add email sender to comment

2019-07-23 14:45:50 +02:00 · 2019-07-23 14:45:50 +02:00 · d747ede23c
parent e8b94aae62
commit d747ede23c
1 changed files with 7 additions and 7 deletions
--- a/mail2misp/mail2misp.py
+++ b/mail2misp/mail2misp.py
@ -51,11 +51,11 @@ class Mail2MISP():
        self.pseudofile = pseudofile
        self.original_mail = message_from_bytes(self.pseudofile.getvalue(), policy=policy.default)
        self.subject = self.original_mail.get('Subject')
-        #try:
-        #    self.sender = self.original_mail.get('From')
-        #except:
-        #    self.sender = "<unknown>"
-        #        
+        try:
+            self.sender = self.original_mail.get('From')
+        except:
+            self.sender = "<unknown sender>"
+                
        # Remove words from subject
        for removeword in self.config.removelist:
            self.subject = re.sub(removeword, "", self.subject).strip()
@ -275,7 +275,7 @@ class Mail2MISP():
                    email_object.add_reference(attribute.uuid, 'contains')
            elif domainname in self.config.externallist or self.urlsonly:  # External analysis
                if self.urlsonly:
-                    comment = self.subject
+                    comment = self.subject + " (from: " + self.sender +")"
                else:
                    comment = ""
                attribute = self.misp.add_attribute(self.urlsonly, {"type": 'link', "value": entry, "category": 'External analysis',
@ -284,7 +284,7 @@ class Mail2MISP():
                    for alternativetag in self.config.tlptags[tag]:
                        if alternativetag in self.subject.lower():
                            self.misp.tag(attribute["uuid"], tag)
-                            new_subject = self.subject.replace(alternativetag, '')
+                            new_subject = comment.replace(alternativetag, '')
                            self.misp.change_comment(attribute["uuid"], new_subject)

            else:  # The URL is probably an indicator.