misp-modules 3.0.6__tar.gz → 3.0.8__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (225) hide show
  1. {misp_modules-3.0.6 → misp_modules-3.0.8}/PKG-INFO +29 -23
  2. {misp_modules-3.0.6 → misp_modules-3.0.8}/README.md +17 -12
  3. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/__main__.py +1 -1
  4. misp_modules-3.0.8/misp_modules/modules/expansion/alphaMountain.py +232 -0
  5. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/docx_enrich.py +1 -1
  6. misp_modules-3.0.8/misp_modules/modules/expansion/email_security_check.py +224 -0
  7. misp_modules-3.0.8/misp_modules/modules/expansion/greynoise.py +343 -0
  8. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/html_to_markdown.py +39 -1
  9. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/jinja_template_rendering.py +3 -1
  10. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/joesandbox_submit.py +1 -1
  11. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ocr_enrich.py +1 -1
  12. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ods_enrich.py +1 -1
  13. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/odt_enrich.py +1 -1
  14. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/pdf_enrich.py +1 -1
  15. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/pptx_enrich.py +1 -1
  16. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/qrcode.py +1 -2
  17. misp_modules-3.0.8/misp_modules/modules/expansion/ransomlook.py +196 -0
  18. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/reversinglabs_spectra_analyze.py +10 -1
  19. misp_modules-3.0.8/misp_modules/modules/expansion/socradar_lookup.py +479 -0
  20. misp_modules-3.0.8/misp_modules/modules/expansion/ssh_fingerprint.py +156 -0
  21. misp_modules-3.0.8/misp_modules/modules/expansion/tls_certificate_check.py +185 -0
  22. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vysion.py +32 -5
  23. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/xlsx_enrich.py +1 -1
  24. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/email_import.py +12 -3
  25. misp_modules-3.0.8/misp_modules/modules/import_mod/socradar_taxii_feed.py +579 -0
  26. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/taxii21.py +3 -2
  27. {misp_modules-3.0.6 → misp_modules-3.0.8}/pyproject.toml +16 -16
  28. misp_modules-3.0.6/misp_modules/modules/expansion/greynoise.py +0 -367
  29. {misp_modules-3.0.6 → misp_modules-3.0.8}/LICENSE +0 -0
  30. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/__init__.py +0 -0
  31. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/ODTReader/LICENSE +0 -0
  32. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/ODTReader/__init__.py +0 -0
  33. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/ODTReader/odtreader.py +0 -0
  34. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/ODTReader/win32_unicode_argv.py +0 -0
  35. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/__init__.py +0 -0
  36. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/_vmray/__init__.py +0 -0
  37. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/_vmray/parser.py +0 -0
  38. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/_vmray/rest_api.py +0 -0
  39. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/anyrun_sandbox/__init__.py +0 -0
  40. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/anyrun_sandbox/config.py +0 -0
  41. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/anyrun_sandbox/parser.py +0 -0
  42. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/anyrun_sandbox/submitter.py +0 -0
  43. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/cof2misp/LICENSE-2.0.txt +0 -0
  44. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/cof2misp/__init__.py +0 -0
  45. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/cof2misp/cof.py +0 -0
  46. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/dnstrails/LICENSE +0 -0
  47. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/dnstrails/__init__.py +0 -0
  48. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/dnstrails/api.py +0 -0
  49. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/dnstrails/exception.py +0 -0
  50. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/joe_mapping.py +0 -0
  51. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/joe_parser.py +0 -0
  52. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/lastline_api.py +0 -0
  53. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/onyphe/LICENSE +0 -0
  54. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/onyphe/__init__.py +0 -0
  55. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/onyphe/client.py +0 -0
  56. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/onyphe/exception.py +0 -0
  57. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/qintel_helper.py +0 -0
  58. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/synonymsToTagNames.json +0 -0
  59. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/__init__.py +0 -0
  60. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/errors.py +0 -0
  61. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/helpers/__init__.py +0 -0
  62. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/helpers/parsers.py +0 -0
  63. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/helpers/rules.py +0 -0
  64. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/helpers/wrappers.py +0 -0
  65. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/importers/__init__.py +0 -0
  66. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/importers/base.py +0 -0
  67. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/lib/vt_graph_parser/importers/pymisp_response.py +0 -0
  68. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/__init__.py +0 -0
  69. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/__init__.py +0 -0
  70. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/_utils/__init__.py +0 -0
  71. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/_utils/utils.py +0 -0
  72. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/export_sentinel.py +0 -0
  73. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/mattermost.py +0 -0
  74. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/nextcloud_talk.py +0 -0
  75. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/slack.py +0 -0
  76. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/action_mod/testaction.py +0 -0
  77. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/__init__.py +0 -0
  78. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_assemblyline_api.py +0 -0
  79. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_dnsdb_query/COPYRIGHT +0 -0
  80. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_dnsdb_query/LICENSE +0 -0
  81. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_dnsdb_query/README.md +0 -0
  82. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_dnsdb_query/__init__.py +0 -0
  83. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_dnsdb_query/dnsdb_query.py +0 -0
  84. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_ransomcoindb/__init__.py +0 -0
  85. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_ransomcoindb/ransomcoindb.py +0 -0
  86. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_vulnerability_parser/__init__.py +0 -0
  87. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py +0 -0
  88. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/abuseipdb.py +0 -0
  89. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/anyrun_sandbox_submit.py +0 -0
  90. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/apiosintds.py +0 -0
  91. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/apivoid.py +0 -0
  92. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/assemblyline_query.py +0 -0
  93. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/assemblyline_submit.py +0 -0
  94. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/backscatter_io.py +0 -0
  95. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/btc_scam_check.py +0 -0
  96. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/btc_steroids.py +0 -0
  97. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/censys_enrich.py +0 -0
  98. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/circl_passivedns.py +0 -0
  99. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/circl_passivessl.py +0 -0
  100. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/clamav.py +0 -0
  101. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cluster25_expand.py +0 -0
  102. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/convert_markdown_to_pdf.py +0 -0
  103. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/countrycode.py +0 -0
  104. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cpe.py +0 -0
  105. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/crowdsec.py +0 -0
  106. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/crowdstrike_falcon.py +0 -0
  107. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cuckoo_submit.py +0 -0
  108. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cve.py +0 -0
  109. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cve_advanced.py +0 -0
  110. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/cytomic_orion.py +0 -0
  111. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/dbl_spamhaus.py +0 -0
  112. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/dns.py +0 -0
  113. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/domaintools.py +0 -0
  114. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/eql.py +0 -0
  115. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/eupi.py +0 -0
  116. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/extract_url_components.py +0 -0
  117. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/farsight_passivedns.py +0 -0
  118. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/geoip_asn.py +0 -0
  119. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/geoip_city.py +0 -0
  120. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/geoip_country.py +0 -0
  121. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/google_safe_browsing.py +0 -0
  122. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/google_threat_intelligence.py +0 -0
  123. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/hashdd.py +0 -0
  124. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/hashlookup.py +0 -0
  125. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/hibp.py +0 -0
  126. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/hyasinsight.py +0 -0
  127. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/intel471.py +0 -0
  128. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/intelmq_eventdb.py.experimental +0 -0
  129. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ip2locationio.py +0 -0
  130. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ipasn.py +0 -0
  131. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ipinfo.py +0 -0
  132. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py +0 -0
  133. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/iprep.py +0 -0
  134. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/joesandbox_query.py +0 -0
  135. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/lastline_query.py +0 -0
