Commit Graph

29 Commits (main)

Author SHA1 Message Date
goodlandsecurity c85fee36d3
adding Mail2MISP client for microsoft graph/o365 api 2023-11-10 16:40:30 -06:00
Raphaël Vinot 28cafb791d chg: Bump deps 2023-02-16 16:17:37 +01:00
Steve Clement edffb3ac4d
new: [tag] Added an id tag the event if multiple m2m instances are used 2021-09-30 14:55:39 +09:00
eidurorng 5ccb365f93 Quick fix for everything getting classified as external analysis
With the OR statement everything gets classified as external analysis when not running with --urlsonly.
2021-01-25 18:03:18 +00:00
Raphaël Vinot 3818ac92ea new: Add freetext import of the whole body 2021-01-25 17:54:58 +01:00
Raphaël Vinot 8680e5fb64 chg: Cleanup, bump deps, bump readme 2020-06-16 12:03:59 +02:00
Raphaël Vinot 62a596146b
Merge branch 'master' into master 2020-06-07 20:41:47 +02:00
Adam Bishop 8c2777585a multipart messages can be nested within each other
An example of something that does this is GPG, when operating in PGP/MIME
mode.

The Python documentation remarks that an attachment is anything that isn't
a body - meaning that if there are multipart messages nested within each
other, the containers will be flagged as an attachment.

When get_content() is called on the attachment, it fails with an unhandled
KeyError as there is no attachment handler for multipart.

This change wraps the get_content() call in a try...catch, and returns if
an attachment type unsupported by the runtime is present.

```
Traceback (most recent call last):
  File "/Users/adamb/mail_to_misp/tests/tests.py", line 89, in test_nested_mime
    self.mail2misp.process_email_body()
  File "./mail2misp/mail2misp.py", line 188, in process_email_body
    self._find_attached_forward()
  File "./mail2misp/mail2misp.py", line 88, in _find_attached_forward
    attachment_content = attachment.get_content()
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/message.py", line 1096, in get_content
    return content_manager.get_content(self, *args, **kw)
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/contentmanager.py", line 25, in get_content
    raise KeyError(content_type)
KeyError: 'multipart/mixed'
```
2020-06-07 00:31:56 +01:00
begunrom 92c99c0559 exclude attachements of size 0 bytes
Optionally exclude attachments that are 0 bytes long
2019-11-19 10:13:36 +01:00
begunrom 6070d6428c fixed wrong exception handling
Except block handles 'BaseException'
2019-11-17 09:45:12 +01:00
begunrom 26ef177d58 carrier mail functionality
Implements processing of a carrier mail that contains email attachments. Each email attachment is converted into an individual MISP event.
2019-11-16 16:47:43 +01:00
Sascha Rommelfangen d747ede23c add email sender to comment 2019-07-23 14:45:50 +02:00
Sascha Rommelfangen 0f6d95e8a7 tag extraction from subject and bug fix for alternativetags 2019-07-23 13:35:17 +02:00
Sascha Rommelfangen 5347325d8b using subject as comment when urlsonly is enabled 2019-07-22 14:35:51 +02:00
Sascha Rommelfangen bf1fca9a9c handled the case with internalattributes better 2019-07-22 11:31:27 +02:00
Sascha Rommelfangen c30c706a2d add urlonly to event feature added 2019-07-19 12:20:56 +02:00
Raphaël Vinot b9ba7a256f fix: Buggy decode, the email was added twice 2019-07-18 16:12:44 +02:00
Raphaël Vinot 9e2abc260f chg: Bump deps, slight changes. 2019-07-18 15:12:15 +02:00
Sascha Rommelfangen 96594e97ec some "fixes" 2019-07-18 12:46:31 +02:00
Sascha Rommelfangen f84c9eadee added new functionality to update an event 2019-07-18 11:02:42 +02:00
Raphaël Vinot 58ea8a64ca fix: Support new version of pyfaup 2019-01-21 14:39:04 +01:00
Raphaël Vinot 11c99c879b fix: Properly add sightings, meta event attributes 2018-08-03 11:26:11 +02:00
Raphaël Vinot 757f2cb4bf fix: Allow passing 0 to distribution, threat_level and analysis 2018-08-03 10:52:35 +02:00
Raphaël Vinot 45fa0c7323 fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00
Raphaël Vinot 03bf3e3506 fix: Proper type detection of attachments
Fix #27
2018-08-02 13:42:07 +02:00
Raphaël Vinot 02b1c8ed96 fix: Avoid failure if dns key is not in the config file. 2018-08-02 12:02:18 +02:00
Raphaël Vinot cbf0c07b67 new: Allow to disable DNS lookups
Fix #26
2018-08-02 11:55:37 +02:00
Raphaël Vinot c823e5496c fix: benign attachment in FW email
Fix #25
2018-08-02 11:51:16 +02:00
Raphaël Vinot c967c5e197 new: Make it a lib, add test cases 2018-05-14 17:42:06 -04:00