From c2224fdfa218271ffb14f9245f43540d7c4563a3 Mon Sep 17 00:00:00 2001
From: Sascha Rommelfangen <sascha@rommelfangen.de>
Date: Thu, 27 Apr 2017 14:32:31 +0200
Subject: [PATCH] Create README.md

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..38aa1ff
--- /dev/null
+++ b/README.md
@@ -0,0 +1,31 @@
+# mail_to_misp
+
+Connect your mail client to [MISP](https://github.com/MISP/MISP) in order to create events based on the information contained within mails.
+
+For the moment, the implemented workflow is:
+
+1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
+
+Thunderbird will be targeted soon.
+
+
+
+## Features
+
+- Extraction of URLs and IP addresses (and port numbers) from free text emails
+- Extraction of hostnames from URLs
+- DNS expansion 
+- Custom filter list for lines containing specific words
+- Subject filters
+- Respecting TLP classification mentioned in free text (including optional spelling robustness)
+- Refanging of URLs ('hxxp://...')
+- Add tags automatically based on key words (configurable)
+- Add tags automatically depending on the presence of other tags (configurable)
+- Ignore 'whitelisted' domains (configurable)
+- Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)
+
+## Requirements
+
+mail_to_misp requires access to a MISP instance (via API).
+
+