cloudtracer
commented
6 years ago If anyone is using the CouchDB integration please feel free to chime in on any enhancements in this area as it isn't widely used.
Open cloudtracer opened 6 years ago
cloudtracer
commented
6 years ago If anyone is using the CouchDB integration please feel free to chime in on any enhancements in this area as it isn't widely used.
This will be a breaking change for anyone using the CouchDB integration.
Currently there are two (local in browser) pouchdb databases for ThreatPinch:
tpconfig - which stores all the ThreatPinch configuration settings and lookup settings threatpinch - which stores all the API responses and ThreatPinch enrichments as a single JSON doc.
Currently the proposed changes will be to do the following:
tpconfig - Continue to store all settings. threatpinch - Store the high level ThreatPinch breakdowns (basically whats available in the popover and captured enrichments). tphistory - Store indicator and date of lookup tppivots - Store indicator to related indicator mappings in a more sophisticated manner (TBD)
Each "Request Lookup" will then also have its own database to store unmodified API responses.
eg. 'VIRUSTOTALPRIVATEMD5', 'VIRUSTOTALPRIVATESHA1', 'VIRUSTOTALPRIVATESHA2', 'VIRUSTOTALEFQDN' would all have separate DB's to save similarly formatted API responses in the same database.
This should make re-using the API responses less difficult for future integrations since tools that already parse these responses for data should be able to make use of them without modification.