Navtej Singh
Navtej Singh
shouldn't sieve filter be the answer here?
I would favour rfc1918 approach. Harmonization perhaps should not make decisions about the usefulness of data, it should accept the data as long as it is valid.
To send email notifications you need to configure SMTP server and other items. Similar for rest of the notification facilities. However we already have all these as output bots. Wouldn't...
It is possible to use generic csv parser to handle dataplane feeds. You can use something similar to ``` "default_url_protocol": "http://", "skip_header": false, "delimiter": "|", "columns": "source.asn|__IGNORE__,source.as_name|__IGNORE__,source.ip,time.source,extra.tags" ```
Would it make sense to keep raw as b64 gzipped? It is probably batter than totally removing as of now. Mainly large sized raw is seen from collector to parser.