MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

reverted back to before ids flag test

pull/4/head
Sascha Rommelfangen 2017-05-22 14:24:16 +02:00
parent 30fe9014ce
commit 769ff9e362
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mail_to_misp.py
View File

@ -133,28 +133,19 @@ for entry in urllist:
if debug:
target.write(entry + "\n")
target.write(str(ids_flag))
if ids_flag is True:
misp.add_url(new_event, entry, category='Network activity', to_ids=True)
else:
misp.add_url(new_event, entry, category='Network activity', to_ids=False)
misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
if debug:
target.write(hostname + "\n")
port = f.get_port()
comment = ""
if port:
comment = "on port: " + str(port)
if ids_flag is True:
misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=True)
else:
misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=False)
misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=ids_flag)
try:
for rdata in dns.resolver.query(hostname, 'A'):
if debug:
target.write(str(rdata) + "\n")
if ids_flag is True:
misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=True, comment=hostname)
else:
misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=False, comment=hostname)
misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=ids_flag, comment=hostname)
except:
if debug:
target.write("DNS unsuccessful\n")