From be266e4652eedd0191a675911bd1aa3a0432f9f1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sat, 29 Dec 2018 17:31:45 +0100
Subject: [PATCH] add: [1.2.1] mail2misp slides added

---
 1.1-misp-viper-integration/slide.vrb          |   9 --
 1.2.1-misp-integration-mail2misp/content.tex  | 153 ++++++++++++++++++
 .../logo-circl.pdf                            | Bin 0 -> 9230 bytes
 1.2.1-misp-integration-mail2misp/misp.pdf     | Bin 0 -> 7938 bytes
 1.2.1-misp-integration-mail2misp/misplogo.pdf | Bin 0 -> 5683 bytes
 1.2.1-misp-integration-mail2misp/slide.tex    |  29 ++++
 build.sh                                      |   4 +-
 7 files changed, 184 insertions(+), 11 deletions(-)
 delete mode 100644 1.1-misp-viper-integration/slide.vrb
 create mode 100644 1.2.1-misp-integration-mail2misp/content.tex
 create mode 100644 1.2.1-misp-integration-mail2misp/logo-circl.pdf
 create mode 100644 1.2.1-misp-integration-mail2misp/misp.pdf
 create mode 100644 1.2.1-misp-integration-mail2misp/misplogo.pdf
 create mode 100644 1.2.1-misp-integration-mail2misp/slide.tex

diff --git a/1.1-misp-viper-integration/slide.vrb b/1.1-misp-viper-integration/slide.vrb
deleted file mode 100644
index 04ec09e..0000000
--- a/1.1-misp-viper-integration/slide.vrb
+++ /dev/null
@@ -1,9 +0,0 @@
-\frametitle{Q\&A}
-\includegraphics[scale=0.5]{misplogo.pdf}
-\begin{itemize}
-        \item \url{https://github.com/MISP/PyMISP}
-        \item \url{https://github.com/MISP/}
-        \item \url{https://github.com/viper-framework/viper}
-        \item We welcome new functionalities and pull requests.
-\end{itemize}
-
diff --git a/1.2.1-misp-integration-mail2misp/content.tex b/1.2.1-misp-integration-mail2misp/content.tex
new file mode 100644
index 0000000..35eb947
--- /dev/null
+++ b/1.2.1-misp-integration-mail2misp/content.tex
@@ -0,0 +1,153 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\lstdefinelanguage{json}{
+    basicstyle=\ttfamily\footnotesize,
+    numbers=left,
+    numberstyle=\ttfamily\footnotesize,
+    stepnumber=1,
+    numbersep=8pt,
+    showstringspaces=false,
+    breaklines=true,
+    frame=lines,
+    backgroundcolor=\color{background},
+    literate=
+     *{0}{{{\color{numb}0}}}{1}
+      {1}{{{\color{numb}1}}}{1}
+      {2}{{{\color{numb}2}}}{1}
+      {3}{{{\color{numb}3}}}{1}
+      {4}{{{\color{numb}4}}}{1}
+      {5}{{{\color{numb}5}}}{1}
+      {6}{{{\color{numb}6}}}{1}
+      {7}{{{\color{numb}7}}}{1}
+      {8}{{{\color{numb}8}}}{1}
+      {9}{{{\color{numb}9}}}{1}
+      {:}{{{\color{punct}{:}}}}{1}
+      {,}{{{\color{punct}{,}}}}{1}
+      {\{}{{{\color{delim}{\{}}}}{1}
+      {\}}{{{\color{delim}{\}}}}}{1}
+      {[}{{{\color{delim}{[}}}}{1}
+      {]}{{{\color{delim}{]}}}}{1},
+}
+
+\begin{frame}[t,plain]
+\titlepage
+\end{frame}
+
+\begin{frame}
+    \frametitle{Context}
+    \begin{itemize}
+        \item You receive emails with IoC's inside
+        \item How to create an event out of it?
+        \item Create event manually and copy paste
+        \item $\to$ This works once or twice
+        \item Forwarding the email would be nice
+        \item $\to$ mail\_to\_misp
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Features: Email handling}
+    \begin{itemize}
+        \item Extraction of URLs and IP addresses and port numbers
+        \item Extraction of hostnames from URLs
+        \item Extraction of hashes (MD5, SHA1, SHA256)
+        \item DNS expansion
+        \item Subject filters
+        \item Refanging of URLs ('hxxp://...')
+        \item ... and more
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Features: Support MISP features}
+    \begin{itemize}
+        \item Add tags automatically
+        \item Ignore 'whitelisted' domains
+        \item Configurable list of attributes not to enable the IDS flag
+        \item DNS expansion
+        \item Automatically create 'external analysis' links based on filter list (e.g. VirusTotal, malwr.com)
+        \item Automatically filter out attributes that are on a server side warning list
+        \item Support for value sighting
+        \item ... and more
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Implementation}
+    \begin{itemize}
+        \item Legacy
+        \begin{itemize}
+            \item Email $\to$ Apple Mail $\to$ Mail rule $\to$ AppleScript
+            \item[] $\to$ AppleScript $\to$ mail\_to\_misp $\to$ PyMISP $\to$ MISP
+            \item[]
+            \item Email $\to$ Thunderbird $\to$ Mail rule $\to$ filterscript $\to$
+            \item[]thunderbird\_wrapper $\to$ mail\_to\_misp $\to$ PyMISP $\to$ MISP
+        \end{itemize}
+        \item[]
+        \item Postfix and others
+        \begin{itemize}
+            \item Email $\to$ mail\_to\_misp
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Installation}
+    \begin{itemize}
+        \item mail\_to\_misp
+        \begin{enumerate}
+            \item \texttt{git clone git://github.com/MISP/mail\_to\_misp.git}
+            \item Install dependencies - See Github site
+        \end{enumerate}
+        \item[]
+        \item MTA (Postfix or alike)
+        \begin{enumerate}
+            \item Setup a new email address in the aliases file (e.g. /etc/aliases)
+            \item[] \texttt{misp\_handler: "|/path/to/mail\_to\_misp.py -"}
+            \item Rebuild the DB
+            \item[] \texttt{sudo newaliases}
+            \item Configure mail\_to\_misp\_config.py
+\begin{lstlisting}[basicstyle=\tiny]
+misp_url = 'http://127.0.0.1/'
+misp_key = 's5jPWCIud36Z8XHgsiCVI7SaL1XsMTyfEsN45tTe'
+misp_verifycert = True
+body_config_prefix = 'm2m'
+...
+...
+\end{lstlisting}
+        \end{enumerate}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Exercise: mail\_2\_misp.py}
+    \begin{itemize}
+        \item Bonus: \texttt{https://github.com/MISP/mail\_to\_misp\_test}
+\begin{lstlisting}[basicstyle=\tiny]
+./mail_to_misp.py -r mail_to_misp_test/simple_forward.eml
+\end{lstlisting}
+        \item Bonus: Fake-SMTPD spamtrap
+\begin{lstlisting}[basicstyle=\tiny]
+./fake_smtp.py
+
+telnet 127.0.0.1 2526
+    Trying 127.0.0.1...
+    Connected to 127.0.0.1.
+    Escape character is '^]'.
