From f557d8c4269959ec0e7d2089364eb7b88a4f1581 Mon Sep 17 00:00:00 2001
From: Sascha Rommelfangen <sascha@rommelfangen.de>
Date: Wed, 17 May 2017 09:51:47 +0200
Subject: [PATCH] added stopword functionality

---
 mail_to_misp.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mail_to_misp.py b/mail_to_misp.py
index af50245..6c6d35d 100755
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@@ -40,6 +40,7 @@ noidsflaglist = config.noidsflaglist
 malwaretags = config.malwaretags
 dependingtags = config.dependingtags
 tlptag_default = config.tlptag_default
+stopword = config.stopword
 
 # Ignore lines in body of message
 email_data = re.sub(".*From: .*\n?","", email_data)
@@ -82,6 +83,7 @@ for tag in dependingtags:
             misp.add_tag(new_event, dependingtag)
 
 # Extract IOCs
+email_data = email_data.split(stopword, 1)[0]
 email_data = refang(email_data)
 urllist = re.findall(urlmarker.WEB_URL_REGEX, email_data)
 urllist += re.findall(urlmarker.IP_REGEX, email_data)