mail_to_misp/mail_to_misp.py

75 lines
2.5 KiB
Python
Raw Normal View History

#!/usr/bin/env python3
2017-05-24 11:02:28 +02:00
# -*- coding: utf-8 -*-
2017-04-27 13:58:49 +02:00
2018-05-04 17:25:23 +02:00
import os
2017-06-01 09:02:11 +02:00
import sys
2018-05-02 19:08:22 +02:00
import argparse
import syslog
from pathlib import Path
from io import BytesIO
import importlib
2018-05-14 23:23:30 +02:00
from mail2misp import Mail2MISP
2018-05-02 19:08:22 +02:00
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Push a Mail into a MISP instance')
parser.add_argument("-r", "--read", help="Read from tempfile.")
parser.add_argument("-t", "--trap", action='store_true', default=False, help="Import the Email as-is.")
parser.add_argument("-e", "--event", default=False, help="Add indicators to this MISP event.")
parser.add_argument('infile', nargs='?', type=argparse.FileType('rb'))
2018-05-02 19:08:22 +02:00
args = parser.parse_args()
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
syslog.syslog("Job started.")
2018-05-04 17:43:00 +02:00
os.chdir(Path(__file__).parent)
2018-05-04 17:25:23 +02:00
2018-05-04 16:28:37 +02:00
configmodule = Path(__file__).name.replace('.py', '_config')
2018-05-02 19:08:22 +02:00
if Path(f'{configmodule}.py').exists():
config = importlib.import_module(configmodule)
try:
misp_url = config.misp_url
misp_key = config.misp_key
misp_verifycert = config.misp_verifycert
debug = config.debug
except Exception as e:
syslog.syslog(str(e))
print("There is a problem with the configuration. A mandatory configuration variable is not set.")
print("Did you just update? mail_to_misp might have new configuration variables.")
print("Please compare with the configuration example.")
print("\nTrace:")
print(e)
sys.exit(-2)
else:
2018-05-02 19:08:22 +02:00
print("Couldn't locate config file {0}".format(f'{configmodule}.py'))
sys.exit(-1)
if args.infile:
2018-05-06 21:58:47 +02:00
pseudofile = BytesIO(args.infile.read().encode('utf8', 'surrogateescape'))
2018-05-02 19:08:22 +02:00
elif args.read:
# read from tempfile
with open(args.read, 'rb') as f:
pseudofile = BytesIO(f.read())
2017-06-01 18:39:39 +02:00
else:
2018-05-02 19:08:22 +02:00
# receive data and subject through arguments
raise Exception('This is not implemented anymore.')
2018-05-02 19:08:22 +02:00
mail2misp = Mail2MISP(misp_url, misp_key, misp_verifycert, config=config)
mail2misp.load_email(pseudofile)
2017-04-27 13:58:49 +02:00
if debug:
2018-05-02 19:08:22 +02:00
syslog.syslog(f'Working on {mail2misp.subject}')
if args.trap or config.spamtrap:
mail2misp.email_from_spamtrap()
else:
mail2misp.process_email_body()
2018-05-02 19:08:22 +02:00
mail2misp.process_body_iocs()
if args.event:
2019-07-18 15:12:15 +02:00
mail2misp.update_event(args.event)
else:
mail2misp.add_event()
2018-05-02 19:08:22 +02:00
syslog.syslog("Job finished.")