[Intelmq-users] IntelMQ

L. Aaron Kaplan kaplan at cert.at
Tue Feb 18 18:10:41 CET 2020 

Dear UCC-CERT, dear Vincent,


thanks :)

So, could you please also post the pipeline.conf file?
I have the gut feeling that either the parser is not running (you can see this in the manager) or that it's not connected to the collector.

All the best,
Aaron.


> On 18.02.2020, at 18:03, UCC-CERT <info at ug-cert.ug> wrote:
> 
> Dear Experts,
> We currently have a  mail box which contains only shadow server feeds  attachment files in a zipped form. The IntelMQ is able to read the emails but cannot extract and forward them to the shadow server parser.
> 
> We need your assistance .
> 
> See details below
> 
> Configuration From Runtime.conf
> ------------------------------------------------------------------------------------------------------
> "Mail-Attachment-Fetcher-Collector": {
>         "parameters": {
>             "extract_files": "True",
>             "attach_regex": "[A-Za-z:0-9\\.\\_ \\[\\]\\-]",
>             "folder": "INBOX",
>             "mail_host": "imap.xxxx.xxx",
>             "mail_password": "xxxxxxxxxx",
>             "mail_ssl": true,
>             "mail_user": "johndoe",
>             "name": "Via IMAP",
>             "provider": "ShadowServer",
>             "rate_limit": 86400,
>             "subject_regex": "[A-Za-z:0-9 \\[\\]\\-]"
>         },
>         "name": "Mail Attachment Fetcher",
>         "group": "Collector",
>         "module": "intelmq.bots.collectors.mail.collector_mail_attach",
>         "description": "Monitor IMAP mailboxes and retrieve mail attachments",
>         "enabled": true,
>         "run_mode": "continuous"
> 
> 
> Below are the logs
> tail -n 1000 Mail-Attachment-Fetcher-Collector.log
> 2020-02-18 18:31:12,672 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.
> 2020-02-18 18:31:19,310 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.
> 2020-02-18 18:31:25,574 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.
> 2020-02-18 18:31:31,816 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.
> 
> Should you need any further information, please do not hesitate to contact me.
> 
> Thanks
> 
> Regards,
> 
> Vincent M
> UG-CERT
> 
> --
> Listen-Einstellungen:
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users


--
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20200218/e46b8b32/attachment.sig>

More information about the Intelmq-users mailing list