Project

General

Profile

Feature #6801

Define namespace for enrichment data

Added by Pavel Kácha 7 months ago.

Status:
New
Priority:
Normal
Assignee:
Start date:
11/19/2020
Due date:
% Done:

0%

Estimated time:

Description

While sightings deduced directly from detections fit into Source or Target fields, enrichments found out later in time or by different producers during processing should go into more prominent space. One option is new namespace, akin to "Related" or "Enrich", which would allow to put there various info related to base objects. Example:

[
    {
        IP: 192.0.2.1,
        Hostname: example.com
    },
    {
        IP: 192.0.2.2,
        Latitude: ...,
        Longitude: ...,
        CountryCode: ...
    }
]

Related issues

Related to Mentat - Feature #4231: Implement and make use of cleanup mechanism for "_" namespaces from IDEA messages.ClosedRajmund Hruska07/27/2018

Actions
Blocks Mentat - Feature #6802: Split Mentat specific keys and enrichment keys namespacesNew11/19/2020

Actions
#1

Updated by Pavel Kácha 7 months ago

  • Blocks Feature #6802: Split Mentat specific keys and enrichment keys namespaces added
#2

Updated by Pavel Kácha 7 months ago

  • Related to Feature #4231: Implement and make use of cleanup mechanism for "_" namespaces from IDEA messages. added

Also available in: Atom PDF