#!/usr/bin/perl # add_inc_mail_annotation.pl, distributed as part of Snortsnarf v020516.1 # Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com) # copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/) # Released under GNU General Public License, see the COPYING file included # with the distribution or http://www.silicondefense.com/software/snortsnarf/ # for details. # add_inc_mail_annotation.pl is a Pipeline module to record an annotation # with an incident that someone just sent mail regarding that incident # pipeline args: incident file, incident name, template file # side effect: modifies the incident in the file by adding an annotation # Please send complaints, kudos, and especially improvements and bugfixes to # hoagland@SiliconDefense.com. As described in GNU General Public License, no # warranty is expressed for this program. sub process { require "sisr_utils.pl"; require "inc_xml.pl"; my ($input)= shift; @_ == 3 || (&reporterr("add_inc_mail_annotation.pl takes 3 arguments (inc file,inc name,templ file), but got:".join(' ',@_),0) && return 0); my ($file,$incname,$reporttempl,$fldprefix)= &arg_to_val($input,@_); my $fld; foreach $fld (qw(To Cc Bcc Subject From)) { $hdrs{$fld}= $input->param($fld); } my $tree= &load_XML_tree($file); my $inc= &find_incident_named($tree,$incname); my $note= "Based on template: $reporttempl\nTo: $hdrs{'To'}\n"; $note.= ("Cc: ".$hdrs{'Cc'}."\n") if $hdrs{'Cc'} !~ /^\s*$/; $note.= ("Bcc: ".$hdrs{'Bcc'}."\n") if $hdrs{'Bcc'} !~ /^\s*$/; $note.= "Subject: ".$hdrs{'Subject'}; &add_note_to_incident($inc,$hdrs{'From'},'Mail sent',$note); &save_XML_tree($tree,$file); }; \&process; # $Id: add_inc_mail_annotation.pl,v 1.11 2001/10/18 18:23:25 jim Exp $