  136. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/lastline_submit.py +0 -0
  137. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/macaddress_io.py +0 -0
  138. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/macvendors.py +0 -0
  139. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/malshare_upload.py +0 -0
  140. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/malwarebazaar.py +0 -0
  141. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/mcafee_insights_enrich.py +0 -0
  142. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/mmdb_lookup.py +0 -0
  143. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/module.py.skeleton +0 -0
  144. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/module_misp_standard.py.skeleton +0 -0
  145. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/mwdb.py +0 -0
  146. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/onion_lookup.py +0 -0
  147. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/onyphe.py +0 -0
  148. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/onyphe_full.py +0 -0
  149. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/otx.py +0 -0
  150. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/passive_ssh.py +0 -0
  151. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/passivetotal.py +0 -0
  152. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/qintel_qsentry.py +0 -0
  153. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/ransomcoindb.py +0 -0
  154. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/rapid7_attackerkb.py +0 -0
  155. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/rbl.py +0 -0
  156. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/recordedfuture.py +0 -0
  157. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/reversedns.py +0 -0
  158. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/securitytrails.py +0 -0
  159. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/shodan.py +0 -0
  160. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/sigma_queries.py +0 -0
  161. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/sigma_syntax_validator.py +0 -0
  162. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/sigmf_expand.py +0 -0
  163. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/socialscan.py +0 -0
  164. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/sophoslabs_intelix.py +0 -0
  165. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/sourcecache.py +0 -0
  166. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/stairwell.py +0 -0
  167. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py +0 -0
  168. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/threatcrowd.py +0 -0
  169. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/threatfox.py +0 -0
  170. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/threatminer.py +0 -0
  171. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/triage_submit.py +0 -0
  172. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/trustar_enrich.py +0 -0
  173. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/urlhaus.py +0 -0
  174. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/urlscan.py +0 -0
  175. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/validin.py +0 -0
  176. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/variotdbs.py +0 -0
  177. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/virustotal.py +0 -0
  178. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/virustotal_public.py +0 -0
  179. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/virustotal_upload.py +0 -0
  180. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vmray_submit.py +0 -0
  181. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vmware_nsx.py +0 -0
  182. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vulndb.py +0 -0
  183. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vulnerability_lookup.py +0 -0
  184. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/vulners.py +0 -0
  185. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/whois.py +0 -0
  186. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/whoisfreaks.py +0 -0
  187. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/wiki.py +0 -0
  188. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/xforceexchange.py +0 -0
  189. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/yara_query.py +0 -0
  190. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/yara_syntax_validator.py +0 -0
  191. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/expansion/yeti.py +0 -0
  192. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/__init__.py +0 -0
  193. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/cef_export.py +0 -0
  194. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py +0 -0
  195. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/defender_endpoint_export.py +0 -0
  196. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/goamlexport.py +0 -0
  197. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/liteexport.py +0 -0
  198. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/mass_eql_export.py +0 -0
  199. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/nexthinkexport.py +0 -0
  200. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/osqueryexport.py +0 -0
  201. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/pdfexport.py +0 -0
  202. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/testexport.py +0 -0
  203. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/threatStream_misp_export.py +0 -0
  204. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/threat_connect_export.py +0 -0
  205. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/virustotal_collections.py +0 -0
  206. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/vt_graph.py +0 -0
  207. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/export_mod/yara_export.py +0 -0
  208. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/__init__.py +0 -0
  209. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/anyrun_sandbox_import.py +0 -0
  210. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/cof2misp.py +0 -0
  211. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/csvimport.py +0 -0
  212. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/cuckooimport.py +0 -0
  213. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/goamlimport.py +0 -0
  214. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/import_blueprint.py +0 -0
  215. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/joe_import.py +0 -0
  216. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/lastline_import.py +0 -0
  217. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/mispjson.py +0 -0
  218. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/ocr.py +0 -0
  219. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/openiocimport.py +0 -0
  220. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/testimport.py +0 -0
  221. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/threatanalyzer_import.py +0 -0
  222. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/url_import.py +0 -0
  223. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/vmray_import.py +0 -0
  224. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/modules/import_mod/vmray_summary_json_import.py +0 -0
  225. {misp_modules-3.0.6 → misp_modules-3.0.8}/misp_modules/openapi.py +0 -0
@@ -1,12 +1,12 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: misp-modules
3
- Version: 3.0.6
3
+ Version: 3.0.8
4
4
  Summary: MISP modules are autonomous modules that can be used for expansion and other services in MISP
5
5
  License-Expression: AGPL-3.0-only
6
6
  License-File: LICENSE
7
7
  Author: Alexandre Dulaunoy
8
8
  Author-email: alexandre.dulaunoy@circl.lu
9
- Requires-Python: >=3.9,<3.13
9
+ Requires-Python: >=3.10,<4.0
10
10
  Classifier: License :: OSI Approved :: GNU Affero General Public License v3
11
11
  Classifier: Development Status :: 5 - Production/Stable
12
12
  Classifier: Environment :: Console
@@ -15,7 +15,7 @@ Classifier: Programming Language :: Python :: 3
15
15
  Classifier: Topic :: Security
16
16
  Provides-Extra: all
17
17
  Provides-Extra: minimal
18
- Requires-Dist: anyrun-sdk (>=1.10.10,<2.0.0)
18
+ Requires-Dist: anyrun-sdk (>=1.10.10,<2.0.0) ; extra == "all"
19
19
  Requires-Dist: apiosintds ; extra == "all"
20
20
  Requires-Dist: assemblyline_client ; extra == "all"
21
21
  Requires-Dist: backscatter ; extra == "all"
@@ -27,6 +27,7 @@ Requires-Dist: censys (==2.0.9) ; extra == "all"
27
27
  Requires-Dist: censys (==2.0.9) ; extra == "minimal"
28
28
  Requires-Dist: clamd ; extra == "all"
29
29
  Requires-Dist: clamd ; extra == "minimal"
30
+ Requires-Dist: click (==8.1.8)
30
31
  Requires-Dist: crowdstrike-falconpy ; extra == "all"
31
32
  Requires-Dist: crowdstrike-falconpy ; extra == "minimal"
32
33
  Requires-Dist: dnsdb2 ; extra == "all"
@@ -40,6 +41,8 @@ Requires-Dist: greynoise ; extra == "minimal"
40
41
  Requires-Dist: jbxapi ; extra == "all"
41
42
  Requires-Dist: jbxapi ; extra == "minimal"
42
43
  Requires-Dist: jinja2
44
+ Requires-Dist: lief (>=0.17.6) ; extra == "all"
45
+ Requires-Dist: lxml (>=6.1.1) ; extra == "all"
43
46
  Requires-Dist: maclookup ; extra == "all"
44
47
  Requires-Dist: maclookup ; extra == "minimal"
45
48
  Requires-Dist: markdownify
@@ -47,19 +50,17 @@ Requires-Dist: matplotlib ; extra == "all"
47
50
  Requires-Dist: matplotlib ; extra == "minimal"
48
51
  Requires-Dist: mattermostdriver ; extra == "all"
49
52
  Requires-Dist: mattermostdriver ; extra == "minimal"
50
- Requires-Dist: misp-lib-stix2 (>=3.0.1.2) ; extra == "all"
51
- Requires-Dist: misp-stix (>=2025.1.10) ; extra == "all"
53
+ Requires-Dist: misp-stix (>=2026.6.1) ; extra == "all"
52
54
  Requires-Dist: mwdblib ; extra == "all"
53
55
  Requires-Dist: ndjson ; extra == "all"
54
56
  Requires-Dist: ndjson ; extra == "minimal"
55
- Requires-Dist: np ; extra == "all"
56
- Requires-Dist: numpy (>=1.26.4,<2.0.0) ; extra == "all"
57
+ Requires-Dist: numpy (>=2.0.0) ; extra == "all"
57
58
  Requires-Dist: oauth2 ; extra == "all"
58
59
  Requires-Dist: oauth2 ; extra == "minimal"
59
60
  Requires-Dist: opencv-python ; extra == "all"
60
61
  Requires-Dist: openpyxl ; extra == "all"
61
- Requires-Dist: orjson
62
- Requires-Dist: pandas (>=2.0.0) ; extra == "all"
62
+ Requires-Dist: orjson (>=3.11.9)
63
+ Requires-Dist: pandas (>=2.0.0,<3.0.0) ; extra == "all"
63
64
  Requires-Dist: pandas_ods_reader (>=1.0.0) ; extra == "all"
64
65
  Requires-Dist: pandoc ; extra == "all"
65
66
  Requires-Dist: passivetotal ; extra == "all"
@@ -79,8 +80,8 @@ Requires-Dist: pyintel471 ; extra == "all"
79
80
  Requires-Dist: pyintel471 ; extra == "minimal"
80
81
  Requires-Dist: pyipasnhistory ; extra == "all"
81
82
  Requires-Dist: pyipasnhistory ; extra == "minimal"
82
- Requires-Dist: pymisp
83
- Requires-Dist: pymisp[email,fileobjects,openioc,pdfexport] ; extra == "all"
83
+ Requires-Dist: pymisp (>=2.5.34.1)
84
+ Requires-Dist: pymisp[email,fileobjects,openioc,pdfexport] (>=2.5.34.1) ; extra == "all"
84
85
  Requires-Dist: pypdns ; extra == "all"
85
86
  Requires-Dist: pypdns ; extra == "minimal"
86
87
  Requires-Dist: pypssl ; extra == "all"
@@ -135,18 +136,19 @@ Description-Content-Type: text/markdown
135
136
 
