I just published a new update of my imap2thehive tool. A quick reminder: this tool is aimed to poll an IMAP mailbox and feed an instance of TheHive with processed emails. This new version is now able to extract interesting IOCs from the email body and attached HTML files. The following indicators are supported:
- IP addresses
- Domains
- FQDNs
- URLs
- Email addresses
- Filenames
- Hashes (MD5, SHA1, SHA256)
To use it, add the following directive in the configuration file:
observables: true
Newly created cases will contain the IOCs found. They will be tagged with the same TLP level as the case.
The script is available here.
Yes, it is possible, check out the latest version on Git.
Attachments are selected based on their MIME type.
Hi! Is possible add the email attachment as observables?Thanks