Recommendation

[andreavazquez-devo]

https://github.com/intel471/devo-collector-intel471/blob/d4cac7a78c7a53ca69f5725b57952ceb62cefca8/agent/modules/intel471/intel471_girs_puller.py#L60-L66

Lookup fields should come configured from collector_definitions.yaml and be overridable from config.yaml, to easily modify them in the future.

[mhchong]

@andreavazquez-devo Can you elaborate further on this? I feel that placing the lookup fields in the yaml files would add complexity. For example, intel471_indicators_puller.py has logic to use different lookup fields for different types of indicators. Furthermore, we do not want the lookup fields to be modifiable by the user and any modifications will be made by us within the puller's source code.

[andreavazquez-devo]

It is a recommendation, it would be to add the values to the collector_definitions.yaml in case the developer wants to modify them easily. But if they are never going to change you can leave them like that.