Whitelisting

Open burdenless opened this issue 9 years ago • 0 comments

Whitelisting

The regexes used are pretty tight, but it is all too often the case that PDF reports and even some threat feeds will have incorrect entries for legitimate domains or IP's, or they will include URL's and domain names for their own infrastructure as part of their marketing.

Need to implement an elegant whitelisting feature that does not bog down performance and will not hinder the gathering of true positive threat information.

Feb 03 '16 15:02 burdenless