From 1a927af32f7c38a089a07d7a90209cd6f8b7ad9c Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 May 2017 15:17:19 +0200 Subject: [PATCH 1/5] Update README.md --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 71e864f..e78d421 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,15 @@ For the moment, the implemented workflow is: 1. Apple Mail -`Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP` +`Email -> Apple Mail -> Mail rule -> AppleScript -> mail_to_misp -> PyMISP -> MISP` 2. Mozilla Thunderbird -`Email -> Thunderbird -> Mail rule -> filterscript -> thunderbird_wrapper -> python script -> PyMISP -> MISP` +`Email -> Thunderbird -> Mail rule -> filterscript -> thunderbird_wrapper -> mail_to_misp -> PyMISP -> MISP` + +3. Postfix and others + +`Email -> mail_to_misp` ## Installation @@ -81,6 +85,13 @@ pythoncom.PumpMessages() Obviously, you would like to filter mails based on subject or from address and pass subject and body to mail_to_misp.py in order to do something useful. Pull-requests welcome for actual implementations :) +### Postfix (or other MTA) + +1. Setup a new email address in the aliases file (e.g. /etc/aliases) and configure the correct path: +`misp_handler: "|/path/to/mail_to_misp.py"` +2. Rebuild the DB: +`$ sudo newaliases` +3. Configure mail_to_misp_config.py ## Requirements From c9ae3b524aaa879d81bffa41185b0d49b633e293 Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 May 2017 15:17:45 +0200 Subject: [PATCH 2/5] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e78d421..883a5f3 100644 --- a/README.md +++ b/README.md @@ -88,8 +88,10 @@ Obviously, you would like to filter mails based on subject or from address and p ### Postfix (or other MTA) 1. Setup a new email address in the aliases file (e.g. /etc/aliases) and configure the correct path: + `misp_handler: "|/path/to/mail_to_misp.py"` 2. Rebuild the DB: + `$ sudo newaliases` 3. Configure mail_to_misp_config.py From 61aecc8d9601bcc3842184da909b6b299ce4f39c Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 May 2017 15:17:59 +0200 Subject: [PATCH 3/5] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 883a5f3..63216c7 100644 --- a/README.md +++ b/README.md @@ -90,9 +90,11 @@ Obviously, you would like to filter mails based on subject or from address and p 1. Setup a new email address in the aliases file (e.g. /etc/aliases) and configure the correct path: `misp_handler: "|/path/to/mail_to_misp.py"` + 2. Rebuild the DB: `$ sudo newaliases` + 3. Configure mail_to_misp_config.py ## Requirements From b4592ea7661e10a60f1fe2ec62113dd1533b1639 Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 May 2017 15:18:47 +0200 Subject: [PATCH 4/5] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 63216c7..3fa4e84 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,9 @@ Obviously, you would like to filter mails based on subject or from address and p 3. Configure mail_to_misp_config.py +You should now be able to send your IoC-containing mails to misp_handler@YOURDOMAIN. + + ## Requirements ### General From 1bb62cd2c318994060a9441640cda6b4b0cb515b Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 May 2017 15:19:31 +0200 Subject: [PATCH 5/5] set debug to False by default --- mail_to_misp_config.py-example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example index 9667367..7c2c9e5 100644 --- a/mail_to_misp_config.py-example +++ b/mail_to_misp_config.py-example @@ -4,7 +4,7 @@ misp_url = 'YOUR_MISP_URL' misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section misp_verifycert = True -debug = True +debug = False debug_out_file = '/tmp/mail_to_misp-debug.txt' nameservers = ['149.13.33.69']