ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
We'd like to easily map current signature state. Extending Digital signature by fields: 1. signature_state_id: optional - 0 Unknown - 1 Valid - 2 Expired - 3 Revoked - 9...
The analyst wants to know the patches applied regardless of who reports, or how it got patched currently this data is captured a few places: 6002 (Application Lifecycle) 5004 (Operating...
There are some conventions that are not necessary to build a well-formed schema, but yet are commonplace in OCSF and have considerable utility. We should support linting (convention validation) of...
Add `Enrichments Array` on an OCSF object's level. Enrichments is needed in Evidence Artifact's objects in `Detection findings`. We can add the same `Enrichments Array` as we have on `Detection...
`Detection Finding`'s `Evidence Artifacts` represent collection of Evidences associated to the activity, that's why it should contain all possible objects that can be a part of detections or activity. Now...
I would like to add the `Package` object to the `Product` object and an optional object to use. Product.Package We have logs that contain application architecture and no way to...
# Summary "Patch" extends can modify core schema attributes, potentially causing events generated with an extension to become incompatible with core OCSF schema and other private extensions. # Details A...
Currently, we have 4 status related attributes: `status_id`, `status`, `status_code`, `status_details`. not counting `http_status` which is tied to the spec. `status_details` should have a sibling enum attribute that can be...
We want to ensure that when a attribute includes a non-null `profile` property in a class or object, it is only done when the specified profile in included in the...
Related issue: 996 There have been sightings of a few objects where recursion could take place and in general there are no bounds on recursion. There may be value in...