search

cloudtracer / ThreatPinchLookup

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
https://chrome.google.com/webstore/detail/threatpinch-lookup/ljdgplocfnmnofbhpkjclbefmjoikgke
344 stars 76 forks source link

GreyNoise.io Integration #75

Open co-devs opened 5 years ago

co-devs commented 5 years ago

Add API integration for GreyNoise.io. I used the wizard and believe that I got a good result, raw schema included below. Not sure if this is the correct way to share new integrations, the documentation mentioned creating a new issue to do so.

{
    "lookupName": "GreyNoise",
    "lookupVariable": "GREYNOISE",
    "lookupType": "IPV4",
    "lookupUrl": "http://api.greynoise.io:8888/v1/query/ip",
    "httpHeaders": "",
    "httpType": "POST",
    "dataType": "JSON",
    "dataSchema": {
        "0_GreyNoise.io": {
            "title": "GreyNoise.io",
            "mapping": "${PINCH.LINKURL}",
            "order": 0,
            "linkTitle": "${PINCH.HOVERITEM}",
            "linkUrl": "https://www.google.com/search?q=${PINCH.HOVERITEM}"
        },
        "1_returned_count": {
            "title": "returned_count",
            "mapping": "${PINCH.RESPONSE.returned_count}",
            "order": 1
        },
        "2_name": {
            "title": "name",
            "mapping": "${PINCH.LOOP.name}",
            "order": 2,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "3_first_seen": {
            "title": "first_seen",
            "mapping": "${PINCH.LOOP.first_seen}",
            "order": 3,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "4_last_updated": {
            "title": "last_updated",
            "mapping": "${PINCH.LOOP.last_updated}",
            "order": 4,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "5_confidence": {
            "title": "confidence",
            "mapping": "${PINCH.LOOP.confidence}",
            "order": 5,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "6_intention": {
            "title": "intention",
            "mapping": "${PINCH.LOOP.intention}",
            "order": 6,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "7_category": {
            "title": "category",
            "mapping": "${PINCH.LOOP.category}",
            "order": 7,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "8_org": {
            "title": "org",
            "mapping": "${PINCH.LOOP.org}",
            "order": 8,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "9_rdns": {
            "title": "rdns",
            "mapping": "${PINCH.LOOP.rdns}",
            "order": 9,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "10_rdns_parent": {
            "title": "rdns_parent",
            "mapping": "${PINCH.LOOP.rdns_parent}",
            "order": 10,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "11_datacenter": {
            "title": "datacenter",
            "mapping": "${PINCH.LOOP.datacenter}",
            "order": 11,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "12_asn": {
            "title": "asn",
            "mapping": "${PINCH.LOOP.asn}",
            "order": 12,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "13_os": {
            "title": "os",
            "mapping": "${PINCH.LOOP.os}",
            "order": 13,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "14_link": {
            "title": "link",
            "mapping": "${PINCH.LOOP.link}",
            "order": 14,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "15_tor": {
            "title": "tor",
            "mapping": "${PINCH.LOOP.tor}",
            "order": 15,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        }
    },
    "disabled": false,
    "iocs": true,
    "authorizationType": "DEFAULT",
    "requestGroup": "INTERNET",
    "httpPostData": "ip=${PINCH.HOVERITEM}",
    "excludePivots": [],
    "sample": "119.29.198.201",
    "order": 999999
}
cloudtracer commented 5 years ago

Hi @co-devs,

Very cool, thanks for creating this. I was able to add it pretty easily and it looks to work great! I'll see about adding it the next time I push a release.

For future reference, on the settings page there is actually a "Share" button for all the API integrations, which will open a page that you can just copy the URL and share it with other people. If the integration has "User Defined" settings - such as API keys/passwords - these settings won't be shared, the person receiving the link will just need to add their own details to the user defined bits.

