From 432034aa8b9fb336178e037a0264f3c22da61e9d Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Wed, 24 May 2017 16:39:21 +0200 Subject: [PATCH] attachment -> sample --- mail_to_misp.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mail_to_misp.py b/mail_to_misp.py index 8f566c8..e8c5a50 100755 --- a/mail_to_misp.py +++ b/mail_to_misp.py @@ -184,14 +184,16 @@ for entry in urllist: target.write(entry + "\n") target.write(str(ids_flag)) if hostname: - misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag) + if is_valid_ipv4_address(entry): + misp.add_url(new_event, entry, category='Network activity', to_ids=False) + else: + misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag) if debug: target.write(hostname + "\n") port = f.get_port() comment = "" if port: comment = "on port: " + str(port) - if is_valid_ipv4_address(hostname.decode('utf-8', 'ignore')): misp.add_ipdst(new_event, hostname.decode('utf-8', 'ignore'), comment=comment, category='Network activity', to_ids=False) else: @@ -200,7 +202,7 @@ for entry in urllist: for rdata in dns.resolver.query(hostname.decode('utf-8', 'ignore'), 'A'): if debug: target.write(str(rdata) + "\n") - misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=ids_flag, comment=hostname.decode('utf-8', 'ignore')) + misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=False, comment=hostname.decode('utf-8', 'ignore')) except Exception as e: print (e) if debug: @@ -218,5 +220,5 @@ if stdin_used: _, output_path = tempfile.mkstemp() output = open(output_path, 'wb') output.write(part.get_payload(decode=True)) - misp.add_attachment(new_event, output_path, name=filename, comment=filename, category='Artifacts dropped', to_ids=True) + misp.upload_sample(event_id=new_event, filepath=output_path, filename=filename, category='Artifacts dropped', to_ids=True) output.close()