136
137
  MISP modules are autonomous modules that can be used to extend [MISP](https://github.com/MISP/MISP) for new services such as expansion, import, export and workflow action.
137
138
 
138
- MISP modules can be also installed and used without MISP as a [standalone tool accessible via a convenient web interface](./website).
139
+ MISP modules can be also installed and used without [MISP](https://misp-project.org/) as a [standalone tool accessible via a convenient web interface](./website) or using a [cli tool](https://github.com/MISP/misp-modules-cli).
139
140
 
140
- The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities
141
- without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration and can be used with other tools.
141
+ The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration and can be used with other tools. The API is also documented automatically via an OpenAPI end-point or a swagger file.
142
142
 
143
143
  For more information: [Extending MISP with Python modules](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf) slides from [MISP training](https://github.com/MISP/misp-training).
144
144
 
145
145
  # Installation
146
+
146
147
  Installation instructions can be found in the [installation documentation](https://misp.github.io/misp-modules/install/).
147
148
 
148
149
  # How to add your own MISP modules?
149
- Developing a MISP module yourself is fairly easy. Start with a template or existing module and continue from there. \
150
+
151
+ Developing a MISP module yourself is fairly easy. Start with a template or existing module and continue from there.
150
152
  More information can be found in the [contribute](https://misp.github.io/misp-modules/contribute/) section of the documentation.
151
153
 
