MISP
Proposal for misp-modules
A list of modules to be done:
- [x] Country code expansion (hover and expansion)
- [x] CIRCL Passive SSL (hover and expansion)
- [x] CIRCL Passive DNS (hover and expansion)
- [x] DMA and Cuckoo sandbox submission (hover and expansion)
- [ ] SWIFT Bank lookup (hover)
- [ ] Export module: Bro IDS
- [ ] asn.shadowserver.org / whois
- [ ] RIPEstat module / https://stat.ripe.net/docs/data_api
- [ ] OpenDNS module via https://investigate.api.opendns.com/
- [ ] Malware Hash Registry / whois / http://www.team-cymru.org/MHR.html
- [ ] Import/Export module: Facebook ThreatExchange
- [ ] Export module: bpf filter for tcpdump or Google stenographer
- [x] Export module: markdown pdf export including natural language description of a MISP event
- [ ] Export module: markdown (table of indicators - to ease the production of reports)
Feel free to add your modules proposal or pick a module to do ;-)
Passive DNS implemented with the freetext export (new feature to be implemented soon in MISP by @iglocska )
I'm working on a MISP module to show the country code using the free geolite db from maxmind. Instead of passing the db file as a config parameter and open it for every request, I'm looking for a way to open it once when the module is started. Is there a simple way to implement this? Do you have any hints how to access config parameters when the module server is started?
Export module: markdown pdf export including natural language description of a MISP event This has been added, but with a very simple natural language description of a MISP event.
