ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
This PR does *not* change the OCSF. Instead, it enhances the pull request workflow: * The schema validator version can now be configured with a repository variable, allowing repository owners...
Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662 #### Related Issue: https://github.com/ocsf/ocsf-schema/issues/1090 #### Description...
The [`Job`](https://schema.ocsf.io/1.3.0-dev/objects/job) object is used by `Scheduled Job Activity` and `Job Query`. I'm afraid it is a long way from being able to adequately describe Windows scheduled jobs. The biggest...
Email services provide the capability to configure email forwarding, inbox rules, and more. Such configuration may include complex settings. For example: If an incoming email includes a subject with word...
This extension is about the ability to provide customers structured links to the articles about **compliance standards** and **compliance references**. **definitions:** **_compliance standards_** - established guidelines or criteria that define...
Currently, the `process` object in has a nested `parent_process` object typed as a Process. This creates two issues 1. Modeling "grandparent" processes is a bit unclear and leads to additional...
Jason from Microsoft brought this up as part of the discussion around PR #1076 re: standard state values. If we decide to add Enabled and Disabled as standard (dictionary defined)...
The `URL` object now includes a `domain` attribute in addition to the already present `subdomain` attribute. The examples for `domain` and `subdomain` are correct, but not sufficient to determine how...
We would like to add the fields `tld`, `parent domain`, and `subdomain` to the dns query object so we can use those fields to differentiate between different parts of the...
a person may have multiple user accounts across an organization ( IdP + email + external SaaS accounts, etc ) that the current Actor, User & Account objects are insufficient...
