Skip to content

MailIncidentStatus#

MailIncidentStatus#

Author: Manuel Krucker
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Mail a detailed status information of an incident case. The mail is sent to recipients specified by tags prefixed with 'mail='. The responder respects tlp definitions. For tlp:amber mail addresse and for tlp:green mail domains must be pre-defined in the configuration. For tlp:red sending mails is denied. The responser also uses thehive4py to collect information about the status of the tasks of the incidents.

Configuration#

from email address from which the mail is send
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
smtp_host SMTP server used to send mail
Default value if not configured localhost
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
smtp_port SMTP server port
Default value if not configured 25
Type of the configuration item number
The configuration item can contain multiple values False
Is required True
smtp_user SMTP server user
Default value if not configured user
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
smtp_pwd SMTP server password
Default value if not configured pwd
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
mail_subject_prefix Prefix of the mail subject
Default value if not configured _Incident Case Notification: _
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
mail_html_style_tag_content The css content of the style tag for the HTML mail body. Define table, th, hd, .first, and .second elements.
Default value if not configured table { border: 1px solid black; border-collapse: collapse; text-align: left; vertical-align: top; th { border: 1px solid black; border-collapse: collapse; text-align: left;} td { border: 1px solid black; border-collapse: collapse; text-align: left;} .first { width: 150px; min-width: 150px; max-width: 150px; background-color: #ffe8d4; } .second { background-color: #d7d9f2;}
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
tlp_amber_mail_addresses Mail addresses which are allowed to receive tlp:amber classified incidents
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False
tlp_green_mail_domains Mail domains which are allowed to receive tlp:green classified incidents
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False
thehive_url URL pointing to your TheHive installation, e.g. 'http://127.0.0.1:9000'
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
thehive_apikey TheHive API key which is used get tasks and other elements of the incident
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True