MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

better url/hostname/ip handling

pull/4/head
Sascha Rommelfangen 2017-06-16 09:59:46 +02:00
parent a59863ced9
commit 26d3384de4
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
mail_to_misp.py
View File

@ -235,6 +235,10 @@ for entry in urllist:
f.decode(entry) f.decode(entry)
domainname = f.get_domain().decode('utf-8', 'ignore') domainname = f.get_domain().decode('utf-8', 'ignore')
hostname = f.get_host().decode('utf-8', 'ignore') hostname = f.get_host().decode('utf-8', 'ignore')
try:
schema = f.get_scheme().decode('utf-8', 'ignore')
except:
schema = False
if debug: if debug:
syslog.syslog(domainname) syslog.syslog(domainname)
if domainname not in excludelist: if domainname not in excludelist:
@ -248,10 +252,11 @@ for entry in urllist:
if debug: if debug:
syslog.syslog(str(entry)) syslog.syslog(str(entry))
if hostname: if hostname:
if is_valid_ipv4_address(entry): if schema:
misp.add_url(new_event, entry, category='Network activity', to_ids=False) if is_valid_ipv4_address(hostname):
else: misp.add_url(new_event, entry, category='Network activity', to_ids=False)
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag) else:
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
if debug: if debug:
syslog.syslog(hostname) syslog.syslog(hostname)
port = f.get_port() port = f.get_port()