mirror of https://github.com/MISP/mail_to_misp
added new functionality to update an event
parent
69a04243e7
commit
f84c9eadee
|
@ -367,3 +367,15 @@ class Mail2MISP():
|
||||||
for value, source in self.sightings_to_add:
|
for value, source in self.sightings_to_add:
|
||||||
self.sighting(value, source)
|
self.sighting(value, source)
|
||||||
return event
|
return event
|
||||||
|
|
||||||
|
def update_event(self, event_id=None):
|
||||||
|
'''Update event on the remote MISP instance.'''
|
||||||
|
|
||||||
|
if self.offline:
|
||||||
|
return self.misp_event.to_json()
|
||||||
|
event = self.misp.update_event(self.misp_event, event_id=event_id)
|
||||||
|
if self.config.sighting:
|
||||||
|
for value, source in self.sightings_to_add:
|
||||||
|
self.sighting(value, source)
|
||||||
|
return event
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ if __name__ == '__main__':
|
||||||
parser = argparse.ArgumentParser(description='Push a Mail into a MISP instance')
|
parser = argparse.ArgumentParser(description='Push a Mail into a MISP instance')
|
||||||
parser.add_argument("-r", "--read", help="Read from tempfile.")
|
parser.add_argument("-r", "--read", help="Read from tempfile.")
|
||||||
parser.add_argument("-t", "--trap", action='store_true', default=False, help="Import the Email as-is.")
|
parser.add_argument("-t", "--trap", action='store_true', default=False, help="Import the Email as-is.")
|
||||||
|
parser.add_argument("-e", "--event", default=False, help="Add indicators to this MISP event.")
|
||||||
parser.add_argument('infile', nargs='?', type=argparse.FileType('rb'))
|
parser.add_argument('infile', nargs='?', type=argparse.FileType('rb'))
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
@ -66,5 +67,9 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
mail2misp.process_body_iocs()
|
mail2misp.process_body_iocs()
|
||||||
|
|
||||||
mail2misp.add_event()
|
if args.event:
|
||||||
|
misp_event = args.event
|
||||||
|
mail2misp.update_event(event_id=misp_event)
|
||||||
|
else:
|
||||||
|
mail2misp.add_event()
|
||||||
syslog.syslog("Job finished.")
|
syslog.syslog("Job finished.")
|
||||||
|
|
Loading…
Reference in New Issue