Feature/mail incident status

[mkcorpc]

Please find enclosed the implemented responder.

[FR] Responder which sends a mail with a detailed incident status #920

[ntcong]

this should be ["Incident Case Notification: "] or better ["[email protected]"]

[mkcorpc]

No fully correct. It should be a comma separated string, e.g. "[email protected]" or "[email protected],[email protected]".

Sorry it is my first pull request. Do I need to resolve the conversation right now?

[ntcong]

I don't have reviewer status so it's just a comment

I tried your plugin on thehive4 and it displays a list of separate character instead of a string

[mkcorpc]

I tried your plugin on thehive4 and it displays a list of separate character instead of a string

I dont know what your a meaning with 'separate characters'. Do you speak about an configuration option?

The following mail is sent by the plugin:

[ntcong]

it looks like this from the settings page

[dadokkio]

I can confirm ntcong error and suggestion.
First line is with his fix "defaultValue": ["Incident Case Notification:"]
second whith standard code "defaultValue": "Incident Case Notification: "

but probably is easier to just remove defaultValue since is not so useful.

[dadokkio]

I'm going to test the responder now.
Quick suggestion, can you remove ssl, email and json from requirements? Those are standards libs and trying to install requirements with pip it tries to install wrong ssl lib instead.

[dadokkio]

Some issues during tests:

• My case don't have data.updatedAt value set so it fails when tries to divide it by 1e3
• I've seen that you have commented out server.send_message(msg) .. it should be ok since you put From and To in the msg so are not required as parameters. Also [mail_address] returns an error since a list is not a valid option
• I've custom fields that are not set in this case, but the create_HTMLTable function returns error because i[1] is then None and cannot be concatenate
• When you check for email in tags can you please check for both "mail=" and "mail:"? TH3 and TH4 have different behavior on tags management and you need to check both.

[mkcorpc]

I have implemented the following changes:

• Removed ssl, email and json from requirements
• Added check if 'data.updatedAt' exists
• Cleanup of the code at the end
• Changed '[mail_address]' to 'mail_address'
• Removed the comment 'server.send_message(msg)'
• Added check if custom fields of type date are set
• Checks now for tags prefixed with 'mail=' and 'mail:'
• tested if responder is still working

[mkcorpc]

Addjusted json configuration.

• Deleted default value for tlp_amber_mail_addresses
• Deleted default value for tlp_green_mail_domains
• Responders reloaded and tested

[dadokkio]

I was able to run the plugin 😄, I just put small comments in the code.
The multilined ().format syntax for text I proposed for the summary could be also used in email creation.

[mkcorpc]

Sorry, but I don't know where i can find your comments. How can I see these?

[dadokkio]

I updated your code with my and @ntcong suggestions. Let me know your opinion 👍
It seems all changed cause I've black formatting on save 😄

[mkcorpc]

I have "accepted" all conversations.