[IntelMQ-users] IEP04: IntelMQ Data Format - Meta-Information
moto kawasaki
moto at kawasaki3.org
Wed Mar 31 11:39:33 CEST 2021
Dear Chris and list,
I agree to Chris that STIX/TAXII is one of the de facto standard in
the exchange of the security information. (or implicit de jure ??? :-p
At the same time I am apt to feel hesitation over the variable format
such as JSON and XML.
This is because I have to provide full text search for such format,
but I often realise fts won't work as expected with the bigger
dataset.
(I am using PostgreSQL and PGroonga, but its index crushes very often.
maybe I should give a try on tsvector/tsquery and pg_bigm.)
On the other hand, I also understand why it is required in the noSQL
age, so I don't have a clear opinion yet.
Hence, I'd raise a very humble objection to introduce multi-value
column and variable format.
Thank you very much.
Best Regards,
--
moto kawasaki <moto at kawasaki3.org> +81-90-2464-8454
More information about the IntelMQ-users
mailing list