misp-modules
misp-modules copied to clipboard
New expansion module for Sherlock
https://github.com/sherlock-project/sherlock
Development discussion
This is a good idea. It seems sherlock is not a library (there is a pending issue). Socialscan sounds another cool project too and this one is available in PyPi (but not really as library). We could call sherlock or socialscan as Subprocess but I'm not a big fan of that. @Rafiot @chrisr3d what's your feeling about this? Library or subprocess. It's more a generic question for all the modules.
I see two options here:
- quick and dirty: the module clones the repository, does a subprocess call to the script, get the CSV output, parses that, and generates a blob usable by MISP
- long term: get the sherlock devs to make it a library. Needs a setup.py file - maybe upload it on PyPi - and make it usable as a lib (without running as a standalone script), and provide a formatted output (json/csv)
Can for sure already have a look at socialscan, and then think of the options we have for sherlock