152
154
  # Documentation
@@ -169,9 +171,9 @@ The specification is generated during service startup, so restart `misp-modules`
169
171
  ## Licenses
170
172
  For further Information see the [license file](https://misp.github.io/misp-modules/license/).
171
173
 
172
- # List of MISP modules
174
+ ## Existing MISP modules
173
175
 
174
- ## Expansion Modules
176
+ ### Expansion Modules
175
177
  * [Abuse IPDB](https://misp.github.io/misp-modules/expansion/#abuse-ipdb) - AbuseIPDB MISP expansion module
176
178
  * [ANYRUN Sandbox Submit](https://misp.github.io/misp-modules/expansion/#anyrun-sandbox-submit) - A module designed to submit URLs or files to the ANY.RUN Sandbox for analysis and return the unique analysis link and ID.
177
179
  * [OSINT DigitalSide](https://misp.github.io/misp-modules/expansion/#osint-digitalside) - On demand query API for OSINT.digitalside.it project.
@@ -218,7 +220,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
218
220
  * [IP2Location.io Lookup](https://misp.github.io/misp-modules/expansion/#ip2location.io-lookup) - An expansion module to query IP2Location.io to gather more information on a given IP address.
219
221
  * [IPASN-History Lookup](https://misp.github.io/misp-modules/expansion/#ipasn-history-lookup) - Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).
220
222
  * [IPInfo.io Lookup](https://misp.github.io/misp-modules/expansion/#ipinfo.io-lookup) - An expansion module to query ipinfo.io to gather more information on a given IP address.
221
- * [IPQualityScore Lookup](https://misp.github.io/misp-modules/expansion/#ipqualityscore-lookup) - IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain and Malicious URL Scanner.
223
+ * [IPQualityScore Lookup](https://misp.github.io/misp-modules/expansion/#ipqualityscore-lookup) - IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain,Malicious URL Scanner,Malicious File Scanner & Compromised username, Password, Email
222
224
  * [IPRep Lookup](https://misp.github.io/misp-modules/expansion/#iprep-lookup) - Module to query IPRep data for IP addresses.
223
225
  * [Ninja Template Rendering](https://misp.github.io/misp-modules/expansion/#ninja-template-rendering) - Render the template with the data passed
224
226
  * [Joe Sandbox Import](https://misp.github.io/misp-modules/expansion/#joe-sandbox-import) - Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.
@@ -244,12 +246,13 @@ For further Information see the [license file](https://misp.github.io/misp-modul
244
246
  * [PDF Enrich](https://misp.github.io/misp-modules/expansion/#pdf-enrich) - Module to extract freetext from a PDF document.
245
247
  * [PPTX Enrich](https://misp.github.io/misp-modules/expansion/#pptx-enrich) - Module to extract freetext from a .pptx document.
246
248
  * [Qintel QSentry Lookup](https://misp.github.io/misp-modules/expansion/#qintel-qsentry-lookup) - A hover and expansion module which queries Qintel QSentry for ip reputation data
247
- * [QR Code Decode](https://misp.github.io/misp-modules/expansion/#qr-code-decode) - Module to decode QR codes.
249
+ * [QR Code Decode](https://misp.github.io/misp-modules/expansion/#qr-code-decode) - Decode QR codes from attachments OR remote URLs (Anti-Quishing).
248
250
  * [RandomcoinDB Lookup](https://misp.github.io/misp-modules/expansion/#randomcoindb-lookup) - Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)
249
- * [r7_akb](https://misp.github.io/misp-modules/expansion/#r7_akb) - Enrich CVEs via AttackerKB and return structured MISP events. Handles rate limits, regex CVE detection, and markdown cleanup.
251
+ * [Rapid7 AttackerKB lookup](https://misp.github.io/misp-modules/expansion/#rapid7-attackerkb-lookup) - Module to lookup CVE attributes in Rapid7 AttackerKB.
250
252
  * [Real-time Blackhost Lists Lookup](https://misp.github.io/misp-modules/expansion/#real-time-blackhost-lists-lookup) - Module to check an IPv4 address against known RBLs.
251
253
  * [Recorded Future Enrich](https://misp.github.io/misp-modules/expansion/#recorded-future-enrich) - Module to enrich attributes with threat intelligence from Recorded Future.
252
254
  * [Reverse DNS](https://misp.github.io/misp-modules/expansion/#reverse-dns) - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.
255
+ * [ReversingLabs Spectra Analyze](https://misp.github.io/misp-modules/expansion/#reversinglabs-spectra-analyze) - Threat intelligence enrichment module
253
256
  * [SecurityTrails Lookup](https://misp.github.io/misp-modules/expansion/#securitytrails-lookup) - An expansion modules for SecurityTrails.
254
257
  * [Shodan Lookup](https://misp.github.io/misp-modules/expansion/#shodan-lookup) - Module to query on Shodan.
255
258
  * [Sigma Rule Converter](https://misp.github.io/misp-modules/expansion/#sigma-rule-converter) - An expansion hover module to display the result of sigma queries.
@@ -267,6 +270,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
267
270
  * [TruSTAR Enrich](https://misp.github.io/misp-modules/expansion/#trustar-enrich) - Module to get enrich indicators with TruSTAR.
268
271
  * [URLhaus Lookup](https://misp.github.io/misp-modules/expansion/#urlhaus-lookup) - Query of the URLhaus API to get additional information about the input attribute.
269
272
  * [URLScan Lookup](https://misp.github.io/misp-modules/expansion/#urlscan-lookup) - An expansion module to query urlscan.io.
273
+ * [Validin DNS History](https://misp.github.io/misp-modules/expansion/#validin-dns-history) - Validin internet dataset expansion. Returns dns-records, web crawls, registration (WHOIS) records, and certificates from Validin's historic internet intelligence dataset.
270
274
  * [VARIoT db Lookup](https://misp.github.io/misp-modules/expansion/#variot-db-lookup) - An expansion module to query the VARIoT db API for more information about a vulnerability.
271
275
  * [VirusTotal v3 Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-v3-lookup) - Enrich observables with the VirusTotal v3 API
272
276
  * [VirusTotal Public API Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-public-api-lookup) - Enrich observables with the VirusTotal v3 public API
@@ -286,7 +290,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
286
290
  * [YARA Syntax Validator](https://misp.github.io/misp-modules/expansion/#yara-syntax-validator) - An expansion hover module to perform a syntax check on if yara rules are valid or not.
287
291
  * [Yeti Lookup](https://misp.github.io/misp-modules/expansion/#yeti-lookup) - Module to process a query on Yeti.
288
292
 
