intelmq.bots.outputs.templated_smtp package¶
Submodules¶
intelmq.bots.outputs.templated_smtp.output module¶
Templated SMTP output bot
SPDX-FileCopyrightText: 2021 Linköping University <https://liu.se/> SPDX-License-Identifier: AGPL-3.0-or-later
Sends a MIME Multipart message built from an event and static text using Jinja2 templates.
Templates are in Jinja2 format with the event provided in the variable “event”. E.g.:
mail_to: “{{ event[‘source.abuse_contact’] }}”
See the Jinja2 documentation at https://jinja.palletsprojects.com/ .
As an extension to the Jinja2 environment, the function “from_json” is available for parsing JSON strings into Python structures. This is useful if you want to handle complicated structures in the “output” field of an event. In that case, you would start your template with a line like:
{%- set output = from_json(event[‘output’]) %}
and can then use “output” as a regular Python object in the rest of the template.
Attachments are template strings, especially useful for sending structured data. E.g. to send a JSON document including “malware.name” and all other fields starting with “source.”:
- attachments:
content-type: application/json text: |
- {
“malware”: “{{ event[‘malware.name’] }}”, {%- set comma = joiner(”, “) %} {%- for key in event %}
{%- if key.startswith(‘source.’) %}
- {{ comma() }}”{{ key }}”: “{{ event[key] }}”
{%- endif %}
{%- endfor %}
}
name: report.json
You are responsible for making sure that the text produced by the template is valid according to the content-type.
SMTP authentication is attempted if both “smtp_username” and “smtp_password” are provided.
Parameters:
- attachments: list of objects with structure:
content-type: string, templated, content-type to use. text: string, templated, attachment text. name: string, templated, filename of attachment.
- body: string, optional, default see below, templated, body text.
The default body template prints every field in the event except ‘raw’, in undefined order, one field per line, as “field: value”.
mail_from: string, templated, sender address.
mail_to: string, templated, recipient addresses, comma-separated.
- smtp_host: string, optional, default “localhost”, hostname of SMTP
server.
- smtp_password: string, default null, password (if any) for
authenticated SMTP.
smtp_port: integer, default 25, TCP port to connect to.
- smtp_username: string, default null, username (if any) for
authenticated SMTP.
- tls: boolean, default false, whether to use use SMTPS. If true, also
set smtp_port to the SMTPS port.
- starttls: boolean, default true, whether to use opportunistic STARTTLS
over SMTP.
- subject: string, optional, default “IntelMQ event”, templated, e-mail
subject line.
- verify_cert: boolean, default true, whether to verify the server
certificate in STARTTLS or SMTPS.
- intelmq.bots.outputs.templated_smtp.output.BOT¶
alias of
TemplatedSMTPOutputBot
- class intelmq.bots.outputs.templated_smtp.output.TemplatedSMTPOutputBot(*args, **kwargs)¶
Bases:
OutputBot
- attachments: List[str] = []¶
- body: str = "{%- for field in event %}\n {%- if field != 'raw' %}\n{{ field }}: {{ event[field] }}\n {%- endif %}\n{%- endfor %}\n"¶
- init()¶
- mail_from: str | None = None¶
- mail_to: str | None = None¶
- password: str | None = None¶
- process()¶
- smtp_host: str = 'localhost'¶
- smtp_port: int = 25¶
- ssl: bool = False¶
- starttls: bool = False¶
- subject: str = 'IntelMQ event'¶
- username: str | None = None¶
- verify_cert: bool = True¶