ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
We would like to add the field `length` to the dns query and answer object's so we can use that field to calculating the length of dns queries. ``` query.length...
Windows Resource Activity class (201003) is not aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662 Windows event 4662 is an essential...
Hi, as part of https://schema.ocsf.io/1.2.0/objects/reputation?extensions= (and other versions) there's a required field "base_score" that most of the time is not provided. The most common value i've seen in most product...
I was looking at the data dictionary on https://schema.ocsf.io/1.1.0/dictionary?extensions= and noticed that the tcp_flags are set on the [Network Connection Information](https://schema.ocsf.io/1.1.0/object/graph/network_connection_info?extensions=) object with no directionality specified. My understanding is TCP...
Windows Service activity doesn't cleanly map. May need to add a class to Windows Profile or modify Process Activity [1007]. From OMB M-21-31 (for Windows Logging): - Service Status Changes...
A while back, the `loggers` array was added to the `metadata` object. The purpose was to account for the different logging 'hops' as a log travels through a data pipeline....
As security analytic I would like to Vendor name and type of package of found vulnerability. Vulnerability finding contains affected packages -> there is missing Vendor_name and Type of OS/Application...
`_resource` extends `_entity` which correctly declares `name` and `uid` as `recommended` as they are part of a constraint. However `_resource` downgrades the requirement to `optional` which it should not. This...
OCSF should provide easy way to map external ticket to incident. src_url - required - ink to it uid - required - unified id of ticket in the external system...
The network proxy endpoint contains a reference to itself a network proxy. This in itself is not a bad thing as there could be multiple proxy endpoints tied together however...
