MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

using subject as comment when urlsonly is enabled

pull/38/head
Sascha Rommelfangen 2019-07-22 14:35:51 +02:00
parent bf1fca9a9c
commit 5347325d8b
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mail2misp/mail2misp.py
View File

@ -51,6 +51,11 @@ class Mail2MISP():
self.pseudofile = pseudofile
self.original_mail = message_from_bytes(self.pseudofile.getvalue(), policy=policy.default)
self.subject = self.original_mail.get('Subject')
#try:
# self.sender = self.original_mail.get('From')
#except:
# self.sender = "<unknown>"
#
# Remove words from subject
for removeword in self.config.removelist:
self.subject = re.sub(removeword, "", self.subject).strip()
@ -268,8 +273,12 @@ class Mail2MISP():
if email_object:
email_object.add_reference(attribute.uuid, 'contains')
elif domainname in self.config.externallist or self.urlsonly: # External analysis
if self.urlsonly:
comment = self.subject
else:
comment = ""
attribute = self.misp.add_attribute(self.urlsonly, {"type": 'link', "value": entry, "category": 'External analysis',
"to_ids": False})
"to_ids": False, "comment": comment})
else: # The URL is probably an indicator.
comment = ""
if (domainname in self.config.noidsflaglist) or (hostname in self.config.noidsflaglist):