Skip to content

DavidAngelos/email2thehive

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
email2thehive.conf
email2thehive.conf
 
 
email2thehive.py
email2thehive.py
 
 
email2thehive.whitelists
email2thehive.whitelists
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Purpose

The script email2thehive.py reads an email file(.msg/.eml) and creates a new case into an instance of TheHive. If the subject of the mail contains "[ALERT]", an alert is created.

Configuration

The script is fully configurable via a Python-friendly configuration file. See email2thehive.conf sample for more details.

Usage

The script can be run manually to import an email file. The syntax is simple:

# ./email2thehive.py -h
usage: email2thehive.py [-h] [-v] [-c CONFIG] [-f FILEPATH]

Process an email file to create TheHive alerts/cased.

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         verbose output
  -c CONFIG, --config CONFIG
                        configuration file (default: /etc/email2thehive.conf)
  -f FILEPATH, --file FILEPATH
                        email file path

Observables Whitelisting

The script is able to extract observables (emails, URLs, files, hashes). To avoid too many false positives, it is possible to create whitelists (based on regular expressions). See the file email2thehive.whitelists.

Credits

Original project imap2thehive which polls an IMAP4 mailbox for new emails and imports fetched messages into an instance of TheHive.

About

Read email files and create theHive cases adding observables automatically

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages