Merge pull request #60 from SteveClement/main

mail2misp/mail2misp.py

@@ -76,6 +76,7 @@ class Mail2MISP():
         self.misp_event.distribution = self.config.default_distribution
         self.misp_event.threat_level_id = self.config.default_threat_level
         self.misp_event.analysis = self.config.default_analysis
+        self.misp_event.add_tag(self.config.id_tag)
 
     def sighting(self, value, source):
         if self.offline:

mail_to_misp_config.py-example

@@ -6,8 +6,9 @@ misp_key = 'YOUR_KEY_HERE'  # The MISP auth key can be found on the MISP web int
 misp_verifycert = True
 spamtrap = False
 default_distribution = 0
-default_threat_level = 3
+default_threat_level = 4
 default_analysis = 1
+id_tag = 'host:m2m:tld'
 freetext = False
 
 body_config_prefix = 'm2m'  # every line in the body starting with this value will be skipped from the IOCs