Closed rshipp closed 5 years ago
Store C2s in a SQLite database, for an easy, no-setup operator that's more convenient to actually use than CSV.
One table per artifact type: domain, hash, ipaddress, url, yarasignature, task.
domain
hash
ipaddress
url
yarasignature
task
Each table's schema can be the same:
artifact
reference_link
reference_text
created_date
datetime('now', 'utc')
state
Closed by #57
rshipp
commented
5 years ago rshipp
commented
5 years ago
Store C2s in a SQLite database, for an easy, no-setup operator that's more convenient to actually use than CSV.
Proposed database layout
One table per artifact type:
domain,hash,ipaddress,url,yarasignature,task.Each table's schema can be the same:
artifact: text primary keyreference_link: textreference_text: textcreated_date: text (filled bydatetime('now', 'utc'))state: text (initially null, for external use only)