|
1116 | 1116 | } |
1117 | 1117 | }, "Next ", '\u2192'))); |
1118 | 1118 | } |
| 1119 | +const FEED_BASE = 'feeds/'; |
1119 | 1120 | const FEEDS = [{ |
1120 | 1121 | name: 'STIX 2.1 Bundle', |
1121 | 1122 | plat: 'OpenCTI / TAXII', |
1122 | | - desc: 'Indicators + Malware SDOs + Relationships. Confidence scores.' |
| 1123 | + desc: 'Indicators + Malware SDOs + Relationships. Confidence scores.', |
| 1124 | + file: 'stix2_bundle.json' |
1123 | 1125 | }, { |
1124 | 1126 | name: 'MISP Event', |
1125 | 1127 | plat: 'MISP', |
1126 | | - desc: 'Attributes + SHA-256 hashes + annotation objects.' |
| 1128 | + desc: 'Attributes + SHA-256 hashes + annotation objects.', |
| 1129 | + file: 'misp_event.json' |
1127 | 1130 | }, { |
1128 | 1131 | name: 'MISP Warning List', |
1129 | 1132 | plat: 'MISP', |
1130 | | - desc: 'Warning list for correlation.' |
| 1133 | + desc: 'Warning list for correlation.', |
| 1134 | + file: 'misp_warninglist.json' |
1131 | 1135 | }, { |
1132 | 1136 | name: 'OpenCTI CSV', |
1133 | 1137 | plat: 'OpenCTI', |
1134 | | - desc: 'CSV with x_opencti_score, confidence.' |
| 1138 | + desc: 'CSV with x_opencti_score, confidence.', |
| 1139 | + file: 'opencti_import.csv' |
1135 | 1140 | }, { |
1136 | 1141 | name: 'Splunk Lookup', |
1137 | 1142 | plat: 'Splunk', |
1138 | | - desc: 'Lookup table with wildcard patterns + SHA-256.' |
| 1143 | + desc: 'Lookup table with wildcard patterns + SHA-256.', |
| 1144 | + file: 'splunk_lookup_browser_extensions.csv' |
1139 | 1145 | }, { |
1140 | 1146 | name: 'Sigma Rules', |
1141 | 1147 | plat: 'Sigma / SIEM', |
1142 | | - desc: '13+ rules: process, file, registry, SHA-256 hash.' |
| 1148 | + desc: '13+ rules: process, file, registry, SHA-256 hash.', |
| 1149 | + file: 'sigma_rules_browser_extensions.yml' |
1143 | 1150 | }, { |
1144 | 1151 | name: 'Elastic Threat Intel', |
1145 | 1152 | plat: 'Elasticsearch', |
1146 | | - desc: 'ECS NDJSON with file hashes, TLP:CLEAR.' |
| 1153 | + desc: 'ECS NDJSON with file hashes, TLP:CLEAR.', |
| 1154 | + file: 'elastic_threat_intel.ndjson' |
1147 | 1155 | }, { |
1148 | 1156 | name: 'Elastic Detection Rule', |
1149 | 1157 | plat: 'Elastic Security', |
1150 | | - desc: 'KQL rule + MITRE T1176.' |
| 1158 | + desc: 'KQL rule + MITRE T1176.', |
| 1159 | + file: 'elastic_detection_rule.ndjson' |
1151 | 1160 | }, { |
1152 | 1161 | name: 'Sentinel KQL', |
1153 | 1162 | plat: 'Microsoft Sentinel', |
1154 | | - desc: '3 MDE tables with has_any.' |
| 1163 | + desc: '3 MDE tables with has_any.', |
| 1164 | + file: 'sentinel_analytics_rule.kql' |
1155 | 1165 | }, { |
1156 | 1166 | name: 'Sentinel Watchlist', |
1157 | 1167 | plat: 'Microsoft Sentinel', |
1158 | | - desc: 'CSV for Watchlist import with SHA-256.' |
| 1168 | + desc: 'CSV for Watchlist import with SHA-256.', |
| 1169 | + file: 'sentinel_watchlist.csv' |
1159 | 1170 | }, { |
1160 | 1171 | name: 'YARA Rules', |
1161 | 1172 | plat: 'YARA', |
1162 | | - desc: 'By category + CRX SHA-256 hash matching.' |
| 1173 | + desc: 'By category + CRX SHA-256 hash matching.', |