289
- ## Export Modules
293
+ ### Export Modules
290
294
  * [CEF Export](https://misp.github.io/misp-modules/export_mod/#cef-export) - Module to export a MISP event in CEF format.
291
295
  * [Cisco fireSIGHT blockrule Export](https://misp.github.io/misp-modules/export_mod/#cisco-firesight-blockrule-export) - Module to export malicious network activity attributes to Cisco fireSIGHT manager block rules.
292
296
  * [Microsoft Defender for Endpoint KQL Export](https://misp.github.io/misp-modules/export_mod/#microsoft-defender-for-endpoint-kql-export) - Defender for Endpoint KQL hunting query export module
@@ -303,7 +307,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
303
307
  * [VirusTotal Graph Export](https://misp.github.io/misp-modules/export_mod/#virustotal-graph-export) - This module is used to create a VirusTotal Graph from a MISP event.
304
308
  * [YARA Rule Export](https://misp.github.io/misp-modules/export_mod/#yara-rule-export) - This module is used to export MISP events to YARA.
305
309
 
306
- ## Import Modules
310
+ ### Import Modules
307
311
  * [ANYRUN Sandbox Import](https://misp.github.io/misp-modules/import_mod/#anyrun-sandbox-import) - A module designed to retrieve an analysis report from the ANY.RUN Sandbox by its unique ID and extract results (such as verdict, malware tags, and IOCs), converting them into MISP attributes within your event.
308
312
  * [PDNS COF Importer](https://misp.github.io/misp-modules/import_mod/#pdns-cof-importer) - Passive DNS Common Output Format (COF) MISP importer
309
313
  * [CSV Import](https://misp.github.io/misp-modules/import_mod/#csv-import) - Module to import MISP attributes from a csv file.
@@ -323,7 +327,8 @@ For further Information see the [license file](https://misp.github.io/misp-modul
323
327
  * [VMRay API Import](https://misp.github.io/misp-modules/import_mod/#vmray-api-import) - Module to import VMRay (VTI) results.
324
328
  * [VMRay Summary JSON Import](https://misp.github.io/misp-modules/import_mod/#vmray-summary-json-import) - Import a VMRay Summary JSON report.
325
329
 
326
- ## Action Modules
330
+ ### Action Modules
331
+ * [Export to Sentinel or Defender](https://misp.github.io/misp-modules/action_mod/#export-to-sentinel-or-defender) - Export indicators to Microsoft Sentinel or Microsoft Defender. Requires an existing installation of MISP2Sentinel or MISP2Defender.
327
332
  * [Mattermost](https://misp.github.io/misp-modules/action_mod/#mattermost) - Simplistic module to send message to a Mattermost channel.
328
333
  * [Nextcloud talk](https://misp.github.io/misp-modules/action_mod/#nextcloud-talk) - Simplistic module to send a message to a Nextcloud talk conversation.
329
334
  * [Slack](https://misp.github.io/misp-modules/action_mod/#slack) - Simplistic module to send messages to a Slack channel.
@@ -331,3 +336,4 @@ For further Information see the [license file](https://misp.github.io/misp-modul
331
336
 
332
337
 
333
338
 
339
+
@@ -7,18 +7,19 @@
7
7
 
8
8
  MISP modules are autonomous modules that can be used to extend [MISP](https://github.com/MISP/MISP) for new services such as expansion, import, export and workflow action.
9
9
 
10
- MISP modules can be also installed and used without MISP as a [standalone tool accessible via a convenient web interface](./website).
10
+ MISP modules can be also installed and used without [MISP](https://misp-project.org/) as a [standalone tool accessible via a convenient web interface](./website) or using a [cli tool](https://github.com/MISP/misp-modules-cli).
11
11
 
12
- The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities
13
- without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration and can be used with other tools.
12
+ The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration and can be used with other tools. The API is also documented automatically via an OpenAPI end-point or a swagger file.
14
13
 
15
14
  For more information: [Extending MISP with Python modules](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf) slides from [MISP training](https://github.com/MISP/misp-training).
16
15
 
17
16
  # Installation
17
+
18
18
  Installation instructions can be found in the [installation documentation](https://misp.github.io/misp-modules/install/).
19
19
 
20
20
  # How to add your own MISP modules?
21
- Developing a MISP module yourself is fairly easy. Start with a template or existing module and continue from there. \
21
+
22
+ Developing a MISP module yourself is fairly easy. Start with a template or existing module and continue from there.
22
23
  More information can be found in the [contribute](https://misp.github.io/misp-modules/contribute/) section of the documentation.
23
24
 
24
25
  # Documentation
@@ -41,9 +42,9 @@ The specification is generated during service startup, so restart `misp-modules`
41
42
  ## Licenses
42
43
  For further Information see the [license file](https://misp.github.io/misp-modules/license/).
43
44
 