+    220 misp Python SMTP 1.1
+    helo misp
+    250 misp
+    mail from: mikel
+    250 OK
+    rcpt to: m2m
+    250 OK
+    data
+    354 End data with <CR><LF>.<CR><LF>
+
+\end{lstlisting}
+    \end{itemize}
+\end{frame}
+
+
+
diff --git a/1.2.1-misp-integration-mail2misp/logo-circl.pdf b/1.2.1-misp-integration-mail2misp/logo-circl.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..62c9239fbfa4e3807901e3754db322c2cb69ec09
GIT binary patch
literal 9230
zcmdUVbyQUA|1KciAe{r!F*FP*Ff=ILAVUl=G(#guhcqH3jdX`}NvDJ$ASfXSNQZR&
zz;it3e81=Zaqn99{&Dx3wd2|EyFd9pd(C<_qneByCl62nld*26;u4b&zzuLTv%wS-
z18}K89jsif0sME61||Ri;F5#cxkBN0M>|tjs0`HH(E^GoA%W@Q3Wu87V|u1X8!5gL
zXtG~eXFWu^ew{wp#+CgD^lWxhRvTonaCX*rY6>t(B+-!H-~tHy0}#vrizYKiLn|<s
zg|X74B;CZv1{7^Emsz)sw<lR+*Ri*48ZXMf?A^3xdigCDD<$}x(i<OUT$HZ6pWfJ%
ze}T2Zn=ZW*U+<n8&#@O;idR-%j@iD`E%~u~tWApgu<=u1=Ng+oNx+wN@eB4!=hLfA
zl%VJX3M3OU&dTR1FvC5;XN>F5%Vq{v9Hb2^Kk6|J)GgLwxUKY!xG6QjD`yfc77R?F
zdC%KJ%W@<t=`4nr^%co08L;&$_4$&rAxVQ)@c|W&xxfN+k_xw|A?eD~{BQWH_hdJG
zE<($%XRa4#7WX<TIx1WrAJX33;&E>%N`Jn*)TmhWyX<hk?Y}khvs#g#j<_8>$>W9F
z9?Cy0#WFmVI6fazZ7SU74QSA=Hyy0mEXC88@)H+dR2KC7DVje+Vd2?Vrq}Hm+|*UY
zn0AR0nk2ESZbFaaFY2z7GFm=Z<9nU?LpxY8>!|&9=lIyg_cn%#B-N1-vr8{drmB%K
zA3V*VOeGzQuMq-f4H`mNtXaEJx^BN}8F0(QVE<6lgCM)`uC9yzv#_c=ke*$<&C=vF
zWP;Mdcv;A5k3Kn6LB9!4ApX1mNhb6i9TA=&ZDnd{_z^EbF9J%0K$Oqt24?dcdeM;c
z3nkn@i61P_O~ct4e<ZWHn=`;1m!8FRW&}npj05$32$unsd0(OXX_LcAJE-lq(x8`>
zHP{4MnV^gHX~{m#Vl%;k8~LP(B458%`QYls+bgbj*7P4(t>dokLd1B2tMc4<Ctl)1
zX&G`)cgGoBBrrtwvU+>o4Ym^}NzI}!$5l&ZOIzC|um?tD$Xs+1Jt8ltXu@G@N&xH}
zWAS9p1n-)p$dA10md1$g-UT2{$i~MKFln9BD5}h?;?qmR;9IX!x*49V*GjU^e9z`+
zaVf;6Ge9VLxcxSK0$QqI_OKKDVDU6o8(vv3`{6U*hgY$Hc>!fXguZD3v`dMt9Q~@Z
zL){`BM>8z>qNE^TBx;L|;vP5=h>iEWRa?0)z^KvYiFzCH8^(94+LV(V-1J!yj9=$9
z!PVOU=iXPJ*QmnGFj8xi%k^rKjnB3spb(BeQ_Zp*oqk!8GMj5Hj?@<~528?&d#Ctq
zhpgRb-W)dxBs(PYlW@+#ZNl+OuEMw9f4Pz#5H{9U(<L~tp<D@%i=>@|tgW2IPrR{1
zy|H%dRAE-%We`c~d84cLy$U^^EvON9tf+&)%=hrER=!H@Lo)e|Y?H@KbV7%Du&<L8
zV$hjl(<+@?B$D$%%2rPXK?4zPqxVtj@Q1`jxFx1O(_a>47ri7}N%#Sfn45*g)9qA}
z6(MP@3Jcy&p03~=H1c%f)Z9RB#AJo$GLL)*&8erTTI$I7DI`A?K-yTkfJ0aujaIB{
z)R?gmwR@;w0C{Sus#*a%e&=n%yv+t0Udd7i*$rX~<BeLkzCS9lW>182SSad9t#qEE
zU81X^9i6fx^UP{d*hiZ1+@K2%(l_B!*wRq+#y6Dp!g(gta=lg$jQia<a3qXZG<3Mc
z@RtTH<b4P_%L#ospL9la%iBc+=DVi2dMi1aLGV`jU-Y04T!{&x*cnA}w0NLRv`Vf}
zIU{D8q2{(Y9P_l2J=delGTBgd(JUNpin=;2x1zBudzb0G%KGJ@M;9brP+NYyeCr!f
zq%FC#xqZrtpG9-Sej6yqB<Z<mw;SFQ-7&!Z$$h9G%0wIV#J&1OwfaHZM>M6iDa>-5
zc+^lA_n#PhAs;%zJ%@A{$#KyLT*+&PTshs)7L~?IU_w<pVf`kmu&TG~L8-5^D}XjE
zVcpU&I@uU}M_IudMJllS!51PHH@lXzh>$S(v~&pXMnHG%N6UJDyfOU6C?+%RSC4>=
zNLcd#_co4WY?_SnIOF|}%y%7;If`z0S*z$Grv^S*`msM~FFcVfRoIs0iL<2S3gh8U
z>}@g@!dYxP=(-AfhYv|2ja-qz0~1&k7>N87L9Hllpc5P)7xA|z*KGqG(L=%jP1LRZ
zJ)Fy*T|oC+jL3;iu<zq;ka*4DR(9c}s^~^)^YM+bYtD2KO^A><>g5$}ZhjXNJOD@i
zIPe|0G|2*ny3x*R;HAK%a}6C^Vd4R*rEyt<R8C7wT%7aChJ9(1*_mF2s^hTRT<ay;
z4*!#Vta*`SbM%RtoTr6zPv=O;vsr~qFI**3)`sh3uR3@Q!r7^^KH}Q{h(<K>sjLu7
z6zolAU!8F)^J`)IX3yz-{esRX?1Zd31eICz!d!zV2sDwwz~>=%Shtf?IY_zj$~k4S
zS}-X*^JIVW)1w5Z%LOVDJUqkGK_{8ReVyJ8(UbQC-cf`;OR@t|vsV@LT$$blic$-J
zVh?R)T|ZAda-#juqa<^>1ti~EWbAFS*~ioa=0(Ctaf9Gl5~WhE->|Xc1%j<hf+cM|
z_SonIy_4T-8@r_$r$m{i3nn`;OE7#PwIXz|jos}_6K_4-jrb8=_w)<eRxtq~<M`x!
ziz&Jcc`)xIxtHODXxXQ{*}!H}7ZSGMolmv(UZ<aeC9py3^Q~BXhk4!>G>WNGb2MVb
zR^MDA!}Fh{NIic<ME7)_eW(2!nDi?#ZU#%@p18m(=`>*Cc^gg+Q9HLLreXc5V8M20
zB20J0fkS&pg6wH@N_U&R_yl!~x!q8G!(vq!C8k^>Pnzf#B2SD{{7c7>I7qTpz2DfT
ziC5$D-Cf+h&$Q7bFX-GGm&ve%7+#DHy|_?7`gj!M1TNsFjb29W0`CS@8!l--&B8(S
zo|m%|beR<J-rGEoYh6Ycil^OPV{LFU+t&-xWDo_QyC}hsb&k~n;Ot9BBj5_gQQr+a
z?+2b?o5WHBIvQE(ul0@?W6*JdIoJMN@}R+mW#%u|Xt=>-$SIMDO+CXqq4=ID@j}UJ
z_3H@u!br2kR8=)sJw36X6SJt0CVQSI@<F(b*c8Z->5m$bXHx}<tR9FN<@SA*isL5d
ze>MRbSO2tt`(tU(UrH{f-Bife$;3pZA{_9f<rYBgu2#l$gsQA%4d=n^PpTTzyG7y|
z*<+Ho&N%iNi`_O|EbJJc^_IxDY!CHrxbWRyMPE1T<Rl9_t!}Pwcn@<U5wUopu!6i{
z+l&<S)^m4Py8cQ3GHuN&^-*_`l)DtQvCj}yapkUJhnsURBO!YOk<t!Y%fsFyUq@3f
zJ%aNHCiH9NpR}u->#xk8&_T82C3+tldTYA!#&2hGt4$mkCJjb$mCBo37>~A(mUM@V
zqBIGMk3yLWo?;Zwa>vWhLLuW3eo6zf-O<5b!z@ashkK&<gval@AhytH4gL#L{Ap?*
