ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
The Startup Application Query class captures the results of a discovery on target devices. This class was refactored from a previous submission, while incorporating feedback from Paul. #### Description of...
As a mapper, I need to be able to appropriately taxonomize events that come in from Routers, IDS, and IPS devices. The existing `type_id` enum within the Device (Endpoint) object...
#### Related Issue: [1120](https://github.com/ocsf/ocsf-schema/issues/1120) #### Description of changes: Adds three enum type_id values to the Endpoint object: - router - ids - ips Miscellaneous: Updates grammar on the IOT entry....
#### Related Issue: N/A #### Description of changes: Added a new object that encapsulates the `duration_avg_xx` attributes with a `type_id` discriminator and a `just_one` constraint. ### Delete once you have...
#### Related Issue: [#1124](https://github.com/ocsf/ocsf-schema/issues/1124) #### Description of changes: - Added the pre-existing `job` attribute to the `Evidence Artifacts` object. - Adjusted the `at_least_one` constraint in the object to include `job`....
Related Issue: Missing enable/disable state Ids Description of changes: added state id's to Device Config State Change Class. Signed-off-by: Sasha Selin (Cyrebro) ([[email protected]](mailto:[email protected])) Following closed PR #1076 (https://github.com/ocsf/ocsf-schema/pull/1076), Ive created...
This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux. After data analyses the...
Scheduled Task/Job [T1053](https://attack.mitre.org/versions/v15/techniques/T1053/) is a widely-used technique to implement the tactics of Execution, Persistence, and Privilege Escalation. The OCSF schema's [`Scheduled Job Activity`](https://schema.ocsf.io/1.3.0-dev/classes/scheduled_job_activity) event class covers this, with the [`Job`](https://schema.ocsf.io/1.3.0-dev/objects/job)...
In the Authentication class `http_request` is present but there is no place to put http status for `http_response` because it dose not exist in the `Authentication` class. I am also...
#### Related Issue: #1061 _Support linting of enum and sibling conventions_ #### Description of changes: * Adds a `suppress_checks` option to the metaschema to configure turning off certain linting rules...
