Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email issues/feature request #107

Open
ahezza opened this issue Feb 10, 2020 · 3 comments
Open

Email issues/feature request #107

ahezza opened this issue Feb 10, 2020 · 3 comments
Assignees
@Plazmaz
Labels
feature

Comments

@ahezza
Copy link

ahezza commented Feb 10, 2020

I've noticed whenever I get a hit on a Yara Rule with several matches, I get that email several times. For example, if it matches the word "password" 7 times in a body of text, I get that email 7 times. This applies to multiple Yara Rules hitting on the same text too. Is there a way you can limit repeat emails?

Secondly, the second recipient on the SMTP output doesn't seem to be working. There are no emails received by the second recipient I specify in the settings file. Here's the SMTP output section of the settings.json file with the necessary omissions:


    "smtp_output": {
      "enabled": true,
      "module": "pastehunter.outputs.smtp_output",
      "classname": "SMTPOutput",
      "smtp_host": "[omitted]",
      "smtp_port": [omitted],
      "smtp_security": "[omitted]",
      "smtp_user": "[omitted]",
      "smtp_pass": "[omitted]",
      "recipients" : {
        "recipient_1": {
          "address": "[omitted]",
          "rule_list": ["[omitted]", "[omitted]", "[omitted]"],
          "mandatory_rule_list": []
        },
        "recipient_2": {
          "address": "[omitted]",
          "rule_list": [],
          "mandatory_rule_list": ["[omitted]", "[omitted]", "[omitted]"]
        }
      }
    },

Thanks,
@Plazmaz
Copy link
Collaborator

Plazmaz commented Feb 11, 2020

Just to be clear, recipient_2 will require that all 3 omitted rules be present in order to send them an email, while recipient_1 will require any of those rules to be present. Is it possible only one or two of the rules are triggering, causing an email to be sent to recipient_1, but not recipient_2? Also, regarding your comment on multiple emails being sent for the same paste, I will take a look, it seems odd that it would behave in that way, but I don't use our SMTP output much.

@Plazmaz Plazmaz self-assigned this Feb 11, 2020
@ahezza
Copy link
Author

ahezza commented Feb 13, 2020

Ah I see my error with Recipient 2. Thank you for clarifying.

As for the Multiple Emails sent, I'm still getting this issue, particularly with the Github/Gists feed, if that gives you something to focus on.

@Plazmaz
Copy link
Collaborator

Plazmaz commented Feb 15, 2020

This may be better due to some changes on how github handles paste IDs as of 4c5bd57 (released in 1.3.1)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Plazmaz Plazmaz

Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Plazmaz @ahezza