mirror of https://github.com/MISP/mail_to_misp
29 lines
1020 B
Plaintext
29 lines
1020 B
Plaintext
|
#!/usr/bin/python
|
||
|
|
||
|
misp_url = 'YOUR_MISP_URL'
|
||
|
misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section
|
||
|
misp_verifycert = True
|
||
|
|
||
|
debug = True
|
||
|
debug_out_file = '/tmp/mail_to_misp-debug.txt'
|
||
|
nameservers = ['149.13.33.69']
|
||
|
|
||
|
excludelist = ('google.com', 'microsoft.com')
|
||
|
externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')
|
||
|
|
||
|
# TLP tag setup
|
||
|
# Tuples contain different variations of spelling
|
||
|
tlptags = { 'tlp:white': [ 'tlp:white', 'tlp: white' ],
|
||
|
'tlp:green': [ 'tlp:green', 'tlp: green' ],
|
||
|
'tlp:amber': [ 'tlp:amber', 'tlp: amber' ]
|
||
|
}
|
||
|
|
||
|
malwaretags = { 'locky': [ 'ecsirt:malicious-code="ransomware"', 'misp-galaxy:ransomware="Locky"' ],
|
||
|
'dridex': [ 'misp-galaxy:tool="dridex"' ],
|
||
|
'netwire': [ 'Netwire RAT' ]
|
||
|
}
|
||
|
# Tags to be set depending on the presence of other tags
|
||
|
dependingtags = { 'tlp:white': [ 'circl:osint-feed' ]
|
||
|
}
|
||
|
|