulaunoy]
|
||
|
||
* [pdfexport] make flake8 happy. [Alexandre Dulaunoy]
|
||
|
||
* [pipenv] fix the temporary issue that python-yara is not officially released. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] reportlab added. [Alexandre Dulaunoy]
|
||
|
||
* [pipenv] Pipfile.lock updated. [Alexandre Dulaunoy]
|
||
|
||
* [requirements] updated. [Alexandre Dulaunoy]
|
||
|
||
* [PyMISP] dep updated to the latest version. [Alexandre Dulaunoy]
|
||
|
||
* PyMISP requirement. [Alexandre Dulaunoy]
|
||
|
||
* [pypi] Made sure url-normalize installs less stric. [Steve Clement]
|
||
|
||
* [btc_scam_check] fix spacing for making flake 8 happy. [Alexandre Dulaunoy]
|
||
|
||
* [backscatter.io] blind fix regarding undefined value. [Alexandre Dulaunoy]
|
||
|
||
* [doc] backscatter.io updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] backscatter.io documentation added. [Alexandre Dulaunoy]
|
||
|
||
* [backscatter.io] remove blank line at the end of the file. [Alexandre Dulaunoy]
|
||
|
||
* [backscatter.io] Exception handler fixed for recent version of Python. [Alexandre Dulaunoy]
|
||
|
||
* Bump dependencies. [Raphaël Vinot]
|
||
|
||
* Use pipenv, update bgpranking/ipasn modules. [Raphaël Vinot]
|
||
|
||
* [doc] Nexthink module added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] osquery export module added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] Nexthink export format added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] cannot type today. [Alexandre Dulaunoy]
|
||
|
||
* [intel471] module added. [Alexandre Dulaunoy]
|
||
|
||
* Regenerated documentation markdown file. [chrisr3d]
|
||
|
||
* [onyphe] fix #252. [Alexandre Dulaunoy]
|
||
|
||
* [btc] Removed simple PoC for btc expansion. [Steve Clement]
|
||
|
||
* [doc] btc module added. [Alexandre Dulaunoy]
|
||
|
||
* [doc] generated documentation updated. [Alexandre Dulaunoy]
|
||
|
||
* [doc] btc module added to documentation. [Alexandre Dulaunoy]
|
||
|
||
* [tools] Added psutil as a dependency to detect misp-modules PID. [Steve Clement]
|
||
|
||
* [init] Added try/catch in case misp-modules is already running on a port, or port is in use... [Steve Clement]
|
||
|
||
* Validating yara rules after their creation. [chrisr3d]
|
||
|
||
* [documentation] osquery logo added. [Alexandre Dulaunoy]
|
||
|
||
* [documentation] generated. [Alexandre Dulaunoy]
|
||
|
||
* [docs] Added some missing dependencies and instructions for virtualenv deployment. [Steve Clement]
|
||
|
||
* [doc] documentation generator updated to include links to source code. [Alexandre Dulaunoy]
|
||
|
||
* Changed documentation markdown file name. [chrisr3d]
|
||
|
||
* Structurded data. [chrisr3d]
|
||
|
||
* Modified the mapping dictionary to support misp-objects updates. [chrisr3d]
|
||
|
||
* Modified output format. [chrisr3d]
|
||
|
||
* Add new dependency (oauth2) [Raphaël Vinot]
|
||
|
||
* Dnspython3 has been superseded by the regular dnspython kit. [Raphaël Vinot]
|
||
|
||
* Wikidata module added. [Alexandre Dulaunoy]
|
||
|
||
* SPARQLWrapper added (for wikidata module) [Alexandre Dulaunoy]
|
||
|
||
### Fix
|
||
|
||
* Re-enable python 3.6 support. [Raphaël Vinot]
|
||
|
||
* CTRL+C is working again. [Raphaël Vinot]
|
||
|
||
Fix #292
|
||
|
||
* Make flake8 happy. [Raphaël Vinot]
