def parse_line(self, line, report):
domain, data, raw = line
event = self.new_event(report)
event.add('time.source', DateTime.from_epoch_millis(int(data['seen'])))
event.add('classification.type', 'other')
event.add('raw', raw)
if not event.add('source.fqdn', domain, raise_failure=False):
event.add('source.ip', domain)
yield event
def parse_line(self, line, report):
domain, data, raw = line
event = self.new_event(report)
event.add('time.source', DateTime.from_epoch_millis(int(data['seen'])))
event.add('classification.type', 'other')
event.add('raw', raw)
if not event.add('source.fqdn', domain, raise_failure=False):
event.add('source.ip', domain)
yield event
