mlsecproject / combine

Tool to gather Threat Intelligence indicators from publicly available sources
https://www.mlsecproject.org/
GNU General Public License v3.0
655 stars 171 forks source link

Group enrichments #28

Open krmaxwell opened 10 years ago

krmaxwell commented 10 years ago

From @alexcpsec in #21:

I would separate the enrichments by "groups" (for the lack of a better name) in a config file. And the groups would have a list of the sources that would be harvested by them.

And we start these groups out as "inbound" and "outbound".

If too generic (i.e, too much work for now), it is fine. But I think this would give you a lot of flexibility for further research (like a "CnC" group, a "malware download" group, etc, etc).

Currently we separate by inbound/outbound which is fine for initial release, but can be enhanced.

krmaxwell commented 10 years ago

How important is this for later?

alexcpsec commented 10 years ago

Important-ish for the "greater plan". Also "later" is a very broad word. :P— Sent from Mailbox

On Sat, Aug 2, 2014 at 7:26 PM, Kyle Maxwell notifications@github.com wrote:

How important is this for later?

Reply to this email directly or view it on GitHub:

https://github.com/mlsecproject/combine/issues/28#issuecomment-50980278


This e-mail message and any files transmitted with it contain legally privileged, proprietary information, and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately.

krmaxwell commented 10 years ago

Yus, this one isn't getting a v1.1 milestone unless you think it really needs it.

alexcpsec commented 10 years ago

Let's discuss this after the conferences.— Sent from Mailbox

On Sat, Aug 2, 2014 at 8:50 PM, Kyle Maxwell notifications@github.com wrote:

Yus, this one isn't getting a v1.1 milestone unless you think it really needs it.

Reply to this email directly or view it on GitHub:

https://github.com/mlsecproject/combine/issues/28#issuecomment-50981381


This e-mail message and any files transmitted with it contain legally privileged, proprietary information, and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately.