ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
Initial release tracking for finalizing list of core objects, classes, and categories.
**Problem:** The current Attack object describes the involved technique (uid [string], name [string]) related to the attack and its associated tactics. As one technique may be associated with multiple tactics,...
In order to promote interoperability, OCSF must define a "schema", not just a "schema framework". The data that goes into logging information must be defined across vendors, not just "captioned"....
**Problem**: In addition to the severity field, some vendors are also sending a "confidence" score to describe the certainty of the severity determined for the incident/event. For example, Vectra sends...
**Problem** Users may want to query for the threat score of the event as given by the ref (original) source. Vectra (AI-driven threat detection and response for hybrid and multi-cloud...
As per https://github.com/ocsf/ocsf-schema/discussions/238 the goal of this PR is to disambiguate the use of the user context in the process object. Based on the feedback on that discussion the field...
**Problem** The Scheduled Job Activity doesn`t contain an activity id to represent an event when the scheduled task is started **Suggestion** Add 'Start' Activity ID to Scheduled Job Activity
The Scan Class currently supports integers representing the number of scanned files/folders/network items but not a reference to the object themselves. For example, the Sha1 & path of a scanned...
The intention of Required attributes within event classes is that the attribute is always present in every instance of the event. To be useful, reasonable default values must be spelled...
Pointer to Discussion #243 as mentioned on 4 Oct call. This is a general Framework/Schema issue that should be resolved before 1.0.