ocsf-server icon indicating copy to clipboard operation
ocsf-server copied to clipboard

Published 20 hours ago verified publisher icon ocsf

Parent_process recursion in sample events

Open overly-engineered opened this issue 10 months ago • 1 comments

Related: 996, 1004

The sample api does not seem to obey the schema directive that parent process should only be populated on one level of recursion per event.

I can see the value in sometimes going a few more levels up than normal to prepare consumers that it is a possibility however currently I am seeing 9 levels of parent_process in an account change event.

I've attached the JSON file containing the response from the server. account-change.json

Also related to issue https://github.com/ocsf/ocsf-server/issues/26.

overly-engineered avatar Apr 08 '24 14:04 overly-engineered

Ugh. OK. I haven't poked around with this part of the code yet.

Can you give me a sense of urgency for this problem?

rmouritzen-splunk avatar Apr 10 '24 21:04 rmouritzen-splunk