ocsf-schema
ocsf-schema copied to clipboard
ocsf
OCSF Schema
[categories.json](https://github.com/ocsf/ocsf-schema/blob/main/categories.json) appears to be an enumerated list of items, but the items are called "attributes" as if they were properties of an object.: ``` { "caption": "Categories", "name": "category", "description":...
#### Related Issue: #986 #### Description of changes: - Adds `owner` to `device`, `endpoint`, and `network_endpoint`. - Adds a new `agent` object that defines various sensors and agent. - Adds...
#### Related Issue: #### Description of changes: The _query Discovery classes were in the 1.1.0 section, but they were not released with 1.1.0 at which time they were _info classes....
#### Related Issue: * https://github.com/ocsf/ocsf-schema/issues/960 * https://github.com/ocsf/ocsf-schema/issues/964 #### Description of changes: Metaschema changes. * Add class and object attribute observables. * Remove hard-coded list of categories from `metaschema/categories.schema.json`, leaving this...
#### Related Issue: #989 #### Description of changes: - Added `List`, `Encrypt` and `Decrypt` activities to `datastore` event class.
#### Related Issue: #988 #### Description of changes: - Added `threat_intelligence` object. - Added `threat_intelligence` Profile based on `threat_intelligence` object. - Added `signatures` object, an array of `signature` objects. -...
Issue 985: Adding file profile to api activity, web_resources_activity and all network event classes
#### Related Issue: #985 #### Description of changes: - Created file profile - Added `file` profile to `api activity`, `web_resources_activity` and all `network` event classes.
The logs within the network and API category event classes could have enriched file information. Create a file profile and apply to these categories.
Add additional activity ids such as `Enumerate`, `Encrypt` and `Decrypt` to the datastore event class.
**BLUF**: Add a new Profile for `threat_intelligence` that encompasses several existing, and some new, OCSF objects to provide conditional enrichment via cyber threat intelligence, open source intelligence, and/or analyst commentary....