Go to file
Sascha Rommelfangen a9785670a9 new functionalities (hashes, ids_flag) 2017-04-28 09:58:58 +02:00
MUA/Apple/Mail actual AppleScript 2017-04-27 14:47:45 +02:00
README.md Create README.md 2017-04-27 14:32:31 +02:00
hashmarker.py new functionalities (hashes, ids_flag) 2017-04-28 09:58:58 +02:00
mail_to_misp.py updated documentation 2017-04-27 17:50:50 +02:00
mail_to_misp_config.py-example initial commit 2017-04-27 13:58:49 +02:00
urlmarker.py initial commit 2017-04-27 13:58:49 +02:00

README.md

mail_to_misp

Connect your mail client to MISP in order to create events based on the information contained within mails.

For the moment, the implemented workflow is:

  1. Email -> Apple Mail -> Mail rule -> AppleScript -> python script -> PyMISP -> MISP

Thunderbird will be targeted soon.

Features

  • Extraction of URLs and IP addresses (and port numbers) from free text emails
  • Extraction of hostnames from URLs
  • DNS expansion
  • Custom filter list for lines containing specific words
  • Subject filters
  • Respecting TLP classification mentioned in free text (including optional spelling robustness)
  • Refanging of URLs ('hxxp://...')
  • Add tags automatically based on key words (configurable)
  • Add tags automatically depending on the presence of other tags (configurable)
  • Ignore 'whitelisted' domains (configurable)
  • Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)

Requirements

mail_to_misp requires access to a MISP instance (via API).