MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: do not attach the full email by default unless spamtrap mode

tests
Raphaël Vinot 2018-05-11 11:33:58 -04:00
parent 9d7e992219
commit 3003730156
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mail_to_misp.py
View File

@ -40,6 +40,7 @@ class Mail2MISP():
self.misp = PyMISP(misp_url, misp_key, verifycert, debug=config.debug) self.misp = PyMISP(misp_url, misp_key, verifycert, debug=config.debug)
self.config = config self.config = config
self.debug = self.config.debug self.debug = self.config.debug
self.config_from_email_body = {}
# Init Faup # Init Faup
self.f = Faup() self.f = Faup()
@ -123,7 +124,8 @@ class Mail2MISP():
self.misp_event.add_object(section) self.misp_event.add_object(section)
email_object.add_reference(f_object.uuid, 'related-to', 'Email attachment') email_object.add_reference(f_object.uuid, 'related-to', 'Email attachment')
self.process_body_iocs(email_object) self.process_body_iocs(email_object)
self.misp_event.add_object(email_object) if self.config.spamtrap or self.config.attach_original_mail or self.config_from_email_body.get('attach_original_mail'):
self.misp_event.add_object(email_object)
return email_object return email_object
def process_email_body(self): def process_email_body(self):

2
mail_to_misp_config.py-example
View File

@ -14,7 +14,7 @@ m2m_benign_attachment_keyword = 'benign'
debug = False debug = False
nameservers = ['149.13.33.69'] nameservers = ['149.13.33.69']
email_subject_prefix = 'M2M' email_subject_prefix = 'M2M'
attach_original_mail = True attach_original_mail = False
excludelist = ('google.com', 'microsoft.com') excludelist = ('google.com', 'microsoft.com')
externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net') externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')