ocsf-docs icon indicating copy to clipboard operation
ocsf-docs copied to clipboard

Published 20 hours ago verified publisher icon ocsf

Define Groups

Open jasonbreimer opened this issue 2 years ago • 1 comments

Add to Docs information on Groups.

In the following example a group is part of the Event Class.

group → For each attribute ensure you add a group value. Valid values are - Classification, Context, Occurrence, Primary

example: "hw_bios_manufacturer": { "description": "The BIOS manufacturer.", "group": "primary", "requirement": "optional" },

jasonbreimer avatar Jul 14 '22 16:07 jasonbreimer

There is a subsection on Attribute Groups in the Attributes section of the White Paper. Please take a look, however it isn't a syntax for specifying groups. It could be added in the appendix under Adding / Modifying Attributes. There is also a separate Readme in Schema where it should be added (effectively the same content was lifted for the WP).

pagbabian-splunk avatar Nov 28 '22 17:11 pagbabian-splunk