[Intelmq-dev] Changes in harmonization implementation
Sebastian Wagner
wagner at cert.at
Thu Jul 28 16:46:55 CEST 2016
Dear contributors and beta-testers,
We recently changed did some changes in the implementation of the
harmonization.
The type MalwareName has been removed, it was just a duplicate of
String. This may break your existing installation if you do not update
your harmonization.conf with upstream. It has been used as type for
malware.name
The type LowercaseString has been introduced, doing a conversion to
lower case chars automatically. Applied to protocol names, emails,
hashes and UUIDs etc.
FQDNs are now lower case only too.
Some restrictive regexes have been made more tolerant (e.g. malware names)
misp_uuid is now misp.event_uuid
misp.attribute_uuid introduced
new iregex-type check available (case-insenstitive regex-check)
allowed values for protocol.transport is a defined list
Also: Currently, both ASCII and IDN-domains are allowed, this will be
changed too (including automatic conversion):
https://github.com/certtools/intelmq/issues/622
When pulling from our upstream-repository, make sure you also update
your harmonization.conf
Related commits:
https://github.com/certtools/intelmq/commit/6624bdda04ca0595799150e97e719a5d6218ebb3
https://github.com/certtools/intelmq/commit/640e1a771acb4ddb9cbd726e51ae9031c3a2a249
https://github.com/certtools/intelmq/commit/fd81f0fd9c86ffa0ac3764adafc74e7903b8720e
https://github.com/certtools/intelmq/commit/7dbed4bc8f9200d06dae2018850341a8eb0acb24
https://github.com/certtools/intelmq/commit/6b8b759293069afc3d9f0f1cdf8e4eaf0b3fa953
https://github.com/certtools/intelmq/commit/d7892bcb59ac54218c5c45630226d4a31f7569a1
https://github.com/certtools/intelmq/commit/6584ab72fa408732c02abc1c934637a57c1f2a4c
https://github.com/certtools/intelmq/commit/a742c034c80249e80d2f280fd0dc8a72236e8a57
Sebastian
--
// Sebastian Wagner <wagner at cert.at> - T: +43 1 50564167201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 843 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20160728/1fb484ba/attachment.sig>
More information about the Intelmq-dev
mailing list