search

MISP / misp-modules

Modules for expansion services, enrichment, import and export in MISP and other tools.
http://misp.github.io/misp-modules
GNU Affero General Public License v3.0
332 stars 233 forks source link

Added the new attribute and tags for AbuseIPDB and added the google s… #629

Closed TinyHouseHippos closed 12 months ago

TinyHouseHippos commented 12 months ago

…afe browsing expansion module

The AbuseIPDB module enriches IP addresses and domains. To use this expansion module, you need to add the API key (Free to make an account for AbuseIPDB) and set the max_age_in_days value (How far in the past you want to look for that IP or domain) and the abuse threshold (will set the malicious attribute to True if abuse_confidence_score >= threshold). The module will return if the IP was found in AbuseIPDB's whitelists (is-whitelist), if it is related to Tor (is-tor), if it is public (is-public), if it is malicious (is-malicious) and the abuse confidence score (abuse-confidence-score) which is a rating (scaled 0-100) of how confident AbuseIPDB is that an IP address is entirely malicious.

The google safe browsing module will check a url and let you know if it is malicious. If it is malicious it will return the type of threat and the platform. It will also add tags. You need to add the API key for google safe browsing :)

The module needs a new MISP object template (https://github.com/MISP/misp-objects/pull/399)

mokaddem commented 12 months ago

Awesome! Thanks for the contribution! :)