Skip to content

Commit

Permalink
Merge pull request #764 from TheHive-Project/feature/Mailer
Browse files Browse the repository at this point in the history 
Add auth to Mailer and support for tasks
  • Loading branch information
@jeromeleonard
jeromeleonard authored Jun 14, 2020
2 parents 89b75b7 + ff97a4a commit 0673106
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 31 deletions.
18 changes: 17 additions & 1 deletion responders/Mailer/Mailer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Send an email with information from a TheHive case or alert",
"dataTypeList": ["thehive:case", "thehive:alert"],
"dataTypeList": ["thehive:case", "thehive:alert", "thehive:case_task"],
"command": "Mailer/mailer.py",
"baseConfig": "Mailer",
"configurationItems": [
Expand All @@ -31,6 +31,22 @@
"multi": false,
"required": true,
"defaultValue": 25
},
{
"name": "smtp_user",
"description": "SMTP server user",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "user"
},
{
"name": "smtp_pwd",
"description": "SMTP server password",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "pwd"
}
]
}
103 changes: 73 additions & 30 deletions responders/Mailer/mailer.py
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,106 @@
#!/usr/bin/env python3
# encoding: utf-8

from cortexutils.responder import Responder
import ssl
import smtplib
from cortexutils.responder import Responder
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText


class Mailer(Responder):
def __init__(self):
Responder.__init__(self)
self.smtp_host = self.get_param('config.smtp_host', 'localhost')
self.smtp_port = self.get_param('config.smtp_port', '25')
self.mail_from = self.get_param('config.from', None, 'Missing sender email address')
self.smtp_host = self.get_param("config.smtp_host", "localhost")
self.smtp_port = self.get_param("config.smtp_port", "25")
self.mail_from = self.get_param(
"config.from", None, "Missing sender email address"
)
self.smtp_user = self.get_param("config.smtp_user", "user", None)
self.smtp_pwd = self.get_param("config.smtp_pwd", "pwd", None)

def run(self):
Responder.run(self)

title = self.get_param('data.title', None, 'title is missing')
#title = title.encode('utf-8')

description = self.get_param('data.description', None, 'description is missing')
#description = description.encode('utf-8')
title = self.get_param("data.title", None, "title is missing")
if self.data_type == "thehive:case_task":
description = self.get_param(
"data.description", None, "description is missing"
)
else:
description = self.get_param(
"data.case.description", None, "description is missing"
)

mail_to = None
if self.data_type == 'thehive:case':
# Search recipient address in tags
tags = self.get_param('data.tags', None, 'recipient address not found in tags')
mail_tags = [t[5:] for t in tags if t.startswith('mail:')]
if self.data_type == "thehive:case":
# Search recipient address in case tags
tags = self.get_param(
"data.tags", None, "recipient address not found in tags"
)
mail_tags = [t[5:] for t in tags if t.startswith("mail:")]
if mail_tags:
mail_to = mail_tags.pop()
else:
self.error('recipient address not found in observables')
elif self.data_type == 'thehive:alert':
self.error("recipient address not found in tags")

elif self.data_type == "thehive:case_task":
# Search recipient address in tasks description
descr_array = description.splitlines()
if "mailto:" in descr_array[0]:
mail_to = descr_array[0].replace("mailto:", "").strip()
else:
self.error("recipient address not found in description")
# Set rest of description as body
description = "\n".join(descr_array[1:])

elif self.data_type == "thehive:alert":
# Search recipient address in artifacts
artifacts = self.get_param('data.artifacts', None, 'recipient address not found in observables')
mail_artifacts = [a['data'] for a in artifacts if a.get('dataType') == 'mail' and 'data' in a]
artifacts = self.get_param(
"data.artifacts", None, "recipient address not found in observables"
)
mail_artifacts = [
a["data"]
for a in artifacts
if a.get("dataType") == "mail" and "data" in a
]
if mail_artifacts:
mail_to = mail_artifacts.pop()
else:
self.error('recipient address not found in observables')
self.error("recipient address not found in observables")

else:
self.error('Invalid dataType')
self.error("Invalid dataType")

msg = MIMEMultipart()
msg['Subject'] = title
msg['From'] = self.mail_from
msg['To'] = mail_to
msg.attach(MIMEText(description, 'plain'))
msg["Subject"] = title
msg["From"] = self.mail_from
msg["To"] = mail_to
msg.attach(MIMEText(description, "plain", "utf-8"))

if self.smtp_user and self.smtp_pwd:
try:
context = ssl.create_default_context()
with smtplib.SMTP(self.smtp_host, self.smtp_port) as server:
server.ehlo()
server.starttls(context=context)
server.ehlo()
server.login(self.smtp_user, self.smtp_pwd)
server.send_message(msg, self.mail_from, [mail_to])
except smtplib.SMTPNotSupportedError:
with smtplib.SMTP(self.smtp_host, self.smtp_port) as server:
server.ehlo()
server.login(self.smtp_user, self.smtp_pwd)
server.send_message(msg, self.mail_from, [mail_to])
else:
with smtplib.SMTP(self.smtp_host, self.smtp_port) as server:
server.send_message(msg, self.mail_from, [mail_to])

s = smtplib.SMTP(self.smtp_host, self.smtp_port)
#s.sendmail(self.mail_from, [mail_to], msg.as_string())
s.send_message(msg, self.mail_from, [mail_to])
s.quit()
self.report({'message': 'message sent'})
self.report({"message": "message sent"})

def operations(self, raw):
return [self.build_operation('AddTagToCase', tag='mail sent')]
return [self.build_operation("AddTagToCase", tag="mail sent")]


if __name__ == '__main__':
if __name__ == "__main__":
Mailer().run()

0 comments on commit 0673106

Please sign in to comment.