[Intelmq-users] IntelMQ
UCC-CERT
info at ug-cert.ug
Tue Feb 18 18:03:19 CET 2020
Dear Experts,
We currently have a mail box which contains only shadow server feeds
attachment files in a zipped form. The IntelMQ is able to read the emails
but cannot extract and forward them to the shadow server parser.
We need your assistance .
See details below
Configuration From Runtime.conf
----------------------------------------------------------------------------
--------------------------
"Mail-Attachment-Fetcher-Collector": {
"parameters": {
"extract_files": "True",
"attach_regex": "[A-Za-z:0-9\\.\\_ \\[\\]\\-]",
"folder": "INBOX",
"mail_host": "imap.xxxx.xxx",
"mail_password": "xxxxxxxxxx",
"mail_ssl": true,
"mail_user": "johndoe",
"name": "Via IMAP",
"provider": "ShadowServer",
"rate_limit": 86400,
"subject_regex": "[A-Za-z:0-9 \\[\\]\\-]"
},
"name": "Mail Attachment Fetcher",
"group": "Collector",
"module": "intelmq.bots.collectors.mail.collector_mail_attach",
"description": "Monitor IMAP mailboxes and retrieve mail
attachments",
"enabled": true,
"run_mode": "continuous"
Below are the logs
tail -n 1000 Mail-Attachment-Fetcher-Collector.log
2020-02-18 18:31:12,672 - Mail-Attachment-Fetcher-Collector - INFO - Email
report read.
2020-02-18 18:31:19,310 - Mail-Attachment-Fetcher-Collector - INFO - Email
report read.
2020-02-18 18:31:25,574 - Mail-Attachment-Fetcher-Collector - INFO - Email
report read.
2020-02-18 18:31:31,816 - Mail-Attachment-Fetcher-Collector - INFO - Email
report read.
Should you need any further information, please do not hesitate to contact
me.
Thanks
Regards,
Vincent M
UG-CERT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20200218/f33eea4d/attachment.html>
More information about the Intelmq-users
mailing list