44
- # List of MISP modules
45
+ ## Existing MISP modules
45
46
 
46
- ## Expansion Modules
47
+ ### Expansion Modules
47
48
  * [Abuse IPDB](https://misp.github.io/misp-modules/expansion/#abuse-ipdb) - AbuseIPDB MISP expansion module
48
49
  * [ANYRUN Sandbox Submit](https://misp.github.io/misp-modules/expansion/#anyrun-sandbox-submit) - A module designed to submit URLs or files to the ANY.RUN Sandbox for analysis and return the unique analysis link and ID.
49
50
  * [OSINT DigitalSide](https://misp.github.io/misp-modules/expansion/#osint-digitalside) - On demand query API for OSINT.digitalside.it project.
@@ -90,7 +91,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
90
91
  * [IP2Location.io Lookup](https://misp.github.io/misp-modules/expansion/#ip2location.io-lookup) - An expansion module to query IP2Location.io to gather more information on a given IP address.
91
92
  * [IPASN-History Lookup](https://misp.github.io/misp-modules/expansion/#ipasn-history-lookup) - Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).
92
93
  * [IPInfo.io Lookup](https://misp.github.io/misp-modules/expansion/#ipinfo.io-lookup) - An expansion module to query ipinfo.io to gather more information on a given IP address.
93
- * [IPQualityScore Lookup](https://misp.github.io/misp-modules/expansion/#ipqualityscore-lookup) - IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain and Malicious URL Scanner.
94
+ * [IPQualityScore Lookup](https://misp.github.io/misp-modules/expansion/#ipqualityscore-lookup) - IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain,Malicious URL Scanner,Malicious File Scanner & Compromised username, Password, Email
94
95
  * [IPRep Lookup](https://misp.github.io/misp-modules/expansion/#iprep-lookup) - Module to query IPRep data for IP addresses.
95
96
  * [Ninja Template Rendering](https://misp.github.io/misp-modules/expansion/#ninja-template-rendering) - Render the template with the data passed
96
97
  * [Joe Sandbox Import](https://misp.github.io/misp-modules/expansion/#joe-sandbox-import) - Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.
@@ -116,12 +117,13 @@ For further Information see the [license file](https://misp.github.io/misp-modul
116
117
  * [PDF Enrich](https://misp.github.io/misp-modules/expansion/#pdf-enrich) - Module to extract freetext from a PDF document.
117
118
  * [PPTX Enrich](https://misp.github.io/misp-modules/expansion/#pptx-enrich) - Module to extract freetext from a .pptx document.
118
119
  * [Qintel QSentry Lookup](https://misp.github.io/misp-modules/expansion/#qintel-qsentry-lookup) - A hover and expansion module which queries Qintel QSentry for ip reputation data
119
- * [QR Code Decode](https://misp.github.io/misp-modules/expansion/#qr-code-decode) - Module to decode QR codes.
120
+ * [QR Code Decode](https://misp.github.io/misp-modules/expansion/#qr-code-decode) - Decode QR codes from attachments OR remote URLs (Anti-Quishing).
120
121
  * [RandomcoinDB Lookup](https://misp.github.io/misp-modules/expansion/#randomcoindb-lookup) - Module to access the ransomcoinDB (see https://ransomcoindb.concinnity-risks.com)
121
- * [r7_akb](https://misp.github.io/misp-modules/expansion/#r7_akb) - Enrich CVEs via AttackerKB and return structured MISP events. Handles rate limits, regex CVE detection, and markdown cleanup.
122
+ * [Rapid7 AttackerKB lookup](https://misp.github.io/misp-modules/expansion/#rapid7-attackerkb-lookup) - Module to lookup CVE attributes in Rapid7 AttackerKB.
122
123
  * [Real-time Blackhost Lists Lookup](https://misp.github.io/misp-modules/expansion/#real-time-blackhost-lists-lookup) - Module to check an IPv4 address against known RBLs.
123
124
  * [Recorded Future Enrich](https://misp.github.io/misp-modules/expansion/#recorded-future-enrich) - Module to enrich attributes with threat intelligence from Recorded Future.
124
125
  * [Reverse DNS](https://misp.github.io/misp-modules/expansion/#reverse-dns) - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes.
126
+ * [ReversingLabs Spectra Analyze](https://misp.github.io/misp-modules/expansion/#reversinglabs-spectra-analyze) - Threat intelligence enrichment module
125
127
  * [SecurityTrails Lookup](https://misp.github.io/misp-modules/expansion/#securitytrails-lookup) - An expansion modules for SecurityTrails.
126
128
  * [Shodan Lookup](https://misp.github.io/misp-modules/expansion/#shodan-lookup) - Module to query on Shodan.
127
129
  * [Sigma Rule Converter](https://misp.github.io/misp-modules/expansion/#sigma-rule-converter) - An expansion hover module to display the result of sigma queries.
@@ -139,6 +141,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
139
141
  * [TruSTAR Enrich](https://misp.github.io/misp-modules/expansion/#trustar-enrich) - Module to get enrich indicators with TruSTAR.
140
142
  * [URLhaus Lookup](https://misp.github.io/misp-modules/expansion/#urlhaus-lookup) - Query of the URLhaus API to get additional information about the input attribute.
141
143
  * [URLScan Lookup](https://misp.github.io/misp-modules/expansion/#urlscan-lookup) - An expansion module to query urlscan.io.
144
+ * [Validin DNS History](https://misp.github.io/misp-modules/expansion/#validin-dns-history) - Validin internet dataset expansion. Returns dns-records, web crawls, registration (WHOIS) records, and certificates from Validin's historic internet intelligence dataset.
142
145
  * [VARIoT db Lookup](https://misp.github.io/misp-modules/expansion/#variot-db-lookup) - An expansion module to query the VARIoT db API for more information about a vulnerability.
143
146
  * [VirusTotal v3 Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-v3-lookup) - Enrich observables with the VirusTotal v3 API
144
147
  * [VirusTotal Public API Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-public-api-lookup) - Enrich observables with the VirusTotal v3 public API
@@ -158,7 +161,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
158
161
  * [YARA Syntax Validator](https://misp.github.io/misp-modules/expansion/#yara-syntax-validator) - An expansion hover module to perform a syntax check on if yara rules are valid or not.
159
162
  * [Yeti Lookup](https://misp.github.io/misp-modules/expansion/#yeti-lookup) - Module to process a query on Yeti.
160
163
 
