ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
As the title states, the `euid` and `egid` fields are only enabled on the `process` object by selecting the Linux extension with the linux_users profile.
In both the 1.5.0 release assets (download links are at the bottom of the [1.5.0 release page](https://github.com/ocsf/ocsf-schema/releases/tag/1.5.0)), the schema and extension versions, which are set in the files `version.json`, `extensions/linux/extension.json`,...
## Observed Behavior As a newcomer to the project, I was reading https://github.com/ocsf/ocsf-schema/blob/main/extensions.md?plain=1#L19 and expected to find a directory named `macos` in https://github.com/ocsf/ocsf-schema/tree/main/extensions but I did not. ## Expected Behavior...
The OCSF [Device](https://schema.ocsf.io/1.4.0/objects/device) object contains a Unique ID field (`uid`) to store a unique device identifier. However, that field lacks specific guidance so its usage today is not standardized. This...
Enums and enum siblings are hard to work with... and a bit weird. Consider leaning in to enums completely, avoiding text siblings, OR use strings, perhaps with a set of...
#### Related Issue: #1261 #### Description of changes: Added a new meta schema keyword called `family` which like the `group` keyword does with attributes, can tag related event classes. This...
The version jump from 1.3.0 renamed `event_log` to `event_log_actvity` and introduced a typo in the class name.
We only have a few objects that do this but if we cab remove the self referencing objects that would be great
The 1.x schema hierarchy is not perfect, and it can be argued that any object-oriented style inheritance tree could never model reality well. Instead, consider organizing the schema with composition,...