mirror of https://github.com/MISP/mail_to_misp
new: Add more config options in the mail body.
parent
3003730156
commit
f208609812
|
@ -55,9 +55,9 @@ class Mail2MISP():
|
||||||
# Initialize the MISP event
|
# Initialize the MISP event
|
||||||
self.misp_event = MISPEvent()
|
self.misp_event = MISPEvent()
|
||||||
self.misp_event.info = f'{config.email_subject_prefix} - {self.subject}'
|
self.misp_event.info = f'{config.email_subject_prefix} - {self.subject}'
|
||||||
self.misp_event.distribution = self.config.m2m_auto_distribution
|
self.misp_event.distribution = self.config.default_distribution
|
||||||
self.misp_event.threat_level_id = 3
|
self.misp_event.threat_level_id = self.config.default_threat_level
|
||||||
self.misp_event.analysis = 1
|
self.misp_event.analysis = self.config.default_analysis
|
||||||
|
|
||||||
def sighting(self, value, source):
|
def sighting(self, value, source):
|
||||||
'''Add a sighting'''
|
'''Add a sighting'''
|
||||||
|
@ -142,7 +142,14 @@ class Mail2MISP():
|
||||||
|
|
||||||
# Check if autopublish key is present and valid
|
# Check if autopublish key is present and valid
|
||||||
if self.config_from_email_body.get('m2mkey') == self.config.m2m_key:
|
if self.config_from_email_body.get('m2mkey') == self.config.m2m_key:
|
||||||
self.misp_event.publish()
|
if self.config_from_email_body.get('distribution'):
|
||||||
|
self.misp_event.distribution = self.config_from_email_body.get('distribution')
|
||||||
|
if self.config_from_email_body.get('threat_level'):
|
||||||
|
self.misp_event.threat_level_id = self.config_from_email_body.get('threat_level')
|
||||||
|
if self.config_from_email_body.get('analysis'):
|
||||||
|
self.misp_event.analysis = self.config_from_email_body.get('analysis')
|
||||||
|
if self.config_from_email_body.get('publish'):
|
||||||
|
self.misp_event.publish()
|
||||||
|
|
||||||
self._find_inline_forward()
|
self._find_inline_forward()
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -4,11 +4,13 @@
|
||||||
misp_url = 'YOUR_MISP_URL'
|
misp_url = 'YOUR_MISP_URL'
|
||||||
misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section
|
misp_key = 'YOUR_KEY_HERE' # The MISP auth key can be found on the MISP web interface under the automation section
|
||||||
misp_verifycert = True
|
misp_verifycert = True
|
||||||
body_config_prefix = 'm2m' # every line in the body starting with this value will be skipped from the IOCs
|
|
||||||
spamtrap = False
|
spamtrap = False
|
||||||
|
default_distribution = 0
|
||||||
|
default_threat_level = 3
|
||||||
|
default_analysis = 1
|
||||||
|
|
||||||
|
body_config_prefix = 'm2m' # every line in the body starting with this value will be skipped from the IOCs
|
||||||
m2m_key = 'YOUSETYOURKEYHERE'
|
m2m_key = 'YOUSETYOURKEYHERE'
|
||||||
m2m_auto_distribution = '3' # 3 = All communities
|
|
||||||
m2m_benign_attachment_keyword = 'benign'
|
m2m_benign_attachment_keyword = 'benign'
|
||||||
|
|
||||||
debug = False
|
debug = False
|
||||||
|
|
Loading…
Reference in New Issue