mirror of https://github.com/MISP/mail_to_misp
added feature #14 (2): configurable attachment upload
parent
a560f8b92a
commit
6cc680e50b
|
@ -133,6 +133,7 @@ misp_key = config.misp_key
|
||||||
misp_verifycert = config.misp_verifycert
|
misp_verifycert = config.misp_verifycert
|
||||||
m2m_key = config.m2m_key
|
m2m_key = config.m2m_key
|
||||||
m2m_auto_distribution = config.m2m_auto_distribution
|
m2m_auto_distribution = config.m2m_auto_distribution
|
||||||
|
m2m_attachment_keyword = config.m2m_attachment_keyword
|
||||||
|
|
||||||
resolver = dns.resolver.Resolver(configure=False)
|
resolver = dns.resolver.Resolver(configure=False)
|
||||||
resolver.nameservers = config.nameservers
|
resolver.nameservers = config.nameservers
|
||||||
|
@ -332,9 +333,12 @@ if stdin_used:
|
||||||
if debug:
|
if debug:
|
||||||
syslog.syslog(str(attachment)[:200])
|
syslog.syslog(str(attachment)[:200])
|
||||||
event_id = misp_event.id
|
event_id = misp_event.id
|
||||||
misp.upload_sample(filename, output_path, event_id, distribution=5, to_ids=True)
|
if m2m_attachment_keyword in email_data:
|
||||||
file_hash = hashlib.sha256(open(output_path, 'rb').read()).hexdigest()
|
misp.add_attachment(misp_event, output_path, filename=filename, category="External analysis")
|
||||||
sight(sighting, file_hash)
|
else:
|
||||||
|
misp.upload_sample(filename, output_path, event_id, distribution=5, to_ids=True)
|
||||||
|
file_hash = hashlib.sha256(open(output_path, 'rb').read()).hexdigest()
|
||||||
|
sight(sighting, file_hash)
|
||||||
|
|
||||||
if auto_publish:
|
if auto_publish:
|
||||||
misp.publish(misp_event, alert=False)
|
misp.publish(misp_event, alert=False)
|
||||||
|
|
|
@ -8,6 +8,7 @@ misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web inte
|
||||||
misp_verifycert = True
|
misp_verifycert = True
|
||||||
m2m_key = 'YOUSETYOURKEYHERE'
|
m2m_key = 'YOUSETYOURKEYHERE'
|
||||||
m2m_auto_distribution = '3' # 3 = All communities
|
m2m_auto_distribution = '3' # 3 = All communities
|
||||||
|
m2m_attachment_keyword = 'attachment:benign'
|
||||||
|
|
||||||
debug = False
|
debug = False
|
||||||
nameservers = ['149.13.33.69']
|
nameservers = ['149.13.33.69']
|
||||||
|
|
Loading…
Reference in New Issue