image

chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlIiwibG9va3VwVmFyaWFibGUiOiJHUkVZTk9JU0UiLCJsb29rdXBUeXBlIjoiSVBWNCIsImxvb2t1cFVybCI6Imh0dHA6Ly9hcGkuZ3JleW5vaXNlLmlvOjg4ODgvdjEvcXVlcnkvaXAiLCJodHRwSGVhZGVycyI6IiIsImh0dHBUeXBlIjoiUE9TVCIsImRhdGFUeXBlIjoiSlNPTiIsImRhdGFTY2hlbWEiOnsiMF9HcmV5Tm9pc2UuaW8iOnsidGl0bGUiOiJHcmV5Tm9pc2UuaW8iLCJtYXBwaW5nIjoiJHtQSU5DSC5MSU5LVVJMfSIsIm9yZGVyIjowLCJsaW5rVGl0bGUiOiIke1BJTkNILkhPVkVSSVRFTX0iLCJsaW5rVXJsIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9zZWFyY2g/cT0ke1BJTkNILkhPVkVSSVRFTX0ifSwiMV9yZXR1cm5lZF9jb3VudCI6eyJ0aXRsZSI6InJldHVybmVkX2NvdW50IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UucmV0dXJuZWRfY291bnR9Iiwib3JkZXIiOjF9LCIyX25hbWUiOnsidGl0bGUiOiJuYW1lIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5uYW1lfSIsIm9yZGVyIjoyLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjNfZmlyc3Rfc2VlbiI6eyJ0aXRsZSI6ImZpcnN0X3NlZW4iLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmZpcnN0X3NlZW59Iiwib3JkZXIiOjMsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0iLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiNF9sYXN0X3VwZGF0ZWQiOnsidGl0bGUiOiJsYXN0X3VwZGF0ZWQiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmxhc3RfdXBkYXRlZH0iLCJvcmRlciI6NCwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI1X2NvbmZpZGVuY2UiOnsidGl0bGUiOiJjb25maWRlbmNlIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5jb25maWRlbmNlfSIsIm9yZGVyIjo1LCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjZfaW50ZW50aW9uIjp7InRpdGxlIjoiaW50ZW50aW9uIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5pbnRlbnRpb259Iiwib3JkZXIiOjYsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0iLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiN19jYXRlZ29yeSI6eyJ0aXRsZSI6ImNhdGVnb3J5IiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5jYXRlZ29yeX0iLCJvcmRlciI6NywianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI4X29yZyI6eyJ0aXRsZSI6Im9yZyIsIm1hcHBpbmciOiIke1BJTkNILkxPT1Aub3JnfSIsIm9yZGVyIjo4LCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjlfcmRucyI6eyJ0aXRsZSI6InJkbnMiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnJkbnN9Iiwib3JkZXIiOjksImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiMTBfcmRuc19wYXJlbnQiOnsidGl0bGUiOiJyZG5zX3BhcmVudCIsIm1hcHBpbmciOiIke1BJTkNILkxPT1AucmRuc19wYXJlbnR9Iiwib3JkZXIiOjEwLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjExX2RhdGFjZW50ZXIiOnsidGl0bGUiOiJkYXRhY2VudGVyIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5kYXRhY2VudGVyfSIsIm9yZGVyIjoxMSwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXS5tZXRhZGF0YSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCIxMl9hc24iOnsidGl0bGUiOiJhc24iLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmFzbn0iLCJvcmRlciI6MTIsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiMTNfb3MiOnsidGl0bGUiOiJvcyIsIm1hcHBpbmciOiIke1BJTkNILkxPT1Aub3N9Iiwib3JkZXIiOjEzLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjE0X2xpbmsiOnsidGl0bGUiOiJsaW5rIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5saW5rfSIsIm9yZGVyIjoxNCwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXS5tZXRhZGF0YSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCIxNV90b3IiOnsidGl0bGUiOiJ0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnRvcn0iLCJvcmRlciI6MTUsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifX0sImRpc2FibGVkIjpmYWxzZSwiaW9jcyI6dHJ1ZSwiYXV0aG9yaXphdGlvblR5cGUiOiJERUZBVUxUIiwicmVxdWVzdEdyb3VwIjoiSU5URVJORVQiLCJodHRwUG9zdERhdGEiOiJpcD0ke1BJTkNILkhPVkVSSVRFTX0iLCJleGNsdWRlUGl2b3RzIjpbXSwic2FtcGxlIjoiMTE5LjI5LjE5OC4yMDEiLCJvcmRlciI6NTh9

co-devs commented 5 years ago

I totally missed that share button, thanks for the follow up!