[Intelmq-dev] IntelMQ Data Harmonization (DHO) - malware.hash key (issue 732)
Tomás Lima
synchroack at gmail.com
Thu Jan 5 19:37:09 CET 2017
Dustin, yes, the syntax looks good but how you can apply it to intelmq DHO
or you're saying to use it in '*malware.hash.other*' key?
>From my point of view we should go for:
*- malware.hash.md5*'
- '*malware.hash.sha1*'
- '*malware.hash.sha256*'
- '*malware.hash.other*' -> using URN syntax
Make sense?
On Thu, Jan 5, 2017 at 9:30 AM, Dustin Demuth <dustin.demuth at intevation.de>
wrote:
> Hi,
>
> Am Montag 02 Januar 2017 14:43:56 schrieb Pavel Kácha:
>
> > my few cents - in Idea we adopted URN syntax (as hash is basically
> > content based resource identifier, so the hash name can denote the
> > namespace). Which happens to be the same, just with the colon separator:
> >
> > sha256:79e18f...
> >
>
> IMHO this syntax is a good idea. Thank you Pavel.
>
> Tomás: Do you need more input?
>
> Ideas so far:
>
> * An additional field for sha256
> * A convention to store the hash in ".other" like "sha256:79e18..."
>
>
>
> BR
> Dustin
>
> --
> dustin.demuth at intevation.de https://intevation.de/ OpenPGP key:
> B40D2EFF
> Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
> Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
>
>
--
Tomás Lima* , * »-«* SYNchroACK *»-«
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170105/50b81651/attachment-0001.html>
More information about the Intelmq-dev
mailing list