combine icon indicating copy to clipboard operation
combine copied to clipboard
verified publisher icon mlsecproject

Group enrichments

Open krmaxwell opened this issue 11 years ago • 4 comments

From @alexcpsec in #21:

I would separate the enrichments by "groups" (for the lack of a better name) in a config file. And the groups would have a list of the sources that would be harvested by them.

And we start these groups out as "inbound" and "outbound".

If too generic (i.e, too much work for now), it is fine. But I think this would give you a lot of flexibility for further research (like a "CnC" group, a "malware download" group, etc, etc).

Currently we separate by inbound/outbound which is fine for initial release, but can be enhanced.

krmaxwell avatar Jul 31 '14 16:07 krmaxwell

How important is this for later?

krmaxwell avatar Aug 03 '14 02:08 krmaxwell

Important-ish for the "greater plan". Also "later" is a very broad word. :P— Sent from Mailbox

On Sat, Aug 2, 2014 at 7:26 PM, Kyle Maxwell [email protected] wrote:

How important is this for later?

Reply to this email directly or view it on GitHub:

https://github.com/mlsecproject/combine/issues/28#issuecomment-50980278

This e-mail message and any files transmitted with it contain legally privileged, proprietary information, and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately.

alexcpsec avatar Aug 03 '14 03:08 alexcpsec

Yus, this one isn't getting a v1.1 milestone unless you think it really needs it.

krmaxwell avatar Aug 03 '14 03:08 krmaxwell

Let's discuss this after the conferences.— Sent from Mailbox

On Sat, Aug 2, 2014 at 8:50 PM, Kyle Maxwell [email protected] wrote:

Yus, this one isn't getting a v1.1 milestone unless you think it really needs it.

Reply to this email directly or view it on GitHub:

https://github.com/mlsecproject/combine/issues/28#issuecomment-50981381

This e-mail message and any files transmitted with it contain legally privileged, proprietary information, and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately.

alexcpsec avatar Aug 03 '14 04:08 alexcpsec