z`I=4Mk*6labdUM;P9!Kz&DpxFS}|XRtlUTu#-62<9pxk)a1$$IqzQc_m+d$DNq`cN
zLXN>B+>U9KygeR5z<HaOg_cj{OZUB3V}qZryVJvB9^08|^>yYWtJ8;cKLL2Ry&8jr
zq{8^gGi>fzW7^&nc*T*gtb02ICYaEo=-P?sM5CRTLlKFf_*K?T3?5Y^KS`9Q=;F~v
zU6ofAZKJAFjsw^2v!~5v0<bOTusRJ~<-C)W4?CG71tgkKxujBo-+4c}ndC6BU<#6~
zQ;`T+Sd(a&rgF{uhXe+UJ>7v;S<!7dKrVGQRzN@X2qp=<_OUw#%8+(X<@x+saL5~N
zH4l6>x;yDsr4Ms?n#OII%u%<6ZoDG$wRC6BOA;e{NCqCi78zky5!|maOPEcz&KAvL
z?tYDr{Qc|Y&1(KS04=7vm*e7e2YnS8P19FFkp!gf)XQHOnVYy~U$vuu8p&wHfVX^}
zoHx$}q1;ArA%rBEr`xQce{I7WRBTiO+8uJiuMB6^$VjJqJ)HGqqafjN5-b_4I%IEZ
z8tG&sJrqnw?V6Mu(G}{tVqW**IKkfg)PPZ+DFHSeCJ<o#g9q;&(bPW{sgI_ulJXKH
zMYp|o7D<!k9Pcg~nbt%|3ksSlNq-vXAFF6XyNlZ$i^C*tNFC6c;4rqq2DFgJ`7!a4
z`YbRYHz3JKrCI8Vs78gtO<*80C$xi~E@LCt(o;pdArePr!M>$l;`Ix9=~>8>u75HH
z?bw^SjnFhy8v|l=7#O3Be!oN`1EWWpbo710S_nao{DbLtxk5SR3#jt}5MQXe?UN7W
z=1xJ2JWX_gI(s)#&1>Q6n1<^%*f~~&l8qXcz7`0t*@GkVKf5lSeD4~{bHmanI#j~a
zJe|(tiov_h)H?%yDhaBeZKDW*zRJlD%1^pvrYAMJK0Cyn!J7qL6F<xaB8`m>9DERh
zgF!$ORsJHNQGz!9cR8A}p0*%;{1bxo;QjIVOA7&LapDZi@lrco9@ckbNiB2e`<G|=
z#G(C2Yd>IP?OI9v#gV+>SR}9VR`6R<@m&0T$x`*k(3n^2&?+`n&U#uMd4o6};ISGz
zXiYWM?$XN;VNt)B7fUn5|Cy4=ovhDzIi~>`j@WBn+b9zgM%B&y{3WelX&x_06OF^;
z#daW_TB+?D9Gbi=Dc4CBGLoc*WKXVayiZ6nV;^F$6X3?<I!O9J4d)zWtR{~w<>}N@
zv$whjq*K02+elqtk2$I@hB@d;)RUBR;*Us58u0KQ=%(3!&Gt1)vO=?G+D{%<OHnp_
z!ya5N=FM((veef!Y$enuVxJXND7S<gVv~M85bAGiGU=$#;V}BmH#irq%Fec)ok)Qh
z^EM7PDM}>U20rs>3<!8I*tF;@WtY)XJC#-SfTY+9`O7RVgYdkCG*bWb%B1E>TDcOO
zuLSZ&F`t1o$LAsbQ5Ej=5tggLMP(E+#Q3=|Ik0RqxyEhG9EGR{8j$jGCtUoTdH9D*
z^vKofNfWlI#Eb$3R_fR%fsI88-7K*>yh1Ee{!Pq6EFqCi^upmzr)H|<r@FKwC5@Vl
zD{r+LGb&={45If|OsmH;fOMp|$IGsC?85!at{6x!=^yv^b+?+M4_ef1J2eLbh=Sfq
zy-nD9njEz3D%_P`vEY@@lMW<Nz|F!sHJlbn2O7!zSavZLHxC`FlR9dmx^qU-1`sxe
zvKH-jW>k~(azKD0T=0}cf)qF`wzc2nZGK>XX+$m6=iX$|>T5BlV~-WMrP&|9`N|SE
zIe-?Iv|>W+I-Dk+7`PKo6ENGkGM<;(>)41UJVP!<pXk@)_tw^bz2=d#1l2-ZIgbF<
z(Y`uFFJ%Mxy51)^w(*(1`AIMR)3^fV^KcqxPK7Ta)Dj}}-{j@>5QKlqB@Jg1_#nqY
zBqb=8Hov-(j^=>4u?Y|v$foOG%4@WZxIAF)Wo+kKAUr{bOL)&a$;Vl%O%h1q))mo6
z(c_uWOZ2!tdf)I79B_czd`=_T%prqtKKS$l+x+>pnrKIANC+}z*RFhVR<BgN;Ise^
zgZWIi##bmeQz!MeGa!Bq@y9eme&(Y{^zy>`>EH(y(Y&M_`{OBWJXnqpy~pzW9}EmV
zWL|N6-rCQ!_U^xu-BYG?ZafU+cuU~8BuZk1-o}A?zQ?~)TC_f`w=sn*kUG<P_%iBv
z$-glpXxX!eblG@ugjcN?tligvb-o?Lfj%?s{^mmjGI0{w4ET~7QcLkNAWb(E|5?5N
zk|PI+r<*7G+c}Xm@jPvqi@xAoECNF5mf>vm3GrYOZQ!vb@3Tn$c|FdySB=r1q&FqP
z6cLK7WG5`Ru*l}q0jeSzDQPI|w1b@f1H@r<(juPqAd1vI`%-TYf3ZOy&+$v^7YItd
zrNP6nqu%s2%+I<8{6e|`PA<gg0=iTTA-7vZv}>4DWb?Fg^*&8?ynv|0F4NMoE699M
z?_|^Q_0cBSXKVyGyBnltFj}Q;SG88JJp!KDtsk0Pv5e$4(eaz9H6Dm-$iS`rfY)MH
zv(&eV#;5<GGo)bM$)B14*9kC%ILdnNg^Wf9s5o^%0~LnZa-)Hm+lI}zN5?*Lp6(2c
zX_-u>Q=iXM8-d=R|JdAadf)??S|sMnp>YSjkHNs3yu6YQen5rp<}ZbOXt}l&DEDOr
z2aPOJNt6f4$tH@0rV2cd;y#jjo3PbPz?Rf6hwYILIqnGO?jIsBerqXf<WG0u)B`}F
zG<q_q7OZ|vtcgrtv=se3EztNy*GlhvBKhfU<_%W6d)T*%P3Bfu6~PO7Yb{t8)dN<O
zxS}-!)TaTf%xGureon7W(_JcjyolU+ts*17J|(QSna#CZkDy=+aN_fsAB?I2vzl(e
zzwLl)gM_VS5Ni{fiqe+cd39rJ>Yjhf+oXBM{#C+P`y4*!%0uf;=yeTmbPGTi{efPa
zK<1JrRp>dd2+s~ROrHF>N`V8FbYP`kE+A~{S24wOo@}IjAxzFaceAiT+*mwf;4Y!U
zNb%D<MQO?+(`oDd(kJ@8v2&frDva*vq<U`ypfpojp`hU6t5s%b5z!2eo`|XQ#4tmZ
z>qGs{vQ&UM*{gn0VOB6n8=|*tP?(THz9=Y&A%rQ3q_Pv49-Ep?xIoEr1G{!7;+_Rr
zDQLr`<xBv%Qv;y^8`Cjrw2?}-h9a+--F*=Or>xRnX;nVL)7z(tGsgDb8DKtiL@x(-
zy_ISAtWv=Uso+K4BN!l$+V}){O_G+5<04cf_Kp47L!Cf$3=8haqMp_4TuyWgQ?B>i
zyD2mWg+b_LWx`8IWKW*&B{8a{@LYUy(okVvGxKJ+&<of8Mp0rTTqLwlUCM`y^=3f)
zT`tCcUgdZ0%c@-Vl)@?rg8{-Sz;Vc-SV>pc?esSoxs|4xK1yBGURRBjjVBj>@o97?
z$+fC*G60A3=#7d0%iYSLG)+{Gc5Y{Uu3NU@1rZV8t0SDkv1gIfN6~_aS?w^PxGC$w
zc}mESNO<QkTb9{zeHWLfJ|nMJg!mF5*Dx7_m8J1r2uE{OwoYs{#G64ODCMBbV)tp=
zV_$zG$}=V;$E<InJ}!(gQl#7SRO@FUs61<2t@R|Y$%|fhJa9f>a+&{{EHiw;8`Q15
z4UI)`yD4Z8jA|@6<pmZlEP0fT;<tP5*|&ZUGS~IBG%ub!?u1vWzU}k4d+Xxo5E9M@
zi#b6($WdTRpX^Cl#uWJsS$tJ&z}@pGCZT~kJBgYM?Ye6dWkM$7O92NwK9<#!%wti*
z8Ni?u5|(cz8Ogf2F52I#IuCFG&yEIGJ<$<<2z^xXG{=%|^|hz_YUK5k$>d~q^)s<1
zB{-uBFVyyv+9GBSq|lKEJM+t4W%T<r9%&ZCZy5AjTr65I_c6rycZ}*rKNFVINTy?s
zdbHPB_qV_9y(*vsij7KcJmRk8?leySLfQ(RD&f}%KWO9IJy>>zL_`_)pCu}WSgU!)
