Add Mailer responder

TheHive-Project · Jul 30, 2018 · c90b744 · mnmnc · Nov 21, 2018 · c90b744
1 parent da98038
commit c90b744
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 0 deletions.
diff --git a/responders/Mailer/Mailer.json b/responders/Mailer/Mailer.json
@@ -0,0 +1,28 @@
+{
+  "name": "Mailer",
+  "version": "1.0",
+  "author": "CERT-BDF",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Send an email with information from a TheHive case or alert",
+  "dataTypeList": ["thehive:case", "thehive:alert"],
+  "command": "Mailer/mailer.py",
+  "baseConfig": "Mailer",
+  "configurationItems": [
+    {
+      "name": "from",
+      "description": "email address from which the mail is send",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "smtp_host",
+      "description": "SMTP server used to send mail",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "localhost"
+    }
+  ]
+}
diff --git a/responders/Mailer/mailer.py b/responders/Mailer/mailer.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+# encoding: utf-8
+
+from cortexutils.responder import Responder
+import smtplib
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+
+class Mailer(Responder):
+    def __init__(self):
+        Responder.__init__(self)
+        self.smtp_host = self.get_param(
+            'config.smtp_host', 'localhost')
+        self.mail_from = self.get_param(
+            'config.from', None, 'Missing sender email address')
+
+    def run(self):
+        Responder.run(self)
+
+        title = self.get_param('data.title', None, 'title is missing')
+        description = self.get_param('data.description', None, 'description is missing')
+        mail_to = None
+        if self.data_type == 'thehive:case':
+            # Search recipient address in tags
+            tags = self.get_param('data.tags', None, 'recipient address not found in tags')
+            mail_tags = [t[5:] for t in tags if t.startswith("mail:")]
+            if mail_tags:
+                mail_to = mail_tags.pop()
+            else:
+                self.error('recipient address not found in observables')
+        elif self.data_type == 'thehive:alert':
+            # Search recipient address in artifacts
+            artifacts = self.get_param('data.artifacts', None, 'recipient address not found in observables')
+            mail_artifacts = [a for a in artifacts if a.get("dataType") == "mail"]
+            if mail_artifacts:
+                mail_to = mail_artifacts.pop()
+            else:
+                self.error('recipient address not found in observables')
+        else:
+            self.error('Invalid dataType')
+
+        msg = MIMEMultipart()
+        msg['Subject'] = title
+        msg['From'] = self.mail_from
+        msg['To'] = mail_to
+        msg.attach(MIMEText(description, 'plain'))
+
+        s = smtplib.SMTP(self.smtp_host)
+        s.sendmail(self.mail_from, [mail_to], msg.as_string())
+        s.quit()
+        self.report({"message": "message sent"})
+
+    def operations(self, raw):
+        return [self.build_operation('AddTagToCase', {'tag': 'mail sent'})]
+
+
+if __name__ == '__main__':
+    Mailer().run()