Ania Kacewicz

We are proposing a [general purpose solution](https://github.com/ocsf/ocsf-schema/discussions/310) for all reference attributes to the original data.

This issue has been addressed within [this PR](https://github.com/ocsf/ocsf-schema/pull/323).

@pagbabian-splunk and @Noafr having an array `tactic` object within the `Attack` object seems the most simple to me. The `tactic` object can contain the string name and uid tuple, and...

We are proposing a general purpose solution for all reference attributes to the original data.

We have a `confidence` in the `finding` object as seen [here](https://schema.ocsf.io/objects/finding). This object is referenced within the [security findings event class](https://schema.ocsf.io/classes/security_finding). Does this suffice for your use case @Noafr? Or...

I also feel like we should preempt future JA versions so that we don't have to continue deprecating as new versions come out. What do y'all think of making just...

> If we take the new object route, what is proposed for a `ja4` object looks good, with the removal of `ja4_` from `sections` **as long as we are okay...

We decided to leave the `Cloud Activity` class for now and we moved the virtual machine class to the `System Activity` category. Now we need to determine whether we need...

@floydtree and @paveljos what do y'all think of removing the cloud category and moving the various activities to different categories/classes. `1 Login` activity could go [here](https://schema.ocsf.io/classes/authentication?extensions=) `2 IAM` activity could...

That is my concern too. From an analytics perspective you want to have all the data in one schema, especially when you want to detect users deviating from their historic...