Group enrichments #28
Description
From @alexcpsec in #21:
I would separate the enrichments by "groups" (for the lack of a better name) in a config file. And the groups would have a list of the sources that would be harvested by them.
And we start these groups out as "inbound" and "outbound".
If too generic (i.e, too much work for now), it is fine. But I think this would give you a lot of flexibility for further research (like a "CnC" group, a "malware download" group, etc, etc).
Currently we separate by inbound/outbound which is fine for initial release, but can be enhanced.