MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

added adding additional tags for hashes

pull/4/head
Sascha Rommelfangen 2017-05-22 09:44:55 +02:00
parent 7b092d11e0
commit 30fe9014ce
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mail_to_misp.py
View File

@ -41,6 +41,7 @@ malwaretags = config.malwaretags
dependingtags = config.dependingtags dependingtags = config.dependingtags
tlptag_default = config.tlptag_default tlptag_default = config.tlptag_default
stopword = config.stopword stopword = config.stopword
hash_only_tags = config.hash_only_tags
# Ignore lines in body of message # Ignore lines in body of message
email_data = re.sub(".*From: .*\n?","", email_data) email_data = re.sub(".*From: .*\n?","", email_data)
@ -111,6 +112,10 @@ for h in hashlist_sha1:
for h in hashlist_sha256: for h in hashlist_sha256:
misp.add_hashes(new_event, sha256=h) misp.add_hashes(new_event, sha256=h)
if (len(hashlist_md5) > 0) or (len(hashlist_sha1) > 0) or (len(hashlist_sha256) > 0):
for tag in hash_only_tags:
misp.add_tag(new_event, tag)
# Add IOCs and expanded information to MISP # Add IOCs and expanded information to MISP
for entry in urllist: for entry in urllist:
ids_flag = True ids_flag = True