161
- ## Export Modules
164
+ ### Export Modules
162
165
  * [CEF Export](https://misp.github.io/misp-modules/export_mod/#cef-export) - Module to export a MISP event in CEF format.
163
166
  * [Cisco fireSIGHT blockrule Export](https://misp.github.io/misp-modules/export_mod/#cisco-firesight-blockrule-export) - Module to export malicious network activity attributes to Cisco fireSIGHT manager block rules.
164
167
  * [Microsoft Defender for Endpoint KQL Export](https://misp.github.io/misp-modules/export_mod/#microsoft-defender-for-endpoint-kql-export) - Defender for Endpoint KQL hunting query export module
@@ -175,7 +178,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
175
178
  * [VirusTotal Graph Export](https://misp.github.io/misp-modules/export_mod/#virustotal-graph-export) - This module is used to create a VirusTotal Graph from a MISP event.
176
179
  * [YARA Rule Export](https://misp.github.io/misp-modules/export_mod/#yara-rule-export) - This module is used to export MISP events to YARA.
177
180
 
178
- ## Import Modules
181
+ ### Import Modules
179
182
  * [ANYRUN Sandbox Import](https://misp.github.io/misp-modules/import_mod/#anyrun-sandbox-import) - A module designed to retrieve an analysis report from the ANY.RUN Sandbox by its unique ID and extract results (such as verdict, malware tags, and IOCs), converting them into MISP attributes within your event.
180
183
  * [PDNS COF Importer](https://misp.github.io/misp-modules/import_mod/#pdns-cof-importer) - Passive DNS Common Output Format (COF) MISP importer
181
184
  * [CSV Import](https://misp.github.io/misp-modules/import_mod/#csv-import) - Module to import MISP attributes from a csv file.
@@ -195,10 +198,12 @@ For further Information see the [license file](https://misp.github.io/misp-modul
195
198
  * [VMRay API Import](https://misp.github.io/misp-modules/import_mod/#vmray-api-import) - Module to import VMRay (VTI) results.
196
199
  * [VMRay Summary JSON Import](https://misp.github.io/misp-modules/import_mod/#vmray-summary-json-import) - Import a VMRay Summary JSON report.
197
200
 
198
- ## Action Modules
201
+ ### Action Modules
202
+ * [Export to Sentinel or Defender](https://misp.github.io/misp-modules/action_mod/#export-to-sentinel-or-defender) - Export indicators to Microsoft Sentinel or Microsoft Defender. Requires an existing installation of MISP2Sentinel or MISP2Defender.
199
203
  * [Mattermost](https://misp.github.io/misp-modules/action_mod/#mattermost) - Simplistic module to send message to a Mattermost channel.
200
204
  * [Nextcloud talk](https://misp.github.io/misp-modules/action_mod/#nextcloud-talk) - Simplistic module to send a message to a Nextcloud talk conversation.
201
205
  * [Slack](https://misp.github.io/misp-modules/action_mod/#slack) - Simplistic module to send messages to a Slack channel.
202
206
  * [Test action](https://misp.github.io/misp-modules/action_mod/#test-action) - This module is merely a test, always returning true. Triggers on event publishing.
203
207
 
204
208
 
209
+
@@ -355,7 +355,7 @@ def main():
355
355
  ioloop.IOLoop.instance().start()
356
356
  finally:
357
357
  ioloop.IOLoop.instance().stop()
358
- return 0
358
+ return 0
359
359
 