|
||
|
||
* [doc] Small typo fix. [Steve Clement]
|
||
|
||
* Pep8 foobar. [Raphaël Vinot]
|
||
|
||
* Add the new module sin the list of modules availables. [Raphaël Vinot]
|
||
|
||
* Typos in variable names. [Raphaël Vinot]
|
||
|
||
* Remove unused import. [Raphaël Vinot]
|
||
|
||
* Tornado expects a KILL now. [Raphaël Vinot]
|
||
|
||
* [exportpdf] update documentation. [Falconieri]
|
||
|
||
* [exportpdf] custom path parameter. [Falconieri]
|
||
|
||
* [exportpdf] add parameters. [Falconieri]
|
||
|
||
* [exportpdf] mising whitespace. [Falconieri]
|
||
|
||
* [exportpdf] problem on one line. [Falconieri]
|
||
|
||
* [exportpdf] add configmodule parameter for galaxy. [Falconieri]
|
||
|
||
* [reportlab] Textual description parameter. [Falconieri]
|
||
|
||
* [pdfexport] Bugfix on PyMisp exportpdf call. [Falconieri]
|
||
|
||
* Systemd service. [Raphaël Vinot]
|
||
|
||
* Regenerated documentation. [chrisr3d]
|
||
|
||
* Description fixed. [chrisr3d]
|
||
|
||
* Pep8 related fixes. [Raphaël Vinot]
|
||
|
||
* Make flake8 happy. [Raphaël Vinot]
|
||
|
||
* Change in the imports in other sigma module. [Raphaël Vinot]
|
||
|
||
* Change in the imports. [Raphaël Vinot]
|
||
|
||
* Change module name. [Raphaël Vinot]
|
||
|
||
* Allow redis details to be retrieved from environment variables. [Ruiwen Chua]
|
||
|
||
* Remove tests on python 3.5. [Raphaël Vinot]
|
||
|
||
* Make pep8 happy. [Raphaël Vinot]
|
||
|
||
* Removed not valid input type. [chrisr3d]
|
||
|
||
* Cleaned up not used variables. [chrisr3d]
|
||
|
||
* Updated rbl module result format. [chrisr3d]
|
||
|
||
- More readable as str than dumped json
|
||
|
||
* Added Macaddress.io module in the init list. [chrisr3d]
|
||
|
||
* Typo on input type. [chrisr3d]
|
||
|
||
* Fixed type of the result in case of exception. [chrisr3d]
|
||
|
||
- Set as str since some exception types are not
|
||
jsonable
|
||
|
||
* Added hostname attribute support as it is intended. [chrisr3d]
|
||
|
||
* Threatanalyzer_import - bugfix for TA6.1 behavior. [Christophe Vandeplas]
|
||
|
||
* Displaying documentation items of each module by alphabetic order. [chrisr3d]
|
||
|
||
- Also regenerated updated documentation markdown
|
||
|
||
* Updated yara import error message. [chrisr3d]
|
||
|
||
- Better to 'pip install -I -r REQUIREMENTS' to
|
||
have the correct yara-python version working
|
||
for all the modules, than having another one
|
||
failing with yara hash & pe modules
|
||
|
||
* Specifying a yara-python version that works for hash & pe yara modules. [chrisr3d]
|
||
|
||
* Making yara query an expansion module for single attributes atm. [chrisr3d]
|
||
|
||
* Catching errors while parsing additional info in requests. [chrisr3d]
|
||
|
||
* Reduced logos size. [chrisr3d]
|
||
|
||
* Typo for separator between each explained module. [chrisr3d]
|
||
|
||
* Making python 3.5 happy with the exception type ImportError. [chrisr3d]
|
||
|
||
* Fixed exception type for python 3.5. [chrisr3d]
|
||
|
||
* Fixed exception type. [chrisr3d]
|
||
|
||
* Fixed syntax error. [chrisr3d]
|
||
|
||
* Fixed indentation error. [chrisr3d]
|
||
|
||
* Fixed 1 variable misuse + cleaned up variable names. [chrisr3d]
|
||
|
||
- Fixed use of 'domain' variable instead of 'email'
|
||
- Cleaned up variable names to avoid redefinition
