Dear IntelMQ-Devs,
for intelmq-mailgen I've constructed a first xarf writing support with an experimental mapping (see it at https://github.com/Intevation/intelmq-mailgen/issues/2)
I haven't dived into it yet, but it seems like we need a practial mapping between xarf schemas (see https://github.com/certtools/intelmq/issues/522)
So how do we construct such a mapping, so that in the end we can do xarf -> intelmq -> xarf? What intelmq field can be always expect or which only sometimes?
I think you folks with more practical experience, having seen more data, are seminal for this mapping to become good. We (from Intevation) can implement the rules once we understand them well enough. :)
Best, Bernhard