MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

Create README.md

pull/4/head
Sascha Rommelfangen 2017-04-27 14:32:31 +02:00 committed by GitHub
parent 97e5dddc61
commit c2224fdfa2
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
README.md Normal file
View File

@ -0,0 +1,31 @@
# mail_to_misp
Connect your mail client to [MISP](https://github.com/MISP/MISP) in order to create events based on the information contained within mails.
For the moment, the implemented workflow is:
1. `Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP`
Thunderbird will be targeted soon.
## Features
- Extraction of URLs and IP addresses (and port numbers) from free text emails
- Extraction of hostnames from URLs
- DNS expansion
- Custom filter list for lines containing specific words
- Subject filters
- Respecting TLP classification mentioned in free text (including optional spelling robustness)
- Refanging of URLs ('hxxp://...')
- Add tags automatically based on key words (configurable)
- Add tags automatically depending on the presence of other tags (configurable)
- Ignore 'whitelisted' domains (configurable)
- Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)
## Requirements
mail_to_misp requires access to a MISP instance (via API).