|
||
of built-in variables
|
||
|
||
* Avoiding adding attributes that are already in the event. [chrisr3d]
|
||
|
||
* Fixed quick variable issue. [chrisr3d]
|
||
|
||
* Cleaned up test function not used anymore. [chrisr3d]
|
||
|
||
* Multiple attributes parsing support. [chrisr3d]
|
||
|
||
- Fixing one of my previous changes not processing
|
||
multiple attributes parsing
|
||
|
||
* Removed print. [chrisr3d]
|
||
|
||
* Some cleanup and output types fixed. [chrisr3d]
|
||
|
||
- hashes types specified in output
|
||
|
||
* Quick cleanup. [chrisr3d]
|
||
|
||
* Quick cleanup. [chrisr3d]
|
||
|
||
* Ta_import - bugfixes. [Christophe Vandeplas]
|
||
|
||
* [cleanup] Quick clean up on exception type. [chrisr3d]
|
||
|
||
* [cleanup] Quick clean up on yaml load function. [chrisr3d]
|
||
|
||
* [cleanup] Quick clean up on exception type. [chrisr3d]
|
||
|
||
* Put the report location parsing in a try/catch statement as it is an optional field. [chrisr3d]
|
||
|
||
* Put the stix2-pattern library import in a try statement. [chrisr3d]
|
||
|
||
--> Error more easily caught
|
||
|
||
* Removed STIX related libraries, files, documentation, etc. [chrisr3d]
|
||
|
||
* Avoid trying to build attributes with not intended fields. [chrisr3d]
|
||
|
||
- Previously: if the header field is not an attribute type, then
|
||
it was added as an attribute field.
|
||
PyMISP then used to skip it if needed
|
||
|
||
- Now: Those fields are discarded before they are put in an attribute
|
||
|
||
* Using userConfig to define the header instead of moduleconfig. [chrisr3d]
|
||
|
||
* Fixed input & output of the module. [chrisr3d]
|
||
|
||
* Added an object checking. [Christian Studer]
|
||
|
||
- Checking if there are objects in the event, and then if there is at least 1 transaction object
|
||
- This prevents the module from crashing, but does not guaranty having a valid GoAML file (depending on objects and their relations)
|
||
|
||
* Fixed input & output of the module. [chrisr3d]
|
||
|
||
Also updated some functions
|
||
|
||
* Fixed typo of the aml type for country codes. [chrisr3d]
|
||
|
||
* Typo in references mapping dictionary. [chrisr3d]
|
||
|
||
* Added an object checking. [chrisr3d]
|
||
|
||
- Checking if there are objects in the event, and then
|
||
if there is at least 1 transaction object
|
||
- This prevents the module from crashing, but does not
|
||
guaranty having a valid GoAML file (depending on
|
||
objects and their relations)
|
||
|
||
* Added the moduleinfo field need to have MISP event in standard format. [chrisr3d]
|
||
|
||
* Missing cve module test. [Alexandre Dulaunoy]
|
||
|
||
* Goamlexport added. [Alexandre Dulaunoy]
|
||
|
||
* Python version in Travis. [Alexandre Dulaunoy]
|
||
|
||
* Solved reading problems for some files. [chrisr3d]
|
||
|
||
* Skipping empty lines. [chrisr3d]
|
||
|
||
* Make travis happy. [Raphaël Vinot]
|
||
|
||
* OpenIOC importer. [Raphaël Vinot]
|
||
|
||
* #137 when a CVE is not found, a return message is given. [Alexandre Dulaunoy]
|
||
|
||
* Use the proper formatting method and not the horrible % one. [Hannah Ward]
|
||
|
||
* Misp-modules are by default installed in /bin. [Alexandre Dulaunoy]
|
||
|
||
* Module_config should be set as introspection relies on it. [Alexandre Dulaunoy]
|
||
|
||