Hi Mikael,
I'll start by asking what you need. There's two reasons for the information models: being able to find information, and being able to make high-speed, low-resolution decisions from the data. Examples:
I have twelve brands of card reader system and I want to look in the same field to find the friendly name of the protected location.
I want to make a correlation search from accelerated fields that are specific to card readers.
I was trying to make up a card-reader specific correlation search that isn't just replication of an existing correlation search, but I'm not able to think of one. For instance, Brute Force or Impossible Access... tag the data as authentication and you're covered. Privilege escalation, tag the account management stuff...
... View more