MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

added stopword functionality

pull/4/head
Sascha Rommelfangen 2017-05-17 09:51:47 +02:00
parent 4403120777
commit f557d8c426
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mail_to_misp.py
View File

@ -40,6 +40,7 @@ noidsflaglist = config.noidsflaglist
malwaretags = config.malwaretags malwaretags = config.malwaretags
dependingtags = config.dependingtags dependingtags = config.dependingtags
tlptag_default = config.tlptag_default tlptag_default = config.tlptag_default
stopword = config.stopword
# Ignore lines in body of message # Ignore lines in body of message
email_data = re.sub(".*From: .*\n?","", email_data) email_data = re.sub(".*From: .*\n?","", email_data)
@ -82,6 +83,7 @@ for tag in dependingtags:
misp.add_tag(new_event, dependingtag) misp.add_tag(new_event, dependingtag)
# Extract IOCs # Extract IOCs
email_data = email_data.split(stopword, 1)[0]
email_data = refang(email_data) email_data = refang(email_data)
urllist = re.findall(urlmarker.WEB_URL_REGEX, email_data) urllist = re.findall(urlmarker.WEB_URL_REGEX, email_data)
urllist += re.findall(urlmarker.IP_REGEX, email_data) urllist += re.findall(urlmarker.IP_REGEX, email_data)