ocsf-schema icon indicating copy to clipboard operation
ocsf-schema copied to clipboard

Published 20 hours ago verified publisher icon ocsf

Missing customer_uid attribute

Open rroupski opened this issue 3 years ago • 1 comments

The customer_uid attribute is missing from the base event. We need it to handle multi-tenant systems such as Splunk on cloud that handles events from multiple customers.

rroupski avatar Aug 16 '22 23:08 rroupski

I believe customer_uid was a metadata attribute rather than a base event attribute.

pagbabian-splunk avatar Aug 17 '22 02:08 pagbabian-splunk

Agreed, it's a better suited field for metadata. We had discussed it here as well.

Alternative is to create implementation specific profiles and add such fields to these profiles. Selecting a profile would overlay such fields for every class.

floydtree avatar Aug 17 '22 14:08 floydtree