chg: add gitignore, cleanup

slight_refactoring
Raphaël Vinot 2018-05-04 14:24:02 +02:00
parent 516a890cfe
commit 3cd2863f42
4 changed files with 126 additions and 14 deletions

115
.gitignore vendored Normal file
View File

@ -0,0 +1,115 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# pyenv
.python-version
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# dotenv
.env
# virtualenv
.venv
venv/
ENV/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
# Redis
*.rdb
# Storage
rawdata
# ardb
storage/ardb.pid
storage/data
storage/repl
# Config files of running instance
*config.py

View File

@ -0,0 +1,8 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pathlib import Path
binpath = Path(__file__).cwd() / 'mail_to_misp.py'
smtp_addr = '127.0.0.1'
smtp_port = 2525

View File

@ -77,7 +77,7 @@ class Mail2MISP():
if attachment.get_filename() and attachment.get_filename().endswith('.eml'): if attachment.get_filename() and attachment.get_filename().endswith('.eml'):
self.forwarded_email(pseudofile=BytesIO(attachment.get_content().as_bytes())) self.forwarded_email(pseudofile=BytesIO(attachment.get_content().as_bytes()))
else: else:
if self.config_from_email_body.get('attachment') == 'benign': if self.config_from_email_body.get('attachment') == config.m2m_benign_attachment_keyword:
# Attach sane file # Attach sane file
self.misp_event.add_attribute('attachment', value='Report', self.misp_event.add_attribute('attachment', value='Report',
data=BytesIO(attachment.get_content().as_bytes())) data=BytesIO(attachment.get_content().as_bytes()))

View File

@ -1,6 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import os
misp_url = 'YOUR_MISP_URL' misp_url = 'YOUR_MISP_URL'
misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section
@ -10,23 +9,13 @@ spamtrap = False
m2m_key = 'YOUSETYOURKEYHERE' m2m_key = 'YOUSETYOURKEYHERE'
m2m_auto_distribution = '3' # 3 = All communities m2m_auto_distribution = '3' # 3 = All communities
m2m_attachment_keyword = 'attachment:benign' m2m_benign_attachment_keyword = 'benign'
debug = False debug = False
nameservers = ['149.13.33.69'] nameservers = ['149.13.33.69']
email_subject_prefix = 'M2M' email_subject_prefix = 'M2M'
attach_original_mail = True attach_original_mail = True
# Paths (should be automatic)
bindir = os.path.dirname(os.path.realpath(__file__))
cfgdir = os.path.dirname(os.path.realpath(__file__))
scriptname = 'mail_to_misp.py'
binpath = os.path.join(bindir, scriptname)
# for the SPAM trap
smtp_addr = "127.0.0.1"
smtp_port = 25
excludelist = ('google.com', 'microsoft.com') excludelist = ('google.com', 'microsoft.com')
externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net') externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')
internallist = ('internal.system.local') internallist = ('internal.system.local')
@ -51,7 +40,7 @@ sighting = True
sighting_source = "YOUR_MAIL_TO_MISP_IDENTIFIER" sighting_source = "YOUR_MAIL_TO_MISP_IDENTIFIER"
# Remove "[tags]", "Re: ", "Fwd: " from subject # Remove "[tags]", "Re: ", "Fwd: " from subject
removelist = ("[\(\[].*?[\)\]]", "Re: ", "Fwd: ") removelist = ("[\(\[].*?[\)\]]", "Re: ", "Fwd: ", "{Spam?} ")
# TLP tag setup # TLP tag setup
# Tuples contain different variations of spelling # Tuples contain different variations of spelling