Open
Description
Issue ported from old casework github repo (issue 37).
Original author: mike-parkhill
When importing a diverse set of trace objects you need to inspect the members of the PropertyBundle array to determine what the Trace relates to. This can be cumbersome since the logic on the ingesting side is going to be different based on the child types.
For example:
{
"@type": "Trace",
"@id": "https://www.netresec.com/20a91459-8fbb-4b90-a3fb-b4aa7f776a66",
"createdBy": "https://www.netresec.com/1c7484fe-63f1-5af8-b4fb-e2386ab3c4b0",
"createdTime": "2018-02-15T19:01:12.6271184Z",
"propertyBundle": [
{
"@type": "File",
"accessedTime": "2007-12-17T03:32:30.3990520Z",
"extension": "html",
"fileName": "index.html",
"isDirectory": false,
"sizeInBytes": 98500
},
{
"@type": "ContentData",
"dataPayloadReferenceURL": "D:\\NetworkMinerProfessional_2-2\\AssembledFiles\\151.193.224.81\\TCP-80\\index.html",
"hash": [
{
"@type": "Hash",
"hashMethod": "MD5",
"hashValue": "abdb151dfd5775c05b47c0f4ea1cd3d7"
}
],
"sizeInBytes": 98500
}
The above JSON is obviously a File object with metadata and content data. It would be nice to know this without having to iterate the bundle looking to see if it contains a File child. The more types of Trace bundles we support the messier this is going to get. Adding a @bundletype attribute or something would simplify ingestion greatly.
Metadata
Metadata
Assignees
Labels
No labels