z;$OyWdCNNbn$6de4C0u2_|-W?wh4^Lv2?fR4s(%>B^^h{(Ixd6>_-miuvofJ<~Uub
zu}W;AykPkxnb`@UzHVDip$_ZgaylHp*0_=In&efrpJ`yc&PIWLt$A5|k<As(0}6MZ
zwYrVt%-qMv(pww%lwS&5qqk;mZm-jS9cr&!+K%0l+qv|dZEqK1UGS*j6I$JKJyA+O
zuGzIy6j8V7>jZDkiI<yM!*n2+EW#3_j`5qL0CY}Xmrd5NL8qK)w|u(tg@y_a38J~0
zDCdTk35o<T{x&MFbB)*!d@>3S-&Luvf`@Ai6tD?WASTfbDk89u$D--<LMn3mb)3oN
z1C+CY`lG;3d_-r}y*6?kFEvpYQNPKhph<&xWfi25@4TLsm7Lxe9rz%n<7+nvzMz}$
zl~(<kfc}nB*je4EVbwv~1blMto1NfnpC8({Y)RVKYw4v8|B(5VlE(?}H7wSaJJZIV
zWTh=XdBc=xurABE|874~%5SF|nO!pGa+ZJr7E7(aNlnz&hwZ*}?To`b#hvq!R%HfF
z@&d`uF{pFX#g@2_ib|e8v@x_1VTFR4b{ZBR0jb^kj+zGX>%|U0r!WvZJeKId?=8(~
z(;#`^jAD7pYO&+kQ_#~)^_m5Bblyn*VL0~g2`1>x5nkEnFFyT46+vxaM-k}*ooY12
zHH6W88IBud6xZslAc~7*v$=%8I45r?8xl*)kC#UlzUTp3(Aq-Gm-Ln6hKsT+M_#_Z
z)&cYvo3YGP=3BiUSyT{CsW;`{dFPJ3UOrQPc;3&sa`$I3$a2^A(R3u2R*8XiZJ^wq
z^EZ$3gy#=h<uM<YNv7js+Pr=rrl^qAXtPv^pE-%sJ?DYXTjG68lAHZbTgye|RQ|jD
z6PaXV+x!q#y_wY<-8=x9{vu8%0q_1t-`o;|2a6s!zSNs9gfA0fFDyFFOi>rN(<)ii
zc!MOj(y&%9Gt|#8f(&9-EK7u(P)bR&*1A2EF7~Zv)nTfU*aY?V*b?^Q>8#zs0@c8d
zrNM>@G_&|&1GurXe~?V*7w5Hu{zscPF`h(fogwb6n#(k@jfaDDw;2z-!=Jph>&x+5
z`Von2d-0Io_At|uOf0P1+&$QPq>(90!*j&81g}oqvLy?bD|?Ic%FA=4)b>5`d<}&r
zV40_~#JRoco#z10`tnB+`g#=A$9>Km&thKMR{=X9F0coJTyX6+?PVjAq}gy|{S54v
zduPTk=Q9+7M#5UDVwzMPwrXGH$V0wogg6$gDn4B~V*4=h*gKm@Cz66s-`!@taP#XR
zXj*+oum7~`Im)<Z-biLyn0IZzq2$s8tKT|?>>K&LgQb{^qyqG&c#NLaowE(`og76$
zQZxOWi9$zJwc5bsr_ZaVXVz%Sxu_3>ZH>NqDCPI3TCwG{ZoX;iB*u*jYq?@F<}r!5
zIh!b`A}kYy>1AFe%1Ll+6Q>O2rFaNE+UyRCuKTf4`!RH-D%<Cv>BwN(h-0{gH`gED
z$c$P)@YV20@~ZezxV@B4g(@YIZUD|f9l?iZU>Q>Rt4MXVLUm=rPALGt9%48p63`u^
z!=1mOHZ@_Ps6AKedq~WN0|foeBYwSuT{?2X8xrcYMcLuvqg~pmT6kR28c*O1rek{^
z-n<upX16^tdOx!-mjvG}52{wBf2}Z&5I_&{nXyQcS1BSW*Kt=skx}X$d#*L+6g!4g
zgV5k9B4-}8QGpnaM~fIS=7<=jxsDi{(9!!jiF7e66punYUbMKyRsmknuguiW++Qaa
z(n2&(Idam?v5Z5QQ%?aTEumJ$b;O6fc<P9sQZULd)@-M0FtupTnIE-}>ax3w&`pUP
zK5svfJf<I$6J~Yfy4y*wpw^d|-VP`sDyM3P0KSl7Bl}9lkRet-Y%!Jsw%h#}G~n}C
zcH$-)AXvlCeNM4_VCtjw?PS;N+}w}GN5u-)^yCz@j9-Iz(E<*?DbjfZMz7LyN_7+N
z4ODeQml{*?5~?aM1e3*y20u<Ib}P<_Ph_v^-fcn-%v1(uJZ6MsVo5F#V2v@7#-B2`
ztiST&Vrh)-8WnRRZ)%{C@9)J_H{5N^&VI)~Q5K^N_@XL>Vq>jl6%%PLZBjPOHA|K3
z|H&B<rImh_NiA#D4ohExUX|NFCtU=H*t|{{o^ov=B$Qnu*@p_+&T+2r9$S%Q&`HKY
z9A`5sd&0I6UlTwOeX-v`Kr``dp_c&nxmJ2Sq1eir<Tl;VVfaX&Q%~lJbK&Yk0`)^;
zvbqoic@HppMIJSyA3VOp-s}4Do(I?h6Y5~`rv!O-b}wGuE0*`iJIzvv7X-Q=aDU1B
zm$vy!&6M?YmDhB=Q!)W!V)ww^#%0QVcLCr6O96NQT;`^C`#XK}?#3T`E<IH<8>qSK
zuQ8qi0D*gD6u{*v2oU^rb~ozo_op?XzpMecw7i_404_CCE9fuFYNl|ggX`VHe+#Qm
zpcXJwX-7|h;T^;c;N|B7a`OrEf%pI*VW2RNFi2P!VEk(;*wMlDZmtX9Ua0*;m6eA(
zx;gzLhCht`LVt&)dFKM$)WOB+-mtmXZy0=s%Rt>>=1>iJ>3i_cFg2hqj&5*ss0-je
zWg7no>OSK8RQ^LA7XHhT|CKy^pVU7b`ZIUGqR@0RbN!VPIY+qtFGTvE(end@x&Ms!
z|7CEX-@*MQU~5NJ;~=SHgD)S4Fb^=EC;M1o%Yo>eKd2*IDhCtl)@Sa_s1=_-)UpG{
zTCeC7_gwb4vy6^~w;9^yrg{c4)l<=Bu!R_<0DmBAY{;mUVS1=UoQ|`~ni-uvZ{8<s
zI6y%<rzrb(zuu?t&wl0M=KI}1_wN0X>t7lAKWx{(8}Yt3|Ep#^f4AQMZ$;y|Um(9)
z@~^5ri5|v5;=u>+6?fr4))GckhO&|05k3!iFy0|^g3!hMSh+sy3FsO>coSyMVJ-s3
ztfXEqh4=~aSqfp>EFoe|Yn9m%8NmqDhPL-Rr_7~3Rr@*<y~Xt4e_K8jtD50ZS_i@z
zRk2ose!F$*E;pV-bFinY_;(e5CG~e1d4zwL@t4E@H|ls_v)^_6n^0VSHHR|H!sU)U
z?m0)}FQ#z2=a_#iUY@@R@Q&i{zS(efgacU2O<{0H01uFd8^{e{v37NJ65+a|zB|wg
zZt7$WGj{<x!mU_Yf7wxkJ6gDz-+cq}zd!BoM&$YD$0dJ605)|swR5!k<Joug=<+8i
z{yoVP4z<MO2JrA>a{sjf1O){61OS$RKQWLX&)s6V-vAE3F(H2LJ9GbuadY$B5!ioX
zLVTdRj`}Z5i1%*M{3izD5xh&^e_}!c_aXf!2I9Wsu76>I|MCwc!2d5_Kmxq~vH=pj
zdkg&c^Fa5#_S>#2+!SU9h5zDYO_(?IK3Dg&tKsN)SO5E*|M8wsbg;au^Iwea;%W+a
T{gqu1NRS_skx^Dv4)cEi-2Ec4

literal 0
HcmV?d00001

diff --git a/1.2.1-misp-integration-mail2misp/misp.pdf b/1.2.1-misp-integration-mail2misp/misp.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..f7a3f9dec316930bd0e88813b3c448e1f1993d8f
GIT binary patch
literal 7938
zcmd5>2{e>#yw8?3OG1T=?Ac}*#umv=2-(-c*w-=kecy>Jl{HHw`<69h4~3%aJBbJ>
zk?p=i_4W0A_nv#tx%Zqq=ghnOp8xZ_|Mi)7et(wR(z4tT9swejn)T9sB7P7U<Y;O`
zBqj#py@hbFL|K8L0HjU?0)cpCt?f_<ByhHaqY%;vGe>g-k+?XK3kr#V+Y@=D$KGyq
zXa|!_?ol0Japp;{VqLft<+ehN)_={&y^4~*Eu{N-FW;`7ln<{<w|gPsyfAkC-6q9W
z#T@2RW+ju>Z7i5~TRR>>ZbQ-q)fe*-3+EYLd(-$zB4}9j=te#3d!j|kF3lNju0r?f
zLHhIJf@z7yyoJ7z6s(L%O$2g_vpR=*gY(B>)o-#U6wa2*(WF&zXt6Pxv6;u>WVXDj
zXs3`Z&luG{rWamHdbQ&k<SATNf9?4}n**Ojb^r1eJAwxdD$?mr5uN>X%%l2VAH`9_
zZ}s=Frn4d<&P|io(vRqnjC(+trAjj&bJuqozo)dC2^m<IJ3d=>7_9MFkmUfY8Re2f
zgm5tb;St~p<4cSKF=xPqe1iO#am*dxFHfKNR>lJ*r-1_e3KA2;0KkVA4hC*Oyi$@N
z2#D7V4jch*0|Tc=UL93a8-y9^M8-n^B!Gz%h}Q!Kf}LFbkdk$Dz=-@@(}Ek!4F(Bf
zBz`Of$o)`B=$A?$-aDR72oUdWxFrH323#N!z&enh^LUjJ=GO3=jvgR=00M&`!Vn%o
zAprqFJ`e;7=79?FL4ZrcletoW2Eb$&5GJ`!Gf58V=<4*FR;N!pL4PW$0qB5)JGeMu
zo^0m%6P5ySX@r}#8A4s|CI<XrraHpK(G_WiZ~<W)tB%RbA68-ff^qn7DGkA>{GaDE
z#^6(pez^F=3=LOP)QMAM9g+4Y$j#sF#~2RzVe$W^dBQ)<`&D-K8jT54V3L=*c-I05
z=cRH;QfEE+-AVgf#|{TPB-KRl`|CgvhXmj4W>%_P-w979u96GpllI+-@oO1+#*i_6
zT&>gOl}Ks?S)oy0Hi*78Dm#eJ-LxgyP*?C8simLSs*zsl@-5G8HX2zjBR<kQ9gF$|
zgX!5d6n$&`M4ID9lV~||S-|dYpb>sa&l9a8=4dM(l~M3g>CGw^R<8^x)*75CoioN?
