2018-05-08 15:41:08 +02:00
|
|
|
#!/usr/bin/env python3
|
2017-05-24 11:02:28 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2017-04-27 13:58:49 +02:00
|
|
|
|
2018-05-04 17:25:23 +02:00
|
|
|
import os
|
2017-06-01 09:02:11 +02:00
|
|
|
import sys
|
2018-05-02 19:08:22 +02:00
|
|
|
import argparse
|
|
|
|
import syslog
|
|
|
|
from pathlib import Path
|
|
|
|
from io import BytesIO
|
|
|
|
import importlib
|
|
|
|
|
2018-05-14 23:23:30 +02:00
|
|
|
from mail2misp import Mail2MISP
|
2018-05-02 19:08:22 +02:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
parser = argparse.ArgumentParser(description='Push a Mail into a MISP instance')
|
|
|
|
parser.add_argument("-r", "--read", help="Read from tempfile.")
|
|
|
|
parser.add_argument("-t", "--trap", action='store_true', default=False, help="Import the Email as-is.")
|
2019-07-18 11:02:42 +02:00
|
|
|
parser.add_argument("-e", "--event", default=False, help="Add indicators to this MISP event.")
|
2018-05-03 20:52:31 +02:00
|
|
|
parser.add_argument('infile', nargs='?', type=argparse.FileType('rb'))
|
2018-05-02 19:08:22 +02:00
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
|
|
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
|
|
|
|
syslog.syslog("Job started.")
|
|
|
|
|
2018-05-04 17:43:00 +02:00
|
|
|
os.chdir(Path(__file__).parent)
|
2018-05-04 17:25:23 +02:00
|
|
|
|
2018-05-04 16:28:37 +02:00
|
|
|
configmodule = Path(__file__).name.replace('.py', '_config')
|
2018-05-02 19:08:22 +02:00
|
|
|
if Path(f'{configmodule}.py').exists():
|
|
|
|
config = importlib.import_module(configmodule)
|
|
|
|
try:
|
|
|
|
misp_url = config.misp_url
|
|
|
|
misp_key = config.misp_key
|
|
|
|
misp_verifycert = config.misp_verifycert
|
|
|
|
debug = config.debug
|
|
|
|
except Exception as e:
|
|
|
|
syslog.syslog(str(e))
|
|
|
|
print("There is a problem with the configuration. A mandatory configuration variable is not set.")
|
|
|
|
print("Did you just update? mail_to_misp might have new configuration variables.")
|
|
|
|
print("Please compare with the configuration example.")
|
|
|
|
print("\nTrace:")
|
|
|
|
print(e)
|
|
|
|
sys.exit(-2)
|
2017-06-02 11:13:48 +02:00
|
|
|
else:
|
2018-05-02 19:08:22 +02:00
|
|
|
print("Couldn't locate config file {0}".format(f'{configmodule}.py'))
|
|
|
|
sys.exit(-1)
|
|
|
|
|
|
|
|
if args.infile:
|
2018-05-06 21:58:47 +02:00
|
|
|
pseudofile = BytesIO(args.infile.read().encode('utf8', 'surrogateescape'))
|
2018-05-02 19:08:22 +02:00
|
|
|
elif args.read:
|
|
|
|
# read from tempfile
|
|
|
|
with open(args.read, 'rb') as f:
|
|
|
|
pseudofile = BytesIO(f.read())
|
2017-06-01 18:39:39 +02:00
|
|
|
else:
|
2018-05-02 19:08:22 +02:00
|
|
|
# receive data and subject through arguments
|
|
|
|
raise Exception('This is not implemented anymore.')
|
2017-05-31 14:52:47 +02:00
|
|
|
|
2018-05-02 19:08:22 +02:00
|
|
|
mail2misp = Mail2MISP(misp_url, misp_key, misp_verifycert, config=config)
|
|
|
|
mail2misp.load_email(pseudofile)
|
2017-04-27 13:58:49 +02:00
|
|
|
|
|
|
|
if debug:
|
2018-05-02 19:08:22 +02:00
|
|
|
syslog.syslog(f'Working on {mail2misp.subject}')
|
|
|
|
|
|
|
|
if args.trap or config.spamtrap:
|
|
|
|
mail2misp.email_from_spamtrap()
|
|
|
|
else:
|
|
|
|
mail2misp.process_email_body()
|
2017-05-31 14:52:47 +02:00
|
|
|
|
2018-05-02 19:08:22 +02:00
|
|
|
mail2misp.process_body_iocs()
|
2018-04-03 11:09:54 +02:00
|
|
|
|
2019-07-18 11:02:42 +02:00
|
|
|
if args.event:
|
2019-07-18 15:12:15 +02:00
|
|
|
mail2misp.update_event(args.event)
|
2019-07-18 11:02:42 +02:00
|
|
|
else:
|
|
|
|
mail2misp.add_event()
|
2018-05-02 19:08:22 +02:00
|
|
|
syslog.syslog("Job finished.")
|