Missing attributes

[bmuslu1]

Hello, I am using the mail_to_misp plugin to create events based on email content, I noticed only some of the fields I was sending were showing up as attributes on the MISP website. For example... 8.8.8.8 and circl.lu would not show up as an attribute whereas https://google.com or an md5 hash would show up as an attribute. Do I need to create / configure something in PyMISP in order for the handler to recognize 8.8.8.8 as an address or circl.lu as a domain?

[Rafiot]

Yes, items on warning lists are automatically removed, see config file: https://github.com/MISP/mail_to_misp/blob/main/mail_to_misp_config.py-example

You can disable the warning lists, and all the attributes will be added.

Also, this issue isn't related to PyMISP, so I'm forwarding the issue to the mail to misp repo.

[bmuslu1]

Hey @Rafiot I made sure to set enforcewarninglist = False and I still don't see MISP grabbing plaintext 9.9.9.9, but it will grab https://9.9.9.9 and put it as an event, it seems like it is only grabbing IPs and hostnames with https:// only in front of them.