How are annotations returned? At present, I cannot figure out how to pull them out via the command line. I think I'd like an option for both search and list that includes the annotations in the output.

Further back of the napkin thinking....

If I add an annotation of "-t case" and use that to tie all malware samples associated with a case together, I'd like to be able to search for all annotations with "case=". The same would apply to IP=, etc.

How about types for annotations?

CIDR = cidr blocks
Date = date
etc

Then you can search for date ranges.

foorep annotate -t compile-date --type date -m 2012-12-11

-David

Yes, annotations are not returned via the cli as of now, but I will add that right now. I think that I will add it with the verbose flag for both list and search.

About filtering search results based in annotation, that is a great idea! I have planned to implement that in the near future, but I will push it up the stack.

I have created 2 seperate issues from this. Closing this and starting implementing the stuff.