zLc@bTpvjFQ%+Fd1buQK?QrlgYr6Wj=^H_YI!n0OK7GjQv<CTc5SD@vN1aXZR@~C>m
zh0q;}bA-BH+%u1?yaU@mC^GRa-R~6&5*r2A&@bB6i#irQounghWSQ~wdM(GWE3z1D
zsfDZTB^Q3TUF=g{u+`PddY2}~N@M+giO}yC8B`xV+1!-zzA{f2*qoj0t<Q5N^1}ms
zWxV#Bifo!z!-;qO4b2})B8NK^>ugQ25X?JET_#;bC~!v5jmnz~JqKYW#h;oRIN3Wk
zug_i^9aY55tduKZsk~Mjci4CvPk@}=FW_mw2!8vkH{TiKrtyzEDDMY9ov%O!#5|s8
z%{hCPG5Bi|zKEA;(zJ$^5pg~J40l+$Pkdj+H_3{qH1029WpZ;I)x57#1CAAZY-c8n
zvjh4S{<))^<nNCy1t_(jnT|<~(@Z}}&;Q|;@>j)R_K!a+=CrCXmGN)C0{^co26DP<
z0rveW8AA;v<Pw-*^5X>&ET%6waS2Sf>TN1Lb(!n^HT48vWUd*Ry=Iv8eSEXH*?Az;
zVuAIX1gh{|X3O+;RtrmuKU-$<9WEDy>B2#RCv}mC+fogumh~#mQ+4}?lw^z?+_nXJ
z`tQ}Ohi}NeZ)0ZKv^678t#>}pf<vFGkSv#?a<&6(I7;!N;kCJQQxj^{Wij$Gmd{z6
z&MRc40WfMPE~9F&_F#Q&`{MgJLwJ}<37h1dB)t*ki`zu47ebkil_nWSwkpafK7uHP
zTRCkRbr(Jruq{2PSGL&+h%v%Z{Tx+7STc=H2Bma@Vp=alc0xRf?MxMdtgq-kIGflb
z);BU*ldhlsR;%^;bZ8)D(LNrTPq#2j`|~{eHHSDug7z}GCB+LdoNNC4!j)LJ8h56y
zg@xQ+qTANIQ8f0t=bQ~S7^0eIxHT{OCbgllBDl0+jQ*y|3y*~kJU08v3CFcB?sIRx
z`N5XIaBMnH_cdgTlJP%QUoLfOr5Bip2^^B*H>!JL;xwXfR$xlKHte|Jqu%G5Bw68X
zwHDMkN&?^3Ca;DXyh|Uj(y4nVsw=Qs!b{5bwM|NZ$f1w0&6T~wE2VI-+B<lXIJw&j
zJM4xDY<9}M$oSGb|1aE!XEG14NdBc_e*WA7nF<wx{H&Oh)cD^h8OXo9I6?mFHz!QZ
zoW5c~Ku}>J=-*zYrUb3;+|hnG<2%!cH+&RzEgQGUC=ic_{YB2a-nA~=+Z9rLg(kTm
zMz`COi9$iGDlbiM#n>~Sjn%iBAGIMEx1Oh_ROpValRR&h?jSm@P{3KcPHv{y^yOQo
z7g8nb!BETlm%{D&&%IlgruWx3uyM{X4PyoAX$e$a?lPLdC$G&cBul;iT%P{xbhcAl
z8J2t~)!X<x%Bg;mwq~ST?&6<E6Qe8z#rWj)aV`cWS6Qaa?7leCpT9>!Qpz0kb-i5g
zj0QuSx3(6y7oT_W0p8qRNWpc%GCS5AGwUHE<e9nx+dVez7uwIXr4edBrFmIe`k;Q@
zwoUaOsbe56RgO{VY;2zWMGvxomx=O&=)`Hn+yS0K*l=y!EU4TaS2V~vAxd>?|AKKS
z$rLf9c0a0+tZKUHIeIX4=M2-+z=638l)5b1<}PWw5+7}p8aOF@LiF>)*ig?`@7h*m
zHn76cgHKu=M1*QM?`L-DVN(<{C#t*)OGqV>5o1|v(lBTeP;huX!0PW5-b(oTE>%Ru
z3v>((U4dcux})9$^FYF=PSdLH(Z=8v!|^9fL58Wpif(Rh<J0Qy8TzIyx3&-*4-|TE
zbWMX=^Jkz@h&(yxa2>~r#!n17hHRI0I+NU&{XA}sJMYhVu6?a>@n&J&@H*V_4Bp<^
z(Ph!zSP7K$<X{IgljrL&k-!7OmCN+v<<<!KFLRMQxQ{k&KV%~AdAXU{E>%#AH>B{W
z&oH%dBFU~ZA*0Jry*2+Sd2H)&;&AfE>izDGC$3*U20u|Nb@%ga)aS9!5TzB)C%W*}
zr!y8+MrjH+K;xGV=yvpMl0F}MDIPtxCgfnmK=U!N&5-&<0$1&v^I}w~3GI|zYvUwU
zlO2tr_PTZt!;`Jt1p)s$pDPVMo8+Cn=QVGy&1wW%vL@KTCr6uSDxKdRY}jPw2&Gdy
zR*9vc+s5R#dMWdhTdI{VQT3(7_EEG}OL9fa@Z;06iW}&wHF}h$;5U?hmdkreaj+?y
zZ5)C%X+)VGD~=eoyIxYr*3339$aY2hT^b|gvKbcz^^iQTUV8gI`4vIM2oyK6VW^=o
zXh*`h*;!!XQ6taYtcPOi^eeO(Vrm&5IMtMVT;A3{N38N0yMDgrn!IuD>$w>o*VK({
zufb)-Z+V{Gp4ij)*YT$LRG+wq7W6m1+m3Qivy6V$IkZ-jdY6Wsyq_J}F8{s&mr<LU
z8G+c@L6}c%g`_YQaoIo3l<@6cOI}mk8b9<--4GwJ<C>eS;^jR!lp=1??NEOZI`wkk
z)q}dnMH?>9Qem1&>7zSpwv$r#@JY=T4Gw0$G)3k&Sudu6&KF@f7mH1X=~LCR`EXur
zSEf)8A)#(;*ZVMx?3Q&k<xS5VDYimC(vH!5dY{66ifMeDuEB9U$dD=MVeT6pkOed*
zF6qUVRn<fi_LDQj2Knk7vPl6c-=OJg?bedD9FdA)R}tlVre6!^wO&tesVEW8FpIBY
z&1FIJ@TXTyXfBqkHT2tZET7%9y-VVV_dU?qt&3guUN>jsD8-m7v&FNk8#|77-hJD;
zs60Iij&Rk_fPV@R-{B1&hE`7wwHM}R85&d=tL4;yR-L(uKlN2ER9zpNwi6h+_wkix
zbPUT@XXd5pORLbC^g7S2ZL#g9<W(`EjjKafx34P2K9eokdYfj%@3;x|fEAs4&Z=>*
zzNeDOFWfTRJ-nfPL@v4jSx}d*X7nD;Q?RD=A){Ej=K?&+>RNIp^%P21yyDA5Z}Pw`
z!^zzRU1!O3Z`}jyuQnD%x;txMmPZb^E@(V(<+$g0&x)20+G5gCchUHJ501ovuM;(G
zmPCcq8{fSv#^Ylt5(e8J_f)P+zVW*EPHJC$xskwo5ysMAs65ubKE?Ef^v2SC>In7-
z_SnL>!sxsHtL~z@p;~)6l03~dowFB=kA^o2!;b1_*7r8{r<VMuHVlq)X6$ub%4T}<
zW8KH;$F#UUEogZXc1SY3AZG3yBR62n6`4$<-_n0oz!ayy!|dSdgH-_OA)&TK=f??<
zY<QQ&)m(l~H;k%^-YBynOsI87w!HDn%QAi{@S+#D1j}Nt`sm)>q~Z_PIfyrsS@6!K
