[IntelMQ-users] [IntelMQ] Question about harmonization.conf

[Jonathan SCOUPREMAN]

Hi Mika, Sebastian,

As always, it is a pleasure to hear from you!

Thank you for both your answers, they are very helpful. 😊

Have a nice evening/weekend,
Jonathan

--
Jonathan SCOUPREMAN | jscoupreman at excellium-services.lu<mailto:jscoupreman at excellium-services.lu> | PGP Key ID: 0xAD971C07<http://pgp.circl.lu/pks/lookup?op=vindex&fingerprint=on&search=0x6802c48ead971c07>
CERT-XLM | cert at excellium-services.com<mailto:cert at excellium-services.com> | PGP Key ID: 0xD74E5AC0<http://pgp.circl.lu/pks/lookup?op=vindex&fingerprint=on&search=0x67B311E5D74E5AC0>
CERT-XLM Incident Handler @ excellium-services.com<https://excellium-services.com/>
Excellium Services S.A. | 5 rue Goell L-5326 Contern
Mobile: +352 691 982 790
Emergency: +352 262 039 64 708 | emergency at excellium-services.com<mailto:emergency at excellium-services.com> | PGP Key ID: 0x42662EFE<https://excellium-services.com/assets/EMERGENCY_PKEY.asc>

From: IntelMQ-users <intelmq-users-bounces at lists.cert.at> On Behalf Of Sebix
Sent: vendredi 17 décembre 2021 16:19
To: intelmq-users <intelmq-users at lists.cert.at>
Subject: Re: [IntelMQ-users] [IntelMQ] Question about harmonization.conf

You don't often get email from sebix at sebix.at<mailto:sebix at sebix.at>. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification>

Dear Jonathan, dear Mika,

On 12/17/21 1:12 PM, Jonathan SCOUPREMAN via IntelMQ-users wrote:
> Could you please tell me the difference? Unfortunately, I was not able to find hints in the current documentation.

Yeah, that part is missing in the docs, it was only part of (my) presentations/workshops. Needless to say: PRs for the Docs and other contributions are always welcome :)

> Also, as I see «report», does that mean IntelMQ has a reporting capability ? As far as I know IntelMQ doesn’t provide a reporting capability, hence my doubt. 😊

Depends very much on your understand of reporting.
On 12/17/21 3:17 PM, Mika Silander wrote:
 I'll stop here in the hope the above helps. More seasoned developers may continue from hereon (and correct me along the way if necessary).

Excellent answer, haven't found anything to correct ;)

Small additions for context:

The report contains just raw data fetched from the source, plus some metadata of the collection process which may be needed or useful afterwards.

In IntelMQ 3.0 we have renamed the "Data Harmonization Ontology" to "IntelMQ/Internal Data Format" (IDF). The choice to name the data format "Harmonization" comes from the fact that, in the beginnings of IntelMQ back in 2015, Thomas Lima harmonized different format that were out there, most importantly AbuseHelper and ElasticSearch's ECS. The file name harmonization.conf is just a leftover from the recent renaming, which we intentionally left as is to minimize the migration burden and wait for other potential refactorings in this area (e.g. moving the file elsewhere, changing the format, completely obsolete it, ... whatever).

Sebastian

This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20211217/a3f29102/attachment.htm>