[Intelmq-dev] nested message representation
L. Aaron Kaplan
kaplan at cert.at
Mon Sep 12 11:00:43 CEST 2016
> On 09 Sep 2016, at 12:55, Sebastian Wagner <wagner at cert.at> wrote:
>
> Hi,
>
> IntelMQ uses dictionaries to represent messages (in python, json etc.).
> We use a flat and unnested structure, which is one of the first design
> goals made in the very beginning of IntelMQ AFAIK.
> E.g. we have field names like "source.ip"
>
> But there's also another possible representation, which is implemented
> in IntelMQ: nested structures. E.g.:
> flat: {"classification.type": "unknown", "source.asn": 456, "source.ip":
> "127.0.0.1"}
> nested: {"classification": {"type": "unknown"}, "source": {"ip":
> "127.0.0.1", "asn": 456}}
>
> The first is used everywhere except:
> The messages to_json and to_dict methods, which use the nested format by
> default. These methods are used in these output bots: file, xmpp,
> restapi, mongodb, intelmqmailer
>
> I think, that this is a wrong default. The default should be something
> which can be directly interpreted by IntelMQ: the flat structure.
I fully agree.
>
> Proposal: make flat default and nested optional (for the function and
> the bots)
>
+1
Why keep the nested optional?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20160912/36b8da2a/attachment.sig>
More information about the Intelmq-dev
mailing list