From d747ede23c94348c16468f1aa78062306cbe798e Mon Sep 17 00:00:00 2001 From: Sascha Rommelfangen Date: Tue, 23 Jul 2019 14:45:50 +0200 Subject: [PATCH] add email sender to comment --- mail2misp/mail2misp.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mail2misp/mail2misp.py b/mail2misp/mail2misp.py index bebe519..fab8b88 100644 --- a/mail2misp/mail2misp.py +++ b/mail2misp/mail2misp.py @@ -51,11 +51,11 @@ class Mail2MISP(): self.pseudofile = pseudofile self.original_mail = message_from_bytes(self.pseudofile.getvalue(), policy=policy.default) self.subject = self.original_mail.get('Subject') - #try: - # self.sender = self.original_mail.get('From') - #except: - # self.sender = "" - # + try: + self.sender = self.original_mail.get('From') + except: + self.sender = "" + # Remove words from subject for removeword in self.config.removelist: self.subject = re.sub(removeword, "", self.subject).strip() @@ -275,7 +275,7 @@ class Mail2MISP(): email_object.add_reference(attribute.uuid, 'contains') elif domainname in self.config.externallist or self.urlsonly: # External analysis if self.urlsonly: - comment = self.subject + comment = self.subject + " (from: " + self.sender +")" else: comment = "" attribute = self.misp.add_attribute(self.urlsonly, {"type": 'link', "value": entry, "category": 'External analysis', @@ -284,7 +284,7 @@ class Mail2MISP(): for alternativetag in self.config.tlptags[tag]: if alternativetag in self.subject.lower(): self.misp.tag(attribute["uuid"], tag) - new_subject = self.subject.replace(alternativetag, '') + new_subject = comment.replace(alternativetag, '') self.misp.change_comment(attribute["uuid"], new_subject) else: # The URL is probably an indicator.