From a367c43eb9da32c0affa49100b9d5117d4ca8ff6 Mon Sep 17 00:00:00 2001
From: Christos Arvanitis <arvchristos@protonmail.com>
Date: Tue, 5 Mar 2024 11:22:17 +0100
Subject: [PATCH] Disable correlation for IntelMQ time fields

---
 objects/intelmq_event/definition.json  | 2 ++
 objects/intelmq_report/definition.json | 1 +
 2 files changed, 3 insertions(+)

diff --git a/objects/intelmq_event/definition.json b/objects/intelmq_event/definition.json
index 5c7b124..1ec6040 100644
--- a/objects/intelmq_event/definition.json
+++ b/objects/intelmq_event/definition.json
@@ -405,11 +405,13 @@
     },
     "time.observation": {
       "description": "The time the collector of the local instance processed (observed) the event.",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     },
     "time.source": {
       "description": "The time of occurence of the event as reported the feed (source).",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     },
diff --git a/objects/intelmq_report/definition.json b/objects/intelmq_report/definition.json
index bb428ad..8630d2e 100644
--- a/objects/intelmq_report/definition.json
+++ b/objects/intelmq_report/definition.json
@@ -47,6 +47,7 @@
     },
     "time.observation": {
       "description": "The time the collector of the local instance processed (observed) the event.",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     }