MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

cleanup

slight_refactoring
Sascha Rommelfangen 2018-01-16 07:09:47 +01:00 committed by GitHub
parent f27bf2addb
commit 9e38a226e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
mail_to_misp.py
View File

@ -30,6 +30,7 @@ except ImportError as e:
sys.exit(-1) sys.exit(-1)
syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER) syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
def is_valid_ipv4_address(address): def is_valid_ipv4_address(address):
try: try:
socket.inet_pton(socket.AF_INET, address) socket.inet_pton(socket.AF_INET, address)
@ -41,7 +42,6 @@ def is_valid_ipv4_address(address):
return address.count('.') == 3 return address.count('.') == 3
except socket.error: # not a valid address except socket.error: # not a valid address
return False return False
return True return True
def is_valid_ipv6_address(address): def is_valid_ipv6_address(address):
@ -51,6 +51,9 @@ def is_valid_ipv6_address(address):
return False return False
return True return True
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
# Add a sighting # Add a sighting
def sight(sighting, value): def sight(sighting, value):
if sighting: if sighting:
@ -70,8 +73,6 @@ stdin_used = False
email_subject = config.email_subject_prefix email_subject = config.email_subject_prefix
mail_subject = "" mail_subject = ""
#try:
#if not sys.stdin.isatty():
if len(sys.argv) == 1: if len(sys.argv) == 1:
mailcontent = sys.stdin.buffer.read().decode("utf-8", "ignore") mailcontent = sys.stdin.buffer.read().decode("utf-8", "ignore")
else: else:
@ -114,10 +115,6 @@ except Exception as e:
syslog.syslog(str(e)) syslog.syslog(str(e))
stdin_used = True stdin_used = True
#if debug:
# syslog.syslog("Encoding of subject: {0}".format(ftfy.guess_bytes(email_subject)[1]))
# syslog.syslog("Encoding of body: {0}".format(ftfy.guess_bytes(email_data)[1]))
try: try:
email_data = ftfy.fix_text(email_data.decode("utf-8", "ignore")) email_data = ftfy.fix_text(email_data.decode("utf-8", "ignore"))
except: except:
@ -165,13 +162,11 @@ for ignoreline in ignorelist:
for removeword in removelist: for removeword in removelist:
email_subject = re.sub(removeword, "", email_subject) email_subject = re.sub(removeword, "", email_subject)
def init(url, key):
return PyMISP(url, key, misp_verifycert, 'json', debug=True)
# Create the MISP event # Create the MISP event
misp = init(misp_url, misp_key) misp = init(misp_url, misp_key)
new_event = misp.new_event(info=email_subject, distribution=0, threat_level_id=3, analysis=1) new_event = misp.new_event(info=email_subject, distribution=0, threat_level_id=3, analysis=1)
# Load the MISP event
misp_event = MISPEvent() misp_event = MISPEvent()
misp_event.load(new_event) misp_event.load(new_event)
@ -185,8 +180,6 @@ for tag in tlptags:
misp.tag(misp_event.uuid, tlp_tag) misp.tag(misp_event.uuid, tlp_tag)
if attach_original_mail and original_email_data: if attach_original_mail and original_email_data:
# misp.add_named_attribute(new_event, 'email-body', original_email_data, category='Payload delivery',
# to_ids=False, enforceWarninglist=enforcewarninglist)
add_attribute(new_event, 'email-body', original_email_data, 'Payload delivery', False, enforcewarninglist) add_attribute(new_event, 'email-body', original_email_data, 'Payload delivery', False, enforcewarninglist)
# Add additional tags depending on others # Add additional tags depending on others