patterns: add various detection patterns #1
Conversation
| - id: google-tracking | ||
| labels: | ||
| - tracking | ||
| - stats |
There was a problem hiding this comment.
We had discussed trying to stick close to Qosmos, or other tools that had already done some labelling. In which case, "stats" would be "analytics". They don't have one for tracking, so I think tracking is good.
| - id: google-ads | ||
| labels: | ||
| - tracking | ||
| - ads |
There was a problem hiding this comment.
Similarily, I wonder if this should be "advertising".
| # Spotify | ||
| - id: spotify | ||
| labels: | ||
| - music |
There was a problem hiding this comment.
Should Spotify be streaming as well?
There was a problem hiding this comment.
wonder if we need a 'streaming' as well as 'video' and 'music' in general?
There was a problem hiding this comment.
Or should we use "streaming-music" and "streaming-video"?
| patterns: | ||
| - feedly.com | ||
|
|
||
| - id: nos |
There was a problem hiding this comment.
Is there a longer ID that can be used? My feeling is that this takes up a short name that could potentially be used for other IDs in the future. Not sure what.
There was a problem hiding this comment.
perhaps a country namespace? e.g. nl/nos or NL-nos or something along those lines. Guess the forward slash might confuse the flowbits that are set.
There was a problem hiding this comment.
Namespace is a good idea. Not sure if a / would be an issue for not. The logger only looks for a prefix of "traffic/id/" then takes the rest as the ID. So "nl/nos" should be logged as:
{
"traffic": {
"id": ["nl/nos"]
}
}
which I think could be a good option.
|
|
||
| - id: rememberthemilk | ||
| labels: | ||
| - todo |
There was a problem hiding this comment.
perhaps here we could have something like 'pim' (personal information management) ?
There was a problem hiding this comment.
Maybe. But again, but this would only apply to a subset as well. Asana for instance is more enterprisey todo/project management. Which remember the milk can do as well, so "personal" is misleading here.
|
|
||
| - id: rememberthemilk | ||
| labels: | ||
| - todo |
There was a problem hiding this comment.
I wonder if this is better labeled task-management or something. There is overlapping functionality with tools like Trello, Asana and Omnifocus, which are way more than "todo" apps, but close enough that I'd like them all labelled together.
Perhaps. But if for some reason I started seeing a bunch of traffic to these Dutch sites, it would be nice to have them labelled. Do you think I should update the generator to output a .rules file per input yaml file? Thats probably the easiest way to make it happen. |
Bunch of additions.
Think it could make sense to start splitting files into a categories early, ideally also making it optional to use certain parts. E.g., I added a Dutch national broadcasting pattern. It's probably not very interesting to ppl outside of the NL.
Needs review about which labels and id's I picked.