[Intelmq-dev] Data Harmonization - Fields with multiple values

Sebastian Wagner wagner at cert.at
Mon Nov 13 11:57:34 CET 2017


There are two related things which are relevant for this discussion:

1) We need UUIDs per event to avoid loops - to be defined what "event"
does mean in this context (https://github.com/certtools/intelmq/issues/901)
2) We need some kind of aggregation
(https://github.com/certtools/intelmq/issues/751) - inside or outside of
intelmq
3) We need some possibility to link between related events, which have
been splitted because of multiple "alternative" values (more IPs per
domain etc) (e.g. https://github.com/certtools/intelmq/issues/543
https://github.com/certtools/intelmq/issues/373)

ad 1) Should the UUID be inherited for alternative values as described
in 3)? IMHO no, but that requires a second UUID
Different tools which are working on data collected with intelmq can
then link these events together using the UUIDs.

Once we can do 3) and have a possibility to save basic lists for e.g.
abuse contacts, then the issue for Alexander is solved too (with an
adapted harmonization).

Sebastian

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20171113/eb41e442/attachment.sig>


More information about the Intelmq-dev mailing list