zA@!-BMe|rV7*8hlUF&r02$Y-XwOGrTp1hc@y}j7B`tYGtRn%DBAh+P-y5cAL6eFG5
zMe#CZ{Wez8Qf9vG@4H;T#x@8PUXr<<wBo}0BKr;35U5u`LzPVO!%9WFAt4U)hbrCp
z$Xesa@u`9Hbfgr+Gq<EmO)eE<lcJ5SuAi@!Bxug2GQ(4=@nqu+0c}|(EFwMeIP>Zi
z9dILeReRPS8gb!RwEF1nEy=o_*=eO3Z%%LS*jOHdTGvq$6FO`%tz8~SseB|~nkd)H
z{TW#w%1qry^%-f!dY?NZ0oJRuq>&^l^U#9Jcz;EA9F5ey3Y9;{6<)6!H%!X#;d{Kr
zIXfYVR@ED9s7ma_NkUb5*&Rru%Bzxyn!!?9r(jRQzQoE=%^d;jrYrp>6tJ5(#TKM(
zq&GxYeDO-#Zz3)6ir;6b`+J?E3sl;?^cw3uIMPInbT$K8+Uj;+Dzm<WdD_}3Y;Tch
zg%x*fNc|q_9t&S&Sg>bL8h^PVPqIXcF^I=AT;YD85uH-G&b`@;;=t-U^Fk9Pc@<iv
zmCS6Ev<(X_S*uKCv_ooCe!e=6fqCPY_?wF+coW>IVXqR+9<>gFXj(O2!JK4m*!(Yi
zIP#z{f|3N$R$`UH#W|Co*<QhsI1cd2<K-He4e&~#-GS<23*lCm@uMMU4}wL5^V-gB
z-R5OmV0~klXtS{w%N^*(L2KD6>syQ{DW}$hKT1iz|D_R(ld5KVH)lMJ<rrt_RUn7V
z>gy-Zu{e%Higv&?mxvy6D-FNP%nZ6JoT6&~-ucxBGRKs|$kZdY_xV^Ho_I1goFDnc
zmp@f3D7i%Jnow{H#JrGZ$jaTW)=#U?I$~hA*Xq0WHhCvGvR!N3l8iQ6I|^FA>(g^T
zJ!?YNhiuyEx?%hd{q+9yL3_}rsoI^0F=krQZ#K~;I>{0E<@<g*n`R9qhdhS`68xHS
zc*Z2M)7YY0B5RA9w>vnq2?ivKQ86Nm6gr&rS4Fn=#Mz%Ws(KS^Nb6iathL>+i&9}p
z_MFUMD0n7V@U2er?eysP5{q=)!#RZ_7s562!Ro~s1@VVVkO6tuFYMF-FICIL&6^*P
zg<)AXGfL}Rm8Q5=r=&EvR4u@#x$F&>kR(f@j2WqSo@KpAd?lzE6{Q~z5s7&RPa-vZ
zsledZZy@rxBtd4?Hk{P{B~eYsvz7a`vR+a5;Z(1=L|$QsuP8WLu-;dM#s=eljIc13
zmB0G1OEL&6$NGXf#rJ+E`mh8!XyH1zx=HYEe5Co=DV|a(-PD^?R}~7t^f$8$sJ&$$
zk&pUvhPo3sB?mDEN=&Dt{fj%(C^y5&r^$Dl(L902H4J6M2aRZ3?Bn;XPqABwFYmcy
z2g{P2U2O5QUG!J(c8uLkCHJdhjq+#O{78Nz9HLE7e|57GU50z4Fv}9?e_<Ct@c2?&
zv~kyF^wKVZ#AtMWj;41jdfV?vhG1ZSYn$Ki$df=~f4D~?x=mGd{Xm1wZM<S3J<`3<
zqd&w_Vcw2lU~td!z~j3nzeGkvfw=Q$4TW8W#$f;X4mbQv=A9l7vAK?g?w#!g?09<a
zx$d2X3Xwgl>}4|v3B4dWoX_2U2hHgC-imc9QAbJ-W>Sd@yMgHT4YGxBsokSeouebL
z7^<8`A}J1^jQzlbSFC)di;TU_KkLE9vpI48=W?mdY~`A>8wR_jIR2bYW$5eJ`Z-(l
zFhRMw2~__C<D~M?C-P5M_Y5oQ?mf<^*`*B>P27~gb)eZzL9+(72%6@iVb65;(y*WD
zI_uw<R*W0J+{Rsvh{lHvRSSotz1UTD-VH;?((Y`>V#A<Go9FhOr7|YV#|LN?%Nao}
zJWkgU-CluZ=Q_N`bv6jU%!-URsB~(-s!Nf#-QLuO9xBdW{@nhM-KR6|>EUiAIu*C{
z{B9098QYkA_rS&Ps0qD%uv?6#!p>6YF8H{Wik(Va?6ROCYrtBrWfF_dXFT{u&O@==
zv7mfF7#I(mo0qBZaVDVYoNpuNDeT<Ce!85$>B%7k3(;is;R<OX7m}OJ#pdjL*~CZB
zK%tWmSJfBmQ;SA2rQk1C>dG2fbm_{b>#ol8f2>I2Xc`WcfX$NxvIIRBBjTkN^3~(Y
z;&HkRA2M|=Lg$blrJ=(K$-anjZ88RiUhx@>lt`O@FF`za!St51S*tmWmtbyDfhcRO
zOMyt`i-}+6z2!zQulAg$%1d8#uM3qAI_g`vQ=6}fcx&i4VP_u#mo8n;xO3gQ&TAJX
z7--udsP`8o&dN@B+?f5KrX@ZemRl@@3<-^oX``T~Gm2}+wGeeKL^CD`2|cA@SnDpn
z#Wt`SsvEv^D>u|q1X2}urPm^Jt|KNO-Jwg;TG{6=8Y&`DLa6ad2z(wtk7NPo=KcB4
z+ez@z7P|dpGvh#CgZp$Po91M!Pd<Dz*^oxwIG(<8>kb%;ON=o@oc23*<*IZU#q}#O
z@h;mQ5?y0gJ=19y^qyE2Czx@M_GNT?zs*VGab1STpsnz7KhzeIH$=SuoLfc5M1>-_
zL!ga2-uK#~#zmiboU~6%RPUoXu`?GVv>-R~7Qf7+Cn|z^gBR~I;f4{DP+HB(I*`AJ
zeSuR+cay7tth9|qa;mTGL6C{$yWU>yrjGB&$GgGDws=Q0$MbUxVJzfS|MDO9HzJu|
zKuGA<pV)t6IDav`|H{|=jSERow(S6shix212|JKQE4WoLkYgjfdmb@B*U7*lJw&ll
zknn^3%WQU!aERjhH-w&l*57_}kv_oRgHxYm&^A|0#ck*OqjpK!6q@X6654#jxHia@
z&UHRKI@%$9Elsq98Is5^aH^`3UL0~}cEjk=h(*BEx03u^H@8pta!@Qjt&!~V_;sUD
zZ%QU?)p_4sQ=@PM1HzxmI9iJR{4zALnuv{!*$aNwT$4ICtSDZMAG&HRK4WgkyU|wg
zSuDj;*Rz<CDpG|eM=Hlf5|wA5aOeDzG+WVRLpmkZrPrYjLga=D?kwk}<%cOUhCWQh
zd}Pw<W+3eu+qY8rp0e1x8ZNlID{MJcr1+5rd^39GUp$ZT<`2G&4<_)-@xK#gr-U(v
zZI?#4m?5p5P>#qG8V&=g!0j<?x~B9UNgYmUgbiHFRRiF*xo<k!ng0@!h1*-(d4kwa
z$3YkY5JrIGRKgB!=>mfOlKw$Hb3?#_!XR!aL;&F6VZZ?bgZ^Nl6;N<HYcoj)OFIMz
zd@@hc#SFvZ3-bw`++q~P+;j8s3!DH_a3^_$wWSq6^aIPBKpH57y%tF5bUx-r{^t$G
zE`SR}0L1qxvHur=2>E9x0V937;7=M|N<kU}V*JK;GIA5{g1{jErK5mZ8lEnI9tsW?
