mirror of https://github.com/MISP/misp-rfc
Remove frequency definition as:
1) It is far from clear 2) The algorithm used to create that number must be written 3) Confusion must not happen in an RFCpull/30/head
parent
c49f77fed9
commit
9e98429bcd
|
@ -49,7 +49,7 @@ document are to be interpreted as described in RFC 2119 [@!RFC2119].
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
The SightingDB format is in JSON [@!RFC8259] format and used to query a SightingDB compatible connector. In SightingDB, a Sighting Object is composed of a single JSON object. This object contains the following fields: value, first_seen, last_seen, count, tags, ttl, frequency and manifold.
|
The SightingDB format is in JSON [@!RFC8259] format and used to query a SightingDB compatible connector. In SightingDB, a Sighting Object is composed of a single JSON object. This object contains the following fields: value, first_seen, last_seen, count, tags, ttl and manifold.
|
||||||
|
|
||||||
### Attribute Storage
|
### Attribute Storage
|
||||||
|
|
||||||
|
@ -62,10 +62,15 @@ A Namespace with multiple levels **MUST** be separated with the slash '/' charac
|
||||||
A Namespace starting with the underscore '_' character means it is private and internal to SightingDB. There are all reserved for the engine and **MUST** NOT be used.
|
A Namespace starting with the underscore '_' character means it is private and internal to SightingDB. There are all reserved for the engine and **MUST** NOT be used.
|
||||||
|
|
||||||
Reserved namespaces are:
|
Reserved namespaces are:
|
||||||
|
|
||||||
_expired/<namespace>: Which contains all the attributes that expired, preserving the origin namespace
|
_expired/<namespace>: Which contains all the attributes that expired, preserving the origin namespace
|
||||||
|
|
||||||
_shadow/<namespace>: When a value is searched and does not exists, it is stored there
|
_shadow/<namespace>: When a value is searched and does not exists, it is stored there
|
||||||
|
|
||||||
_stats: Statistics
|
_stats: Statistics
|
||||||
|
|
||||||
_config: Configuration
|
_config: Configuration
|
||||||
|
|
||||||
_all: All the Attributes in one place, used to retrieve the 'manifold' property.
|
_all: All the Attributes in one place, used to retrieve the 'manifold' property.
|
||||||
|
|
||||||
The Attribute Key MUST always be the last part of the Namespace.
|
The Attribute Key MUST always be the last part of the Namespace.
|
||||||
|
@ -73,6 +78,7 @@ The Attribute Key MUST always be the last part of the Namespace.
|
||||||
#### Sample Namespaces
|
#### Sample Namespaces
|
||||||
|
|
||||||
/Organization1/service/ipv4: Store values for ipv4 keys in /Organization1/service
|
/Organization1/service/ipv4: Store values for ipv4 keys in /Organization1/service
|
||||||
|
|
||||||
/everything/domain: Store domains in /everything
|
/everything/domain: Store domains in /everything
|
||||||
|
|
||||||
### Attribute fields
|
### Attribute fields
|
||||||
|
@ -107,10 +113,6 @@ When an Attribute has this field set to 0, it means it is not set to expired. Th
|
||||||
|
|
||||||
When an Attribute has this field set to a number greater than 0, the expiration status is computed only at retrieval time.
|
When an Attribute has this field set to a number greater than 0, the expiration status is computed only at retrieval time.
|
||||||
|
|
||||||
#### frequency
|
|
||||||
|
|
||||||
Frequency is the number of time an Attribute is seen in average per day. As this field can introduced latence, its implementation is **OPTIONAL**.
|
|
||||||
|
|
||||||
#### manifold
|
#### manifold
|
||||||
|
|
||||||
When a given Attribute Value is stored in different namespaces, the manifold field keeps track of them so it returns in how many different places this attributes exists. This is a simple counter.
|
When a given Attribute Value is stored in different namespaces, the manifold field keeps track of them so it returns in how many different places this attributes exists. This is a simple counter.
|
||||||
|
@ -125,7 +127,6 @@ When a given Attribute Value is stored in different namespaces, the manifold fie
|
||||||
"count":578391,
|
"count":578391,
|
||||||
"tags":"",
|
"tags":"",
|
||||||
"ttl":0,
|
"ttl":0,
|
||||||
"frequency":1185,
|
|
||||||
"manifold": 17
|
"manifold": 17
|
||||||
}
|
}
|
||||||
~~~~
|
~~~~
|
||||||
|
|
Loading…
Reference in New Issue