[Intelmq-dev] Discussion on intelmq output / transformation architecture
Bernhard Reiter
bernhard at intevation.de
Tue May 24 14:14:32 CEST 2016
Am Mittwoch, 20. April 2016 09:41:06 schrieb Otmar Lendl:
> Thus: on the output side there is not just the question of the
> transformation to cybox/csv/xml/xarf/..., but also the question of
> aggregation: Which set of events should be grouped together?
I am also seeing this challenge.
Another problem with the approach is:
Some formats specify details of the transport level.
For example xarf needs a special mail structure,
e.g. some headers set and mime parts depending
on the existance of some fields.
So it may not be possible to fully separate the "contents" part
from the "transport" part.
One way to solve the design decision is to try to actually
make parts of this work.
Another idea is to just have all mapping functions in one python module,
which then could be imported by parsers, outputs and other bots.
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20160524/14c37917/attachment.sig>
More information about the Intelmq-dev
mailing list