[Intelmq-dev] Data Harmonization - Fields with multiple values
Sebastian Wagner
wagner at cert.at
Thu Nov 9 13:37:12 CET 2017
Hi,
On 11/09/2017 05:05 AM, Knight, Alexander wrote:
> > And: what use cases do we have?
>
> My particular use case at the moment is to have lists of IP addresses,
> IP networks and possibly FQDN’s.
>
As far as I know IntelMQ was not intended to be used like that (a design
decision), but to have one singe source and destination per event. I
hope Aaron can give more details on this.
If there are more than one source, the event can be split, so you have
two events, each with one source.
Other formats like IDEA from warden do have this possibility.
Sebastian
--
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20171109/0125f44e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20171109/0125f44e/attachment.sig>
More information about the Intelmq-dev
mailing list