| 1174 | + file: 'yara_browser_extensions.yar' |
1163 | 1175 | }, { |
1164 | 1176 | name: 'Suricata Rules', |
1165 | 1177 | plat: 'Suricata / Snort', |
1166 | | - desc: 'http.uri + flow:to_server,established.' |
| 1178 | + desc: 'http.uri + flow:to_server,established.', |
| 1179 | + file: 'suricata_browser_extensions.rules' |
1167 | 1180 | }, { |
1168 | 1181 | name: 'OpenIOC', |
1169 | 1182 | plat: 'OpenIOC / Mandiant', |
1170 | | - desc: 'FileItem + RegistryItem + SHA-256.' |
| 1183 | + desc: 'FileItem + RegistryItem + SHA-256.', |
| 1184 | + file: 'openioc_browser_extensions.ioc' |
1171 | 1185 | }, { |
1172 | 1186 | name: 'JSON Feed', |
1173 | 1187 | plat: 'Universal', |
1174 | | - desc: 'Full metadata with SHA-256 hashes.' |
| 1188 | + desc: 'Full metadata with SHA-256 hashes.', |
| 1189 | + file: 'extsentry_feed.json' |
1175 | 1190 | }, { |
1176 | 1191 | name: 'Enriched CSV', |
1177 | 1192 | plat: 'Universal', |
1178 | | - desc: 'CSV with severity, SHA-256, URLs.' |
| 1193 | + desc: 'CSV with severity, SHA-256, URLs.', |
| 1194 | + file: 'extsentry_ioc_feed.csv' |
1179 | 1195 | }, { |
1180 | 1196 | name: 'Plain IOC Lists', |
1181 | 1197 | plat: 'Any', |
1182 | | - desc: 'Extension IDs + SHA-256 hashes, one per line.' |
| 1198 | + desc: 'Extension IDs + SHA-256 hashes, one per line.', |
| 1199 | + file: 'ioc_all_extension_ids.txt', |
| 1200 | + malFile: 'ioc_malicious_extension_ids.txt', |
| 1201 | + sensFile: 'ioc_suspicious_extension_ids.txt' |
1183 | 1202 | }]; |
1184 | 1203 | const PERM_RISK = [{ |
1185 | 1204 | p: '<all_urls>', |
|
2911 | 2930 | display: 'flex', |
2912 | 2931 | gap: 6 |
2913 | 2932 | } |
2914 | | - }, /*#__PURE__*/React.createElement("div", { |
| 2933 | + }, /*#__PURE__*/React.createElement("a", { |
| 2934 | + href: FEED_BASE + (f.malFile || f.file), |
| 2935 | + download: true, |
2915 | 2936 | style: { |
2916 | 2937 | flex: 1, |
2917 | 2938 | padding: '6px 0', |
|
2923 | 2944 | fontWeight: 600, |
2924 | 2945 | color: '#f85149', |
2925 | 2946 | fontFamily: mono, |
2926 | | - cursor: 'pointer' |
| 2947 | + cursor: 'pointer', |
| 2948 | + textDecoration: 'none' |
2927 | 2949 | } |
2928 | | - }, "Malicious"), /*#__PURE__*/React.createElement("div", { |
| 2950 | + }, "Malicious"), /*#__PURE__*/React.createElement("a", { |
| 2951 | + href: FEED_BASE + (f.sensFile || f.file), |
| 2952 | + download: true, |
2929 | 2953 | style: { |
2930 | 2954 | flex: 1, |
2931 | 2955 | padding: '6px 0', |
|
2937 | 2961 | fontWeight: 600, |
2938 | 2962 | color: '#d29922', |
2939 | 2963 | fontFamily: mono, |
2940 | | - cursor: 'pointer' |
| 2964 | + cursor: 'pointer', |
| 2965 | + textDecoration: 'none' |
2941 | 2966 | } |
2942 | 2967 | }, "Sensitive"))))))), tab === 'checker' && /*#__PURE__*/React.createElement(ExtensionChecker, null), tab === 'policy' && /*#__PURE__*/React.createElement(PolicyGenerator, null), tab === 'guide' && /*#__PURE__*/React.createElement("div", null, /*#__PURE__*/React.createElement("div", { |
2943 | 2968 | style: { |
|
0 commit comments