Currently Sentinel splits fully qualified DNS names into a Hostname and the Domain part. That makes it diffucult to use thread intelligence feeds in dynamic lists, as they can only match on one field.
I therefore suggest to add 4 more fields to store this information for Source, Target, Observer, and Reporter (e.g. shost, dhost, obshost, rephost) and to have the CM framework populating these with information from *HostName and *HostDomain fields or via IP-to-Hostname resolution.

by: Norbert K. | over a year ago | Integrations