MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

reverted back to before ids flag test

pull/4/head
Sascha Rommelfangen 2017-05-22 14:24:16 +02:00
parent 30fe9014ce
commit 769ff9e362
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mail_to_misp.py
View File

@ -133,28 +133,19 @@ for entry in urllist:
if debug: if debug:
target.write(entry + "\n") target.write(entry + "\n")
target.write(str(ids_flag)) target.write(str(ids_flag))
if ids_flag is True: misp.add_url(new_event, entry, category='Network activity', to_ids=ids_flag)
misp.add_url(new_event, entry, category='Network activity', to_ids=True)
else:
misp.add_url(new_event, entry, category='Network activity', to_ids=False)
if debug: if debug:
target.write(hostname + "\n") target.write(hostname + "\n")
port = f.get_port() port = f.get_port()
comment = "" comment = ""
if port: if port:
comment = "on port: " + str(port) comment = "on port: " + str(port)
if ids_flag is True: misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=ids_flag)
misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=True)
else:
misp.add_hostname(new_event, hostname, comment=comment, category='Network activity', to_ids=False)
try: try:
for rdata in dns.resolver.query(hostname, 'A'): for rdata in dns.resolver.query(hostname, 'A'):
if debug: if debug:
target.write(str(rdata) + "\n") target.write(str(rdata) + "\n")
if ids_flag is True: misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=ids_flag, comment=hostname)
misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=True, comment=hostname)
else:
misp.add_ipdst(new_event, str(rdata), category='Network activity', to_ids=False, comment=hostname)
except: except:
if debug: if debug:
target.write("DNS unsuccessful\n") target.write("DNS unsuccessful\n")