-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
missing info in the harmonization file: hash.md5, hash.sha1, etc. #394
Comments
The next field where we can possibly have multiple values... |
True but multiple values might be OK for JSON (-> array of values) but not so much for a SQL DB. |
Yeah... this is something we are always fighting with... the problem is that we are trying to have a multivalue world while supporting singlevalue formats (like relational tables). One could argue that you could always split into multiple events whenever you are converting to a singlevalue reality but if you have multiple fields with multiple values, how do you pair them together? I think in the future we will have to decide wether we want to support multivalue and disregard a bit of the singlevalue reality or if we want to stick with a singlevalue format. Right now I think most of our sources are using singlevalue formats like CSV, so it isn't a big deal but this is a decision we will have to make sooner rather than later I think. |
IMHO:
|
TBD… I think this is a major discussion involving multiple projects (not just intelmq) |
fixed by #885 |
There is a problem with assuming the implicit declaration of hash functions by prefixing them with$1$ etc . in the events table / data harmonization config file:
However, you only stored the md5 since that is what you received even though the sender sent you both fields (sha1 and md4 - such as the n6 feed). Then you can not ever find the right entry again.
Solution: we unfortunately need to extend the harmonization.conf file:
Include
malware.hash.sha1
malware.hash.md5
malware.hash.sha256
Sorry...
The text was updated successfully, but these errors were encountered: