VirusTotal's MISP modules get a fresh upgrade

Informationsportal Cybersicherheit interne Portal Nachrichten

TSEC NEWS (572 Quellen): 11.08.22 Perofrmance fix. Download Android App Android App von Team IT Security

Informationsportal Cybersecurity Chronologie für Nachrichtenthemen

★ Android 10 (105)
★ Polizei (1526)
★ Windows 12 (7)
★ Blockchain (203)
★ Google Chrome (111)
★ Dark Net (1456)
★ iPad (261)
★ Android 8 (101)
★ Snowden (7)
★ Devops (848)
★ Elon Musk (211)
★ staatstrojaner (89)
★ Xiaomi (228)
★ [remote] (2168)
★ eBay (208)
★ openbullet (663)
★ zero day (217)
★ Dark+Net (10)
★ Firewall (2096)
★ Windows XP (3451)
★ Youtube (129)
★ Siem (110)
★ Überwachung (3663)
★ Netflix (158)
★ Apk Store (697)
★ Apple (5084)
★ [webapps] (2744)
★ Pwn2own (1329)
★ suresecure (1156)
★ Debian (323)
★ Ransomeware (120)
★ MAD (2474)
★ PrestaShop (193)
★ Debugging (1725)
★ CentOS (2569)
★ [dos] (175)
★ Fritzbox (2255)
★ Cisco (84)
★ iPhone (165)
★ Attack (327)
★ Covid19 (4)
★ Deepmind (202)
★ Chatkontrolle (12)
★ Hacker (5840)
★ FBI (706)
★ Roboter (168)
★ [local] (1916)
★ Telegram (154)
★ SAP (3030)
★ Windows 11 (7)

VirusTotal's MISP modules get a fresh upgrade

20.04.2022 um 15:01 Uhr
blog.virustotal.com
Tldr: We upgraded the VirusTotal MISP modules and added new cool relationships.

Historically, VirusTotal provides integration to MISP through two modules (corresponding to public and VT Enterprise subscriptions) created and maintained by the community. They are used to enrich and provide additional context to indicators in the MISP platform. Additionally, we contributed with a module to export MISP events to VTGraph and more recently with a module exporting events to VTCollections.

The freshly upgraded modules (VirusTotal and VirusTotal Public) were migrated from the old API v2 to v3, which allowed us to improve the data returned per indicator, adding detection ratio to IPs addresses and Domains. Moreover, we have added more relationships and attributes.

The following table summarizes the attributes provided by the freshly upgraded modules to enrich MISP events per type of indicator:

MISP Module
File
URL
Domain
IP
VirusTotal
Detection ratio
md5,sha1,sha256
tlsh*
vhash*
ssdeep*
imphash*
ITW urls*
Communicating files*
Downloaded files*
Referrer files*
Detection ratio
Communicating files*
Downloaded files*
Referrer files*
Resolutions*
URLs*
Detection ratio*
Whois
Communicating files
Downloaded files
Referred files
Subdomains Siblings Resolutions
URLs*
Detection ratio*
ANS
Network
Country Resolutions
URLs
VirusTotal Public
Detection ratio
tlsh*
vhash*
ssdeep*
imphash*
Communicating files*
Downloaded files*
Referrer files*
Detection ratio
Detection ratio*
Whois
Communicating files
Referred files
Subdomains Siblings Resolutions
Detection ratio*
ANS
Network
Country Resolutions
* new attributes and relationships available.

Keep in mind that all these VirusTotal modules are not activated in MISP by default, so please ask your friendly MISP administrator to check them out! Stay tuned for more VirusTotal contributions into the Threat Intel ecosystem and as usual, please let us know how we can further help.

Happy Hunting!
...
Komplette Nachricht lesen

Zur Startseite

Sharing is caring

Auf Reddit

Auf Telegram

Auf Flipboard

Auf LinkedIn

Auf Xing

Auf Twitter

Auf Whatsapp

Auf Facebook

Join the Community (beta)

"Team Security" Reddit-Gruppe

"Team Security" Telegram-Gruppe .

"Team Security" Facebookseite

➤ Ähnliche Beiträge für 'VirusTotal's MISP modules get a fresh upgrade'
MISP bis 2.4.68 Index Filter Tool misp2.4.68.js cross site scripting
vom 21.03.2017 um 01:00 Uhr 2221.35 Punkte
Eine problematice Schwachstelle wurde in MISP bis 2.4.68 entdeckt. Hierbei geht es um eine unbekannte Funktion der Datei app/webroot/js/misp2.4.68.js der Komponente Index Filter Tool. Durch die Manipulation mit einer unbekannten Eingabe kann eine Cross Site
MISP - Malware Information Sharing Platform and Threat Sharing
vom 02.01.2019 um 13:32 Uhr 1010.4 Punkte
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detecti
[Unstable Update] 2021-04-02 - Kernels, Gnome 40, Firefox, Libreoffice, Systemd 248
vom 02.04.2021 um 10:39 Uhr 963.88 Punkte
Hello community, Another unstable branch update with some usual updates for you. 1920×969 154 KB Test Gnome with our latest Developer ISOs, both 3.38 and 40 shell-based! We continue updateing Gnome to 40 Most of our Kernels got updated Another Firefox beta update LibreOffice
[Testing Update] 2020-08-23 - Kernels, LibreOffice 7.0, KDE-git, Mate 1.24.1, GCC 10, Python, Haskell
vom 23.08.2020 um 18:45 Uhr 894.8 Punkte
Hello community, Another testing branch update with some interesting updates for you! 1024×260 140 KB Get the latest LibreOffice 7.0 … #stayhome, #staysafe, #stayhealthy LibreOffice got renewed to the latest releases: 6.4.6; 7.0.0 We updated some of our KDE-git packages Mat
[Testing Update] 2020-03-21 - Kernels, Pamac 9.4, Systemd, Mesa, LibreOffice
vom 21.03.2020 um 20:12 Uhr 873.04 Punkte
@philm wrote: Hello community, here is another Testing Update for you: 1000×60010 reasons to switch to Manjaro Linux Some feature-updates: We updated some of our Kernels Pamac finally got updated to 9.4.0 and introduces f
Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
vom 06.02.2020 um 12:30 Uhr 727.43 Punkte
A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show th
Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
vom 06.11.2019 um 12:00 Uhr 595.16 Punkte
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow
Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence
vom 26.02.2020 um 15:42 Uhr 539.79 Punkte
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-pyTen years ago, VirusTotal launched VT Intelligence; a critical component of VT Ent
Maintaining a healthy community
vom 04.05.2016 um 09:29 Uhr 527.97 Punkte
VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multi
Maintaining a healthy community
vom 04.05.2016 um 09:29 Uhr 527.97 Punkte
VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multi
Deception at a scale
vom 02.08.2022 um 17:50 Uhr 477.05 Punkte
Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How malware abuses t
Revamping in-house dynamic analysis with VirusTotal Jujubox Sandbox
vom 24.10.2019 um 11:54 Uhr 418.77 Punkte
VirusTotal Jujubox Sandbox in action: This is a small datastudio set up to illustrate the kind of analytics that can be built with a massive dynamic analysis setup, generating IoCs. Note that there are several pages. One of the main themes of VirusTota

Team Security Diskussion über VirusTotal's MISP modules get a fresh upgrade

Team Security beliebte IT Sicherheit letzte 48 Stunden
Keine Daten vorhanden.

Team Security beliebte IT Sicherheit letzte 30 Tage
Keine Daten vorhanden.