mirror of https://github.com/MISP/mail_to_misp
added header, corrected No-IDS flag
parent
e7f913856c
commit
86ef720226
|
@ -43,6 +43,7 @@ dependingtags = config.dependingtags
|
||||||
# Ignore lines in body of message
|
# Ignore lines in body of message
|
||||||
email_data = re.sub(".*From: .*\n?","", email_data)
|
email_data = re.sub(".*From: .*\n?","", email_data)
|
||||||
email_data = re.sub(".*Sender: .*\n?","", email_data)
|
email_data = re.sub(".*Sender: .*\n?","", email_data)
|
||||||
|
email_data = re.sub(".*Received: .*\n?","", email_data)
|
||||||
email_data = re.sub(".*Sender IP: .*\n?","", email_data)
|
email_data = re.sub(".*Sender IP: .*\n?","", email_data)
|
||||||
email_data = re.sub(".*Reply-To: .*\n?","", email_data)
|
email_data = re.sub(".*Reply-To: .*\n?","", email_data)
|
||||||
email_data = re.sub(".*Registrar WHOIS Server: .*\n?","", email_data)
|
email_data = re.sub(".*Registrar WHOIS Server: .*\n?","", email_data)
|
||||||
|
@ -116,7 +117,7 @@ for entry in urllist:
|
||||||
target.write(domainname + "\n")
|
target.write(domainname + "\n")
|
||||||
if domainname not in excludelist:
|
if domainname not in excludelist:
|
||||||
if domainname in externallist:
|
if domainname in externallist:
|
||||||
misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=ids_flag)
|
misp.add_named_attribute(new_event, 'link', entry, category='External analysis', to_ids=False)
|
||||||
else:
|
else:
|
||||||
if (domainname in noidsflaglist) or (hostname in noidsflaglist):
|
if (domainname in noidsflaglist) or (hostname in noidsflaglist):
|
||||||
ids_flag = False
|
ids_flag = False
|
||||||
|
|
Loading…
Reference in New Issue