Updated OSINT object (#1264)

#### Related Issue: #### Description of changes: - Add new `osint.type_id` enums for Registry Key, Registry Value, and Command Line - Added new `tlp` enum for TLP:White which is the same as TLP:Clear - Add `related_analytics` to `osint`
ocsf · Dec 3, 2024 · 19077b1 · 19077b1
1 parent d4fcbb1
commit 19077b1
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -131,6 +131,7 @@ Thankyou! -->
     1. Added `hostname`, `ip`, and `name` to `resource_details` for purposes of assigning an Observable number. #1250
     1. Added `values` to `key_value_object`. #1251
     1. Added `kernel_release` to `os` object. #1249
+    1. Added `related_analytics` to `osint` object. #1264
 
 ### Bugfixes
 1. Added sibling definition to `confidence_id` in dictionary, accurately associating `confidence` as its sibling. #1180
@@ -180,6 +181,7 @@ Thankyou! -->
 1. In the metaschema, added support for `@deprecated` in enum values. #1237
 1. Fixed some more formatting of attribute descriptions in `dictionary.json` and `idp.json`. #1239
 1. Added `resource_details.name` as an Observable type `type_id: 38`. #1250
+1. Added 3 new enums (Registry Value, Registry Key, Command Line) to `osint