From 08798f12623f5291f6743856c221a8c2c13cc778 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 14 Feb 2019 14:33:39 +0100
Subject: [PATCH] chg: [email] IP and hostname fields from extracted headers

---
 objects/email/definition.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index a5099a6..fe3553e 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -3,7 +3,7 @@
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "network",
   "description": "Email object describing an email with meta-information",
-  "version": 12,
+  "version": 13,
   "attributes": {
     "reply-to": {
       "description": "Email address the reply will be sent to",
@@ -77,6 +77,18 @@
       ],
       "multiple": true
     },
+    "received-header-ip": {
+      "description": "Extracted IP address from parsed headers",
+      "misp-attribute": "ip-src",
+      "ui-priority": 0,
+      "multiple": true
+    },
+    "received-header-hostname": {
+      "description": "Extracted hostname from parsed headers",
+      "misp-attribute": "hostname",
+      "ui-priority": 0,
+      "multiple": true
+    },
     "x-mailer": {
       "description": "X-Mailer generally tells the program that was used to draft and send the original email",
       "misp-attribute": "email-x-mailer",