[Intelmq-dev] IntelMQ Data Harmonization (DHO) - malware.hash key (issue 732)

Tomás Lima synchroack at gmail.com
Thu Jan 5 19:37:09 CET 2017


Dustin, yes, the syntax looks good but how you can apply it to intelmq DHO
or  you're saying to use it in '*malware.hash.other*' key?

>From my point of view we should go for:
*- malware.hash.md5*'
- '*malware.hash.sha1*'
- '*malware.hash.sha256*'
- '*malware.hash.other*' -> using URN syntax

Make sense?

On Thu, Jan 5, 2017 at 9:30 AM, Dustin Demuth <dustin.demuth at intevation.de>
wrote:

> Hi,
>
> Am Montag 02 Januar 2017 14:43:56 schrieb Pavel Kácha:
>
> >    my few cents - in Idea we adopted URN syntax (as hash is basically
> > content based resource identifier, so the hash name can denote the
> > namespace).  Which happens to be the same, just with the colon separator:
> >
> >    sha256:79e18f...
> >
>
> IMHO this syntax is a good idea. Thank you Pavel.
>
> Tomás: Do you need more input?
>
> Ideas so far:
>
> * An additional field for sha256
> * A convention to store the hash in ".other" like "sha256:79e18..."
>
>
>
> BR
> Dustin
>
> --
> dustin.demuth at intevation.de  https://intevation.de/   OpenPGP key:
> B40D2EFF
> Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
> Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
>
>


-- 
 Tomás Lima* ,    * »-«* SYNchroACK *»-«
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170105/50b81651/attachment-0001.html>


More information about the Intelmq-dev mailing list