MailIncidentStatus
MailIncidentStatus
Author: Manuel Krucker
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Mail a detailed status information of an incident case. The mail is sent to recipients specified by tags prefixed with 'mail='. The responder respects tlp definitions. For tlp:amber mail addresse and for tlp:green mail domains must be pre-defined in the configuration. For tlp:red sending mails is denied. The responser also uses thehive4py to collect information about the status of the tasks of the incidents.
Configuration
| from |
email address from which the mail is send |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| smtp_host |
SMTP server used to send mail |
| Default value if not configured |
localhost |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| smtp_port |
SMTP server port |
| Default value if not configured |
25 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| smtp_user |
SMTP server user |
| Default value if not configured |
user |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| smtp_pwd |
SMTP server password |
| Default value if not configured |
pwd |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| mail_subject_prefix |
Prefix of the mail subject |
| Default value if not configured |
_Incident Case Notification: _ |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| mail_html_style_tag_content |
The css content of the style tag for the HTML mail body. Define table, th, hd, .first, and .second elements. |
| Default value if not configured |
table { border: 1px solid black; border-collapse: collapse; text-align: left; vertical-align: top; th { border: 1px solid black; border-collapse: collapse; text-align: left;} td { border: 1px solid black; border-collapse: collapse; text-align: left;} .first { width: 150px; min-width: 150px; max-width: 150px; background-color: #ffe8d4; } .second { background-color: #d7d9f2;} |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| tlp_amber_mail_addresses |
Mail addresses which are allowed to receive tlp:amber classified incidents |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| tlp_green_mail_domains |
Mail domains which are allowed to receive tlp:green classified incidents |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| thehive_url |
URL pointing to your TheHive installation, e.g. 'http://127.0.0.1:9000' |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| thehive_apikey |
TheHive API key which is used get tasks and other elements of the incident |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |