I just published a quick update of my imap2thehive tool. Files attached to an email can now be processed and uploaded as an observable attached to a case. It is possible to specify which MIME types to process via the configuration file. The example below will process PDF & EML files:
[case] files: application/pdf,messages/rfc822
The script is available here.
[The post Imap2TheHive: Support of Attachments has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/02/15/imap2thehive-support-attachments/