zj+ki}T3;PuX$^3DfbS%M-U{NxVHkQv6={w@T02;R*cHqHL#<JszlJniot*3t_89X|
zYy*_X%)mVVulRu=C#{r|5p9q@7-)6~f`RUd5FZEzP)AT<evlwc2>3!lP~glD6#~Kd
zz`*%*90ml%(D1ib#LqOs==@i{oGkyVyMVz@z5U<vhl~TzhQpZ1`_n{j`I7}tgKG{4
zf&|#)0;qlx74_4e%pFHf2Ww0N4+QA=_kIb6E&a*<o+^py0=b+ls$^}BSqT$f^<Ui`
zSHOpm->iiE#X|$lE1)+BR04?I3~r5d1VMNpU>-1t-3o<r65$1!S^#K?ggaSTo4N2f
zA}u*ill?Z*(cIMx=r#WLr~Q?EKm`7@Knf1jf}`b$4JX$8=w$sh$peY7AOeH<AVlC_
zACRDc0KWjp0`voeL4<$^Vm=^;pBR`Q2IR;e7#QQ!KQMlQe_}9xz>|NMgMs;g0Q?<;
z0DZMTF|Yt1@N@8o98~CEFu{MU$Hxx_=+M8<<>P|^VfzE)2R4*HFhQ`uKjZ|#Lck92
z_ql>l{(tyI5Gn|S<_|d-&^7x5gYgOc6XX9~KNJ!U>^#Vmo}Pxa7XlMEO!=xiI-)=)
j@jvbEVKxb1U;LTjE+{w>brNY9l%J1?g+)eHmgqkK)t%2m

literal 0
HcmV?d00001

diff --git a/1.2.1-misp-integration-mail2misp/misplogo.pdf b/1.2.1-misp-integration-mail2misp/misplogo.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..60da56889e07735aa51a541e4d0a2a1bb90ca9ec
GIT binary patch
literal 5683
zcmb_gXH-*Lw+&UKONUTG4~UQuLJCcKm)-=VgixdeLa5RauAp=-f;2_sf+C7Yks`e+
zNC%aUNK-^W1ux|#*zWy&Ki(VTJ0s(imA&^WXRb5PJfg-LT4$ira9Yvo_Z5HB!axuZ
z&iNv(q9RDf0PEvMa0kf|O{TOU5J*PL!;65$6OUd_1gr)YgLA>sDl60a6Yy9kZ`$Cz
zBpdzorJ7Sy+iZ<3#vQd$P0}}ok!Y#@A_d-bgz{5Z746)*xJ+ZV$6JakM&VV7k^EmQ
zq-xPd$~zYmm~Lm8zi2*0M(%ZoAAbC>sC?D_pk{lWcOri)rqHc#LTd5(_QepE*YMDg
zF8_x3>Xz<p^}AL^p-y(F>&^31l}6$6bM?EziW`B7DqMjPC3NpQH<mvxuZu>g_|7Sh
zGwnu>Zfkd0V)7ynSQjJtnJH(xn*|VE887!f2GpG$a5x+pa5xIs4}5bkX+V7m{m@s>
zs+TT8S|?$Peo=3cVTn#nMJ1)m-f}x8`t#@{wzW|EhE=D@`+B#xHH;IlQw_VSXFwXG
z4kiN9U2?1(dJ-oIik$Bb1kJ&DVjpK&Q?ynWP>UgQi{*?5qp^X}4$;(EEn}v_D`5jc
zTL}zV6i8atvS8^a+o&;)xt5OjiO-Jh`@K{WDQ^{W4W+FGMfht=j6+)Qzf~gVJ<ClO
zUfy~p<ywEYLPy~RmuTg`8MfnvgSuI*3J0M^lvM4z^Jjx=a+`scBjJLNLi+En%a?6e
zWQJVNM-fz+3>fH7v;eKKT!kk%+ASk6%51!s$$j(nHv?`#t}t2CD7NuLX5VR51K8f?
z#nnli^@Av=rq`Lx^KZU*nS0Hj#rngPu()tr(*ZZDV7$qManpHS&%MN1ce5swuTShS
zTOxHGsv09*t83fu@HBNh=_3~XGxHj|U_y2_U$ANq_4wyr*c5WGao_jOc0cur9{2@V
zvu1;7{JD}h9l-kAA2l-R#k`eHsf0dzEL}(^lcuvB!u)nM<8*b1Oaj6#8|?9@&}l#r
z`={iofRLF9?uSE~A=k^ynp%?i{Cux)I==C<40&tfv-+rw!<{OMohKfR7s^&58&uPa
zK|Ka!XZ!U%>SFfx;j-+crb(kp?q}F4rU%$Aq_dBkg5R7RL{$!>SAaW#+Hp@`l)lKx
zsn5&MH|JtpK&k=cbJ^ZvMHx+5yV03{sLNW+A;(YZMN6QEr#EV-1*uMKcRh=RRR%3K
z(!-uNmOUSRbC%h@wUS(Qtyi2yFpscZ>;58+13A^(PP+*>*%CEZ1z;_r&1m8F*nREj
zo14DQA1BAmzE{-3MewiXNW5o=J|CT|b`+6`s}aP^=LfAgTv@$7d^!v_Hwx&Hd3N9L
zac_@FiN?zh&--^w)u`RcM69}!xYWCHDB1CM{6xP-;%noV#`*vm53`odZa?44ekaPt
zzVEo_;^?$R<<jS8%{))r-K9h6Z7HU*Ck6_?>t~|qR+3XvK1UO!dxTL%s*Ve3@<*5U
zP+{+f>26C6QL&WL02Zw#_pe=V6S!Gi(<S-Aa5+lyqa99qve>aj8E7BZ%Y22!13FY_
z*o#x2$vN4`;qsXBzU*IN`D9k*S66Y&Vi~+}v_KEwTJ~SDU+3<;feq?9Q(_H9;qFYE
zV!-+bZDoxf9XiO2JtgPVyJis@w30dtNSlOG2QG?eu2*ywBYJh?)V{5;tbFQ#9nFru
z1$n6!_0LONbHLkIqUAhTR0melkxH3C$Vnl#uVKddi|mZ<d@UP7Ea}CSQm<Oy-Nu4F
zrUY!VvYvPg%oTj{yDZ4Vj9Fy4?_}2*-OtVRGTY&7?6uT84TYl3?yx(KObLu`m;Lmf
zNbnl)(qGYwJB$z9e#0)qC~75|au<^h(Kb#?4eUu%nw-+TCuY4*FK?o%ul>r4-1jlB
zmk@oboBbTkdNG|<O3_@EqQJYck9tqpwcl^^B|El4Z8n1;`;^oV1>5a7xd<J}gp+6W
z%lLbvvnB7!S?QimD$o`+XX1s+#T=;Gl1E6_HTAaXlB;3L_@kr2x21-xCO7*H7Un5Z
zL%~}fQKr?R!YLHfE1NkTwg5uf9%Jp}uq`0LM1Yn<>GWDLn~U^A|Ew2Pm^HRB9VOO3
zB|PVQ(Y);@-U-_4UwBIHA<EM_4SEA!o4YdZ_|@DRt<rKjw3n-f56;VT0P(jFuH;Py
z)#N!|-sw-I<}UlT$E<|PnPn9U<yr4+7*$YZ&Zmwp=195sWcm%i&dy%Zug|p3Qz#Wl
zH;_&U<%kL*ATF=ygwK2T@!F4x__J?JU!7v?=y%^wZmH+`Lf$H^irM67x(j{<fOuv0
zya=zf?07t&)6_0GkcW-u_xCGI3ikeZoiR=gR9$x7gm0++B0y@=Px9uq@L(Rwi5lms
zzPzXcA(e^IlD2F2D2+0e9VrL}B?RrU1RhHt6`dpZ$^NBsPfqqrQTLbKu3eChR1CI4
z`Mv05AMT((HAS;BVi?y)-RWGU{#9X?CttTfQCi9Zdr$0buFDzWhMF?jD$i4We`Zyf
z&&k7VW^b4oU8qSer5B8!v4-_&HS7=CwWspmAJ(53CkzRSEkwc9>|rRKLN#78=WdFD
zUKV!GKHXu=`WIvEsHeKB2#qsm2R>b1JlmF3p8-ELl9^~KJGjA}6i!v?%VpEGbs`c#
zhXoAs7oVPurHZY^%FN_L(C3F97>yO+Am^!oL(kAK3sjNC+0pF{cIL#87<8c67+XJi
zOkQ9ufSG^3KPI*mt!;Q-MgPr=G{8Ww*^85K86fI?ULLT1c*=wuaw+Mqs#)W9glg^N
z6p(uQOe>HY;Iin$0c=TQEYxkhLvCrdtT4q8lYNk!G6n&-zP}$&R=|C&5fgQr^ApX~
z2$=*D$Gv%odS5_Bg(&Q6bH7A)p0>WFhsJn)N_VC)eoI7V>_KwtJ&PVagL#iiLM%lR
z2lLIh{8H16^cSS2Zwx=OMi-pIa_9#=wh2A!wi<TY&280gvmo~lMOFiqK0@4Zpo45*
zRHf>PGUoYc_$mDfx`9FO(ntbQ9r0IFzj$XAY=?nUT>#-R<GMn2oncaFaMlq*z>HaN
zs4w^GtaS{Mt>j<5MPV8+Fc>h=LlgX&%!s2zezH%*5(_>zNXB)@p^6w}J>5D;cD~wi
z1xTsR^p2h{Dj*w1km^;Jj%V!YYvo2)>zD~Kbg!~9NOFbJ2y%VZ8W=>l49KMnkz%<y
zLqFZ|AokXX<k*ogU2TO+B^Mf`kOLhze}tld@XQ5+(YVx@TZ>PYG>4Kbvk;n0bzt;T
z`R814J=|kV0v*LV7hIVUC6zefubd=&eV9(Owi28j-x_OrVMZaA{>hiNm5cT>K#mo*
z>DJSl#Mg<jO&~|UwLBM~UN1;~AJ8bYH2`o7452sF@T=sBXxD9D+hq`EgO0n5RYsVN
z+wwKH&X_y!sk~(j{Cj7jeInR-y=Qh`a!#myu?(6#6c~gHwz8gXs+4Qpm|1D4`eTG6
zz#7anQ#{UR=-2Q3{^Vb5y3@hgQX=R}nf9eJe>7%ZjjJBr<X2I+glQyv>Y|r@Mi-V3
zE9-u^!RqTUB`#Apn_T|LVb;dgY5dZA8^^^$?RwRUyy>r2F)f}csL_JZ*uk_<R+HSp
