[Intelmq-dev] handling of time frames

[Sebastian Wagner]

Any thoughts on this?


On 04/21/2017 03:42 PM, Sebastian Wagner wrote:
> Dear list,
>
> in pull request #944 (netlab 360 enh [0]) by navtej an issue came up
> which can't be solved trivially:
>
> The feed Netlab 360 DGA[1] - which is already included in intelmq -
> provides a validity time frame for each domain. Most of those (~90%) end
> in 2030 while the start date is the current day at 00:00.
> So both start and end time are artificial. And the source claims the
> event is valid in the future, which is a very odd. And does it actually
> make sense to forward this kind of information?
> Also, we can't really handle this time information using the current
> harmonization.
>
> One idea would be to set time.source to time.observation if the
> time.source is in the future. So time.source <= time.observation does
> always apply.
>
> What do you think?
>
> Sebastian
>
> [0]: https://github.com/certtools/intelmq/pull/944
> [1]: http://data.netlab.360.com/feeds/dga/dga.txt - attention, quite
> big! The domains at the beginning have a very near end date.
>
>
>
> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170619/6225b8a3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170619/6225b8a3/attachment.sig>