MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

readability

slight_refactoring
Sascha Rommelfangen 2018-01-15 16:02:17 +01:00
parent 316b73644b
commit 9e98bf11b4
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mail_to_misp.py
View File

@ -61,7 +61,7 @@ def sight(sighting, value):
def add_attribute(event, attribute_type, value, category, ids_flag, warninglist, sighting, comment=None): def add_attribute(event, attribute_type, value, category, ids_flag, warninglist, sighting, comment=None):
syslog.syslog("Event " + event['Event']['id'] + ": Adding attribute (" + attribute_type + ") " + value) syslog.syslog("Event " + event['Event']['id'] + ": Adding attribute (" + attribute_type + ") " + value)
misp.add_named_attribute(event, attribute_type, value, category, distribution=5, misp.add_named_attribute(event, attribute_type, value, category, distribution=5,
comment=comment, to_ids=ids_flag, enforceWarninglist=warninglist) comment=comment, to_ids=ids_flag, enforceWarninglist=warninglist)
sight(sighting, value) sight(sighting, value)
syslog.syslog("Job started.") syslog.syslog("Job started.")
@ -285,10 +285,10 @@ for entry in urllist:
else: else:
if resource_path: if resource_path:
add_attribute(new_event, 'url', entry, 'Network activity', ids_flag, False, add_attribute(new_event, 'url', entry, 'Network activity', ids_flag, False,
sighting, comment=comment) sighting, comment=comment)
else: else:
add_attribute(new_event, 'url', entry, 'Network activity', ids_flag, enforcewarninglist, add_attribute(new_event, 'url', entry, 'Network activity', ids_flag, enforcewarninglist,
sighting, comment=comment) sighting, comment=comment)
if debug: if debug:
syslog.syslog(hostname) syslog.syslog(hostname)
try: try:
@ -299,16 +299,16 @@ for entry in urllist:
comment = "on port: " + port comment = "on port: " + port
if is_valid_ipv4_address(hostname): if is_valid_ipv4_address(hostname):
add_attribute(new_event, 'ip-dst', hostname, 'Network activity', ids_flag, enforcewarninglist, add_attribute(new_event, 'ip-dst', hostname, 'Network activity', ids_flag, enforcewarninglist,
sighting, comment=comment) sighting, comment=comment)
else: else:
add_attribute(new_event, 'hostname', hostname, 'Network activity', ids_flag, enforcewarninglist, add_attribute(new_event, 'hostname', hostname, 'Network activity', ids_flag, enforcewarninglist,
sighting, comment=comment) sighting, comment=comment)
try: try:
for rdata in dns.resolver.query(hostname, 'A'): for rdata in dns.resolver.query(hostname, 'A'):
if debug: if debug:
syslog.syslog(str(rdata)) syslog.syslog(str(rdata))
add_attribute(new_event, 'ip-dst', rdata.to_text(), 'Network activity', False, enforcewarninglist, add_attribute(new_event, 'ip-dst', rdata.to_text(), 'Network activity', False, enforcewarninglist,
sighting, comment=hostname) sighting, comment=hostname)
except Exception as e: except Exception as e:
if debug: if debug:
syslog.syslog(str(e)) syslog.syslog(str(e))