[Intelmq-dev] handling of time frames
Sebastian Wagner
wagner at cert.at
Mon Aug 14 15:23:49 CEST 2017
I appreciate your comments on this topic. This problem is still unresolved.
On 06/19/2017 02:13 PM, Sebastian Wagner wrote:
>
> Any thoughts on this?
>
>
> On 04/21/2017 03:42 PM, Sebastian Wagner wrote:
>> Dear list,
>>
>> in pull request #944 (netlab 360 enh [0]) by navtej an issue came up
>> which can't be solved trivially:
>>
>> The feed Netlab 360 DGA[1] - which is already included in intelmq -
>> provides a validity time frame for each domain. Most of those (~90%) end
>> in 2030 while the start date is the current day at 00:00.
>> So both start and end time are artificial. And the source claims the
>> event is valid in the future, which is a very odd. And does it actually
>> make sense to forward this kind of information?
>> Also, we can't really handle this time information using the current
>> harmonization.
>>
>> One idea would be to set time.source to time.observation if the
>> time.source is in the future. So time.source <= time.observation does
>> always apply.
>>
>> What do you think?
>>
>> Sebastian
>>
>> [0]: https://github.com/certtools/intelmq/pull/944
>> [1]: http://data.netlab.360.com/feeds/dga/dga.txt - attention, quite
>> big! The domains at the beginning have a very near end date.
>>
>>
>>
>> _______________________________________________
>> Intelmq-dev mailing list
>> Intelmq-dev at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
>
> --
> // Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
--
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170814/cd02e819/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170814/cd02e819/attachment.sig>
More information about the Intelmq-dev
mailing list