360
360
 
361
361
  if __name__ == "__main__":
@@ -0,0 +1,232 @@
1
+ import json
2
+ import requests
3
+
4
+ misperrors = {'error': 'Error'}
5
+ mispattributes = {
6
+ 'input': ['ip', 'ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'domain', 'hostname', 'url', 'uri', 'link'],
7
+ 'output': ['text', 'comment'],
8
+ 'format': 'misp_standard',
9
+ }
10
+
11
+ userConfig = {
12
+ "license": {
13
+ "type": "String",
14
+ "errorMessage": "alphaMountain license key is required",
15
+ "message": "Your alphaMountain API license key",
16
+ "required": True,
17
+ },
18
+ "scan_depth": {
19
+ "type": "String",
20
+ "message": "Scan depth: low, medium, or high (default: medium)",
21
+ "default": "medium",
22
+ "required": False,
23
+ },
24
+ "partner_type": {
25
+ "type": "String",
26
+ "message": "Partner type (default: partner.info)",
27
+ "default": "partner.info",
28
+ "required": False,
29
+ },
30
+ }
31
+
32
+ moduleconfig = list(userConfig.keys())
33
+
34
+ moduleinfo = {
35
+ 'version': '1.0',
36
+ 'author': 'alphaMountain',
37
+ 'description': (
38
+ 'alphaMountain threat intelligence lookup for IPs, domains, hostnames, and URLs - adds risk score tags'
39
+ ),
40
+ 'module-type': ['expansion', 'hover'],
41
+ 'name': 'alphaMountain_risk',
42
+ 'logo': '',
43
+ 'requirements': [],
44
+ 'features': '',
45
+ 'references': [],
46
+ }
47
+
48
+
49
+ def handler(q=False):
50
+ """Main handler function called by MISP"""
51
+
52
+ if q is False:
53
+ return False
54
+
55
+ try:
56
+ request = json.loads(q)
57
+ except Exception as e:
58
+ return {'error': f'Invalid JSON input: {str(e)}'}
59
+
60
+ if not request.get('config'):
61
+ return {'error': 'Configuration required'}
62
+
63
+ config = request['config']
64
+ if 'license' not in config:
65
+ return {'error': 'License key required in module configuration'}
66
+
67
+ attribute = request.get('attribute')
68
+ if not attribute:
69
+ return {'error': 'No attribute provided'}
70
+
71
+ # Check for required fields for MISP modules
72
+ required_fields = ['type', 'value', 'uuid']
73
+ if not all(field in attribute for field in required_fields):
74
+ return {'error': f'Invalid attribute format, missing fields: {required_fields}'}
75
+
76
+ # Validate attribute type is supported
77
+ if attribute['type'] not in mispattributes['input']:
78
+ return {'error': f'Unsupported attribute type: {attribute["type"]}'}
79
+
80
+ license_key = config['license']
81
+ api_url = 'https://api.alphamountain.ai/threat/uri'
82
+ scan_depth = config.get('scan_depth', 'medium')
83
+ partner_type = config.get('partner_type', 'partner.info')
84
+
85
+ # Map MISP attribute type to alphaMountain API category and extract value
86
+ ioc_value = get_ioc_value(attribute)
87
+
88
+ try:
89
+ threat_data = query_alphamountain_api(api_url, license_key, ioc_value, scan_depth, partner_type)
90
+
91
+ if not threat_data:
92
+ return {'error': 'No data returned from alphaMountain API'}
93
+
94
+ # Create results dictionary - DO NOT include the original attribute
95
+ results = {'Attribute': []}
96
+
97
+ # Process the response and create attributes with tags
98
+ process_threat_response(threat_data, results, attribute)
99
+
100
+ return {'results': results}
101
+
102
+ except requests.RequestException as e:
103
+ return {'error': f'API request failed: {str(e)}'}
104
+ except Exception as e:
105
+ return {'error': f'Processing error: {str(e)}'}
106
+
107
+
108
+ def get_ioc_value(attribute):
109
+ """Extract IOC value from attribute, handling IPs with ports"""
110
+ attr_type = attribute['type']
111
+ attr_value = attribute['value']
112
+
113
+ # For IP addresses with ports, strip the port (alphaMountain API doesn't support ports)
114
+ if attr_type in ['ip-src|port', 'ip-dst|port']:
115
+ return attr_value.split('|')[0]
116
+
117
+ return attr_value
118
+
119
+
120
+ def query_alphamountain_api(api_url, license_key, ioc_value, scan_depth, partner_type):
121
+ """Query the alphaMountain API for threat intelligence"""
122
+
123
+ headers = {'Content-Type': 'application/json'}
124
+ payload = {'uri': ioc_value, 'license': license_key, 'version': 1, 'type': partner_type, 'scan_depth': scan_depth}
125
+
126
+ try:
127
+ response = requests.post(api_url, json=payload, headers=headers, timeout=30)
128
+ response.raise_for_status()
129
+
130
+ return response.json()
131
+
132
+ except requests.exceptions.HTTPError as e:
133
+ status = response.status_code if response else "No status"
134
+ body = response.text[:500] if response else "No response body"
135
+ raise ValueError(f"HTTP {status}: {body} - {str(e)}")
136
+
137
+ except requests.exceptions.RequestException as e:
138
+ raise ValueError(f"Request failed: {str(e)}")
139
+
140
+ except Exception as e:
141
+ raise ValueError(f"Unexpected error: {str(e)}")
142
+
143
+
144
+ def process_threat_response(threat_data, results, original_attribute):
145
+ """Process the API response and apply risk score tag to the original attribute"""
146
+
147
+ # Create tags list - only risk score
148
+ tags = []
149
+
150
+ if not isinstance(threat_data, dict):
151
+ # Add error tag
152
+ tags.append({'name': 'alphaMountain:error', 'colour': '#ff0000'})
153
+ else:
154
+ status = threat_data.get('status', {})
155
+ if status.get('threat') != 'Success':
156
+ tags.append({'name': 'alphaMountain:api-error', 'colour': '#ff0000'})
157
+ else:
158
+ threat_info = threat_data.get('threat', {})
159
+
160
+ if isinstance(threat_info, dict) and threat_info:
161
+ score = threat_info.get('score', 'N/A')
162
+
163
+ # Add risk score tag
164
+ if score != 'N/A':
165
+ try:
166
+ score_float = round(float(score), 2)
167
+ risk_level = get_risk_level(score_float)
168
+ risk_color = get_risk_color(risk_level)
169
+
170
+ # Add specific score tag with full precision
171
+ tags.append({'name': f'alphaMountain:risk-score="{score_float}"', 'colour': risk_color})
172
+
173
+ except (ValueError, TypeError):
174
+ # If score is not a valid number, add a generic tag
175
+ tags.append({'name': 'alphaMountain:risk-score="unknown"', 'colour': '#ffa500'})
176
+
177
+ # If no tags were added, add a no-data tag
178
+ if not tags:
179
+ tags.append({'name': 'alphaMountain:no-data', 'colour': '#ffa500'})
180
+
181
+ # Create enriched attribute with only risk score tag
182
+ enriched_attribute = {
183
+ 'type': original_attribute['type'],
184
+ 'value': original_attribute['value'],
185
+ 'category': original_attribute.get('category', 'Network activity'),
186
+ 'to_ids': original_attribute.get('to_ids', False),
187
+ 'disable_correlation': original_attribute.get('disable_correlation', False),
188
+ 'comment': 'alphaMountain threat intelligence analysis',
189
+ 'Tag': tags,
190
+ }
191
+
192
+ results['Attribute'].append(enriched_attribute)
193
+
194
+
195
+ def get_risk_level(score):
196
+ """Determine risk level based on score"""
197
+ int_score = int(score)
198
+ if int_score >= 8:
199
+ return 'high'
200
+ elif int_score >= 7:
201
+ return 'medium'
202
+ elif int_score >= 6:
203
+ return 'low'
204
+ else:
205
+ return 'minimal'
206
+
207
+
208
+ def get_risk_color(risk_level):
209
+ """Get color code for risk level"""
210
+ color_map = {
211
+ 'high': '#ff0000', # Red
212
+ 'medium': '#ffa500', # Orange
213
+ 'low': '#ffff00', # Yellow
214
+ 'minimal': '#00cc00', # Green
215
+ }
216
+ return color_map.get(risk_level, '#cccccc')
217
+
218
+
219
+ def introspection():
220
+ """Return module metadata for MISP"""
221
+ modulesetup = {}
222
+ modulesetup['userConfig'] = userConfig
223
+ modulesetup['input'] = mispattributes['input']
224
+ modulesetup['output'] = mispattributes['output']
225
+ modulesetup['format'] = 'misp_standard'
226
+ return modulesetup
227
+
228
+
229
+ def version():
230
+ """Return module version"""
231
+ moduleinfo['config'] = moduleconfig
232
+ return moduleinfo
@@ -3,7 +3,7 @@ import io
3
3
  import json
4
4
 
5
5
  import docx
6
- import np
6
+ import numpy as np
7
7
 
8
8
  misperrors = {"error": "Error"}
9
9
  mispattributes = {"input": ["attachment"], "output": ["freetext", "text"]}