From 86ef720226f95116fc397640704c139dceed8f06 Mon Sep 17 00:00:00 2001
From: Sascha Rommelfangen <sascha@rommelfangen.de>
Date: Mon, 8 May 2017 15:47:47 +0200
Subject: [PATCH] added header, corrected No-IDS flag

---
 mail_to_misp.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mail_to_misp.py b/mail_to_misp.py
index f98e734..71f7e79 100755
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@@ -43,6 +43,7 @@ dependingtags = config.dependingtags
 # Ignore lines in body of message
 email_data = re.sub(".*From: .*\n?","", email_data)
 email_data = re.sub(".*Sender: .*\n?","", email_data)
+email_data = re.sub(".*Received: .*\n?","", email_data)
 email_data = re.sub(".*Sender IP: .*\n?","", email_data)
 email_data = re.sub(".*Reply-To: .*\n?","", email_data)
 email_data = re.sub(".*Registrar WHOIS Server: .*\n?","", email_data)
@@ -116,7 +117,7 @@ for entry in urllist:
         target.write(domainname + "\n")
     if domainname not in excludelist:
         if domainname in externallist:
-            misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=ids_flag)
+            misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=False)
         else:
             if (domainname in noidsflaglist) or (hostname in noidsflaglist):
                 ids_flag = False