From f208609812790e5b7dab6f6fa48ce300806a235a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 11 May 2018 14:50:19 -0400
Subject: [PATCH] new: Add more config options in the mail body.

---
 mail_to_misp.py                | 15 +++++++++++----
 mail_to_misp_config.py-example |  6 ++++--
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/mail_to_misp.py b/mail_to_misp.py
index fc8b71c..accba6e 100755
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@@ -55,9 +55,9 @@ class Mail2MISP():
         # Initialize the MISP event
         self.misp_event = MISPEvent()
         self.misp_event.info = f'{config.email_subject_prefix} - {self.subject}'
-        self.misp_event.distribution = self.config.m2m_auto_distribution
-        self.misp_event.threat_level_id = 3
-        self.misp_event.analysis = 1
+        self.misp_event.distribution = self.config.default_distribution
+        self.misp_event.threat_level_id = self.config.default_threat_level
+        self.misp_event.analysis = self.config.default_analysis
 
     def sighting(self, value, source):
         '''Add a sighting'''
@@ -142,7 +142,14 @@ class Mail2MISP():
 
             # Check if autopublish key is present and valid
             if self.config_from_email_body.get('m2mkey') == self.config.m2m_key:
-                self.misp_event.publish()
+                if self.config_from_email_body.get('distribution'):
+                    self.misp_event.distribution = self.config_from_email_body.get('distribution')
+                if self.config_from_email_body.get('threat_level'):
+                    self.misp_event.threat_level_id = self.config_from_email_body.get('threat_level')
+                if self.config_from_email_body.get('analysis'):
+                    self.misp_event.analysis = self.config_from_email_body.get('analysis')
+                if self.config_from_email_body.get('publish'):
+                    self.misp_event.publish()
 
             self._find_inline_forward()
         else:
diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example
index 5f972cb..34fb226 100644
--- a/mail_to_misp_config.py-example
+++ b/mail_to_misp_config.py-example
@@ -4,11 +4,13 @@
 misp_url = 'YOUR_MISP_URL'
 misp_key = 'YOUR_KEY_HERE'  # The MISP auth key can be found on the MISP web interface under the automation section
 misp_verifycert = True
-body_config_prefix = 'm2m'  # every line in the body starting with this value will be skipped from the IOCs
 spamtrap = False
+default_distribution = 0
+default_threat_level = 3
+default_analysis = 1
 
+body_config_prefix = 'm2m'  # every line in the body starting with this value will be skipped from the IOCs
 m2m_key = 'YOUSETYOURKEYHERE'
-m2m_auto_distribution = '3'  # 3 = All communities
 m2m_benign_attachment_keyword = 'benign'
 
 debug = False