MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

added header, corrected No-IDS flag

pull/4/head
Sascha Rommelfangen 2017-05-08 15:47:47 +02:00
parent e7f913856c
commit 86ef720226
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mail_to_misp.py
View File

@ -43,6 +43,7 @@ dependingtags = config.dependingtags
# Ignore lines in body of message
email_data = re.sub(".*From: .*\n?","", email_data)
email_data = re.sub(".*Sender: .*\n?","", email_data)
email_data = re.sub(".*Received: .*\n?","", email_data)
email_data = re.sub(".*Sender IP: .*\n?","", email_data)
email_data = re.sub(".*Reply-To: .*\n?","", email_data)
email_data = re.sub(".*Registrar WHOIS Server: .*\n?","", email_data)
@ -116,7 +117,7 @@ for entry in urllist:
target.write(domainname + "\n")
if domainname not in excludelist:
if domainname in externallist:
misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=ids_flag)
misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=False)
else:
if (domainname in noidsflaglist) or (hostname in noidsflaglist):
ids_flag = False