Update README.md

2017-04-27 14:58:25 +02:00 · 2017-04-27 14:58:25 +02:00 · a08e086e0c
parent ebdbe4521f
commit a08e086e0c
1 changed files with 24 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -2,14 +2,6 @@

 Connect your mail client to [MISP](https://github.com/MISP/MISP) in order to create events based on the information contained within mails.

-For the moment, the implemented workflow is:
-
-1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
-
-Thunderbird will be targeted soon.
-
-
-
 ## Features

 - Extraction of URLs and IP addresses (and port numbers) from free text emails
@ -24,6 +16,30 @@ Thunderbird will be targeted soon.
 - Ignore 'whitelisted' domains (configurable)
 - Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)

+## Implementation
+
+For the moment, the implemented workflow is:
+
+1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
+
+Thunderbird will be targeted soon.
+
+## Installation
+
+### Apple Mail
+
+1. Mail rule script
+- git clone this repository
+- open the AppleScript file MUA/Apple/Mail/MISP Mail Rule Action.txt in Apple's 'Script Editor'
+- adjust the path to the python installation and location of the mail_to_misp.py script
+- save it in ~/Library/Application Scripts/com.apple.mail/
+2. Create a mail rule based on your needs, executing the AppleScript defined before
+3. Configure mail_to_misp_config.py
+
+You should be able to create MISP events now.
+
+
+
 ## Requirements

 mail_to_misp requires access to a MISP instance (via API).