ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
First release Categories, checked if complete and merged into main: - [ ] System Activity - [ ] Findings - [ ] Audit Activity - [ ] Network Activity -...
First release Objects, checkbox checked when merged into main. - [ ] API Details - [ ] Attack - [ ] Authorization Information - [ ] CVSS Scores - [...
First release Event Classes, checkbox checked if class complete and merged into main - [ ] Account Change Audit - [ ] Application Lifecycle - [ ] Authentication Audit -...
Create a `domain` object which contains information about the domain registrar, creation date, etc. Replace uses of `domain` `string_t` type dictionary attribute with `hostname`. Also, create a domain profile to...
Issue to track requirement for correct versioning for initial release.
The `_id` postfix is received for enum attributes, thus the `dns_id` should be renamed as `dns_uid`, `dns_query_uid`, `dns_packet_uid`, `query_identifier`. Or perhaps use the general purpose `uid` attribute.
Issue to track initial release requirement for no more breaking changes.
Issue to track initial release requirement for documentation.
OCSF is a framework where the base event classes should produce the same outcome for an event regardless of the vendor generating that event. To that end, "supporting" log sources...
Extension documentation is required for the initial OCSF release.