mirror of https://github.com/MISP/mail_to_misp
attachment -> sample
parent
ed94db8b27
commit
432034aa8b
|
@ -184,6 +184,9 @@ for entry in urllist:
|
||||||
target.write(entry + "\n")
|
target.write(entry + "\n")
|
||||||
target.write(str(ids_flag))
|
target.write(str(ids_flag))
|
||||||
if hostname:
|
if hostname:
|
||||||
|
if is_valid_ipv4_address(entry):
|
||||||
|
misp.add_url(new_event, entry, category='Network activity', to_ids=False)
|
||||||
|
else:
|
||||||
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
|
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
|
||||||
if debug:
|
if debug:
|
||||||
target.write(hostname + "\n")
|
target.write(hostname + "\n")
|
||||||
|
@ -191,7 +194,6 @@ for entry in urllist:
|
||||||
comment = ""
|
comment = ""
|
||||||
if port:
|
if port:
|
||||||
comment = "on port: " + str(port)
|
comment = "on port: " + str(port)
|
||||||
|
|
||||||
if is_valid_ipv4_address(hostname.decode('utf-8', 'ignore')):
|
if is_valid_ipv4_address(hostname.decode('utf-8', 'ignore')):
|
||||||
misp.add_ipdst(new_event, hostname.decode('utf-8', 'ignore'), comment=comment, category='Network activity', to_ids=False)
|
misp.add_ipdst(new_event, hostname.decode('utf-8', 'ignore'), comment=comment, category='Network activity', to_ids=False)
|
||||||
else:
|
else:
|
||||||
|
@ -200,7 +202,7 @@ for entry in urllist:
|
||||||
for rdata in dns.resolver.query(hostname.decode('utf-8', 'ignore'), 'A'):
|
for rdata in dns.resolver.query(hostname.decode('utf-8', 'ignore'), 'A'):
|
||||||
if debug:
|
if debug:
|
||||||
target.write(str(rdata) + "\n")
|
target.write(str(rdata) + "\n")
|
||||||
misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=ids_flag, comment=hostname.decode('utf-8', 'ignore'))
|
misp.add_ipdst(new_event, rdata.to_text(), category='Network activity', to_ids=False, comment=hostname.decode('utf-8', 'ignore'))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print (e)
|
print (e)
|
||||||
if debug:
|
if debug:
|
||||||
|
@ -218,5 +220,5 @@ if stdin_used:
|
||||||
_, output_path = tempfile.mkstemp()
|
_, output_path = tempfile.mkstemp()
|
||||||
output = open(output_path, 'wb')
|
output = open(output_path, 'wb')
|
||||||
output.write(part.get_payload(decode=True))
|
output.write(part.get_payload(decode=True))
|
||||||
misp.add_attachment(new_event, output_path, name=filename, comment=filename, category='Artifacts dropped', to_ids=True)
|
misp.upload_sample(event_id=new_event, filepath=output_path, filename=filename, category='Artifacts dropped', to_ids=True)
|
||||||
output.close()
|
output.close()
|
||||||
|
|
Loading…
Reference in New Issue