search

MISP / mail_to_misp

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
GNU Affero General Public License v3.0
69 stars 25 forks source link

Numerous processing issues #29

Closed jwilczek closed 5 years ago

jwilczek commented 5 years ago

When sending IOCs to mail_to_misp, I'm seeing numerous issues. I've tried IPs, domain names, URLs, and combinations of each.

If I just have a domain name in the body, I get the following error:

Traceback (most recent call last): File "/usr/local/src/mail_to_misp/mail_to_misp.py", line 67, in <module> mail2misp.process_body_iocs() File "/usr/local/src/mail_to_misp/mail2misp/mail2misp.py", line 231, in process_body_iocs domainname = self.f.get_domain().decode() AttributeError: 'str' object has no attribute 'decode'

Rafiot commented 5 years ago

You're using python2, aren't you?

Rafiot commented 5 years ago

Woops, never mind, pyfaup changed and they decode directly on their side. Fixing it now.

Rafiot commented 5 years ago

Fix: https://github.com/MISP/mail_to_misp/commit/58ea8a64ca1f7c59c5211228988da4679de1d52d

jwilczek commented 5 years ago

I'm using Python 3.6 in a virtual environment.

I'll test this later to confirm it worked.

Thanks!