ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
The registry_value object has an attributed **type**. type | Recommended | String | A string representation of the value type. -- | -- | -- | -- See: [registry value...
SentinelOne Distinguishes between different Remote Process Activities. Code Injection & Process Termination are covered by Activity ID 4 (Inject) & 2 (Terminate), however missing Remote Memory Operations (e.g. readLsass, writeToEAT,...
**Problem** The Registry Key Activity doesn`t contain an activity id to represent an event when the registry key is exported into a file **Suggestion** Add 'Export' Activity ID to Registry...
**Problem** The Registry Key Activity doesn`t contain an activity id to represent an event when the registry key is imported to the registry **Suggestion** Add 'Import' Activity ID to Registry...
Moving the K8s object from the AWS extension to the core schema. As discussed here: https://opencybersecu-lz97379.slack.com/archives/C03C2QJRA73/p1664470650464869 Updated dictionary.json with the required attributes.
We should be consistent on what to expect in the sibling string field (Normalized value OR the original value). [More context](https://opencybersecu-lz97379.slack.com/archives/C03KF0TELR0/p1664555060055449) All sibling fields - _id = normalized int enum...
The current description of `product` object nested inside the `file` object doesn't accurately represent its usage (snapshot below). A new and specific description will need to be added at an...
The DNS `opcode` is defined as enum, but it does not use the enum convention. The attribute should be renamed as `opcode_id` and define `opcode: { type: string_t, ...}`, which...
OCSF doesn't have data type representing UUID (or GUID). I would like to propose adding new data type **_uuid_t_** to support a 128-bit globally unique identifier.
Determine whether we need the storage event class or any additional classes within the cloud category or whether the cloud api class suffices.
