Merge branch 'master' of github.com:rommelfs/mail_to_misp

README.md

@@ -2,14 +2,6 @@
 
 Connect your mail client to [MISP](https://github.com/MISP/MISP) in order to create events based on the information contained within mails.
 
-For the moment, the implemented workflow is:
-
-1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
-
-Thunderbird will be targeted soon.
-
-
-
 ## Features
 
 - Extraction of URLs and IP addresses (and port numbers) from free text emails
@@ -24,8 +16,35 @@ Thunderbird will be targeted soon.
 - Ignore 'whitelisted' domains (configurable)
 - Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)
 
+## Implementation
+
+For the moment, the implemented workflow is:
+
+1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
+
+Thunderbird will be targeted soon.
+
+## Installation
+
+### Apple Mail
+
+1. Mail rule script
+- git clone this repository
+- open the AppleScript file MUA/Apple/Mail/MISP Mail Rule Action.txt in Apple's 'Script Editor'
+- adjust the path to the python installation and location of the mail_to_misp.py script
+- save it in ~/Library/Application Scripts/com.apple.mail/
+2. Create a mail rule based on your needs, executing the AppleScript defined before
+3. Configure mail_to_misp_config.py
+
+You should be able to create MISP events now.
+
+
+
 ## Requirements
 
-mail_to_misp requires access to a MISP instance (via API).
+- mail_to_misp requires access to a MISP instance (via API).
+- urlmarker from https://github.com/rcompton/ryancompton.net/blob/master/assets/praw_drugs/urlmarker.py (contained in this project)
+- defang from https://bitbucket.org/johannestaas/defang
+- Optionally patch defang/defang/__init__.py and add dirty_line = dirty_line.replace('hXXp', 'http') at line 47