zC4Wg89cDbesIbQ>I|<n{8pEdTFJF<NDcBdc@i|{eD|V(@Ypd}2P)){>%R)igzWCll
z&4@w{DYB?m=g*GbJns^13--yv{EZGrJZ^{|_1@%s;_%`{ExEueSqaFy&y2OS@Grnn
zWmW^)N1@}(t$kO@RaPwm+zwV}F^cQk3!OFjrcqz6=99l@ymx?NZ&AWOFME1$Xzr_U
z$#Ml*v$lw7MYQjxmIWJw(+(22A16k>tZR^5DKg>**gYwKz!_vU=Y)tJ{p`vV&MkWi
zRUv%t^Q)jFwF0xT=WnEKR-1OyRCXw?R!hzpcHDT-yT-A0(J;cx>rzGJJeWS+bBWu)
z<^40H%9otB_KCFG_6NW-DGr>jtBN&9SCMC;_aw+4y;%{sy1^cz9k!Y%kVWO>`q=a7
zA`A9?TOF@T0{I@|#8eKM2bg(gy`7iC?MqC6%|xa9k;=wHz?27BbCI1tla(la+Z%GV
zo`xot+dDc8HvXJ~5%#U}>C_71n=uM&4ZCF8=MJGsBQ}!{z2E5z(unM;jVbqK4n=_C
zZ-D$d7R7Yd($qTpo0~OEY92q*YM5~UntGPf#8=R0BGa(M*3HwFuGnlTOtH23)*#}B
zvZ_MP?(o2=RITi*Us-G<nkBL4Hx(Af8@?<vHK$n*+I!vZj$bb-&P=_4Jt+9}{-Ku4
zHKmL}u3kIf26oIAvuD?R|ANKV#>}H}u4^Mj8_R|tisYlL64PmOA&G+e%=?t?Kqa?;
zMjz(^qXPwv@_ivH?*@&>MLR6B!c#}08%K+_VP9|`oB58Y(gMwjX|X;o-*pJ_jHF;l
zvW0Xc3Ktj@g&++eUCRCxILDGkGnk-lMj*-=kfI{VK-^@UAjAuhjJhfa3X;J%5%)xq
zL;U00UdGzU`63oWI35!W2f<152qY6M50XDVBaR~ezI#Lb^aheK5Anr<WQ?8Mu*aT_
zo$y#60&(#l>dFx7;^Cx*3kKN|O%M<if|7=#U=S!0goH@Lph#I5$o_byI?jhcoazrE
ziM4OaOdF32@cl;$-+Ucge`IAwi~#TC<L^uIiwXH*)&&vp0ml)MQdcLA(!d6KV6djz
zYNR3Gb2i2L;{xy)tUriUKhu9?NJ^hn*MA5`)X%W~H^E49^DVsZg*?v5EWnv?TpukQ
z-uu|1_N^2!6bK3jA>kl7$oKSr#e)11%TERBonh!R1)-1oqD*DflBmMciP@p)1n6>P
zXukTJBK)za5iJ4pcZSB6lIbCu$JYHz@mDT>Q-Kk~yolzJ6o;glBi<~pbLmphm5iy$
zrVMoLP4SRrf}lm#{F@BnSo72eW}Kf<oP0YsD-^pufjRMPas9cO-q!g|FBt;ld1_I~
zedem639Cu)a&YA?*hI*LhxJpFUtuf(q(191c(Y0)+*U_I`>KMrHY7}5Tu#-IHSQg?
zJArYuiK|Ggw!kG=G^tClX*iQQk1sEv=A)Mdb!C;4K!otKl*H858So{B>3ll<#miMm
z0NnXB;T>SYWB|c$eQ>9d6GE@)iyr}B6kEO=nh93C1)ZeN@ALOjuc)Bz)+kA$uEMT#
zX49-mW%VXLwUFG+jCg9SEytN}*c@M3!?*EAIz2zvYZcB7Ra`fOf9!5Z;7$g)|L3Xw
z;sl>hmm<-gs79XVlZ<EXZF#odmL6ZIKYf=iL~H)s+a5`_DqN^>%fj={vDeiApj(9~
zVX-@!k{auNE9mr6lh5?qsM)VUu6xtQ<abBoQeP?#n0k^$UUd<@>*3s|)JPbgwkNFH
zg*|KR<3F<a9JsG|NDfo%P5r%{Nuc`P&T??%kNzSd;2ZjmG4ucI=3jkEYTf@pG4xkw
z{uf{@CkuihK_~<W3H=SmP*S@e_tZ}uTVxnMvJ<3<Tds&<XExdM<F-*-vs^N)KM{gE
zvQU+ooQA3V*-p0OP^Ke~W+(;c*9SUq<yMo;I&7{R#XTsLRWQY*CKQnyWnY#B@1;HG
zYuExdnByQyf6#NqPq~qq6{9HT$>l|?PDb!rntR}$_b?O}$;S;<eguOG{H$+!a^un*
z5wZ^hV|*rS#=T0-W(PjB^?AmcXg{Mf^Q}>U_uhIv`KQ!1%b>B`=}afAUYYx_8=cIq
zZTYQ)m^1{zKqRX=qJ>!?;r=JzT4iSVyJ4n~`kIRj($6QC`vic>aea*jSGgb|4=Xm3
z;iuH_4<_`4rfaoF-y8Z=Uk|vobwjQ067+)&buQC0rh{ZR+B$DLMApvUl|`_SOJkkY
z-XY~wd`jnEWgBmwT#iexEn6A}8W#WIlCp(<$NnlI&mF@%o!eJ!a4wwhUULB}x35dA
zum@$yZKn2#deK)GsCJzP+80V*8I%?0mzK{>PRh$}1!mVH_AC&cVdohB6ne<pN1iV1
zsS$shshP8MLp*m$X<}!*DuHfowzS}a2)5|Wdlib>cKqckKqU405w&e68YU}<%?KLC
z3$+h5%pc@OTt8xfeR%yljE_<E6URSU=@<h44Iq<1`vb_o2*>}pJM=wV{E6g3;w00b
zR1!eqpnp8ip}z={NC(6ZdjuRF1jaad;Bg?RG!!Nc1%cfO1Yfiaks66cH@uUty9dT!
z8i#k2kT~{ZjK{eIV2B?I|L@a&bt3eiUm(9_pzcI)^1``&TboFq{@+RS*Q8)P)|Hk>
znR2v{pBqRX4u`=(uAuKWI0Qi~4rv4V{IJ1bq;&sngFuLU^B*>tERy*A`S&=Oyd3fA
z^KY9R4E~!9CMWxw4>?&R@rm;vb7kd;uPpyzL!o|KPY#9nEj~CD_S<^!f2~KrJ9&6v
z@y9f6<`Ie|)r!Q#rZ^n&{{MQB(DiX8-shhr?@w^T6OOA3hd~jvqN18cTD1QIeyVNa

literal 0
HcmV?d00001

diff --git a/1.2.1-misp-integration-mail2misp/slide.tex b/1.2.1-misp-integration-mail2misp/slide.tex
new file mode 100644
index 0000000..8f99965
--- /dev/null
+++ b/1.2.1-misp-integration-mail2misp/slide.tex
@@ -0,0 +1,29 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usepackage{adjustbox}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+%\usepackage[T1]{fontenc}
+%\usepackage[scaled]{beramono}
+
+\author{\small{\input{../includes/authors.txt}}}
+
+\title{mail\_to\_misp}
+\subtitle{Connect your mail infrastructure to MISP to create events based on the information contained within mails}
+\institute{\href{http://www.misp-project.org/}{http://www.misp-project.org/} \\ Twitter: \emph{\href{https://twitter.com/mispproject}{@MISPProject}}}
+\date{\input{../includes/location.txt}}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+
+
+\begin{document}
+\include{content}
+\end{document}
+
diff --git a/build.sh b/build.sh
index 8c6c9eb..20b3c4d 100644
--- a/build.sh
+++ b/build.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 
-slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration")
+slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp")
 mkdir output
 export TEXINPUTS=::`pwd`/themes/
 echo ${TEXINPUTS}
@@ -9,7 +9,7 @@ for slide in ${slidedecks[@]}; do
         cd ${slide}
         pdflatex slide.tex
         pdflatex slide.tex
-        rm *.aux *.toc *.snm *.log *.out *.nav
+        rm *.aux *.toc *.snm *.log *.out *.nav *.vrb
         cp slide.pdf ../output/${slide}.pdf
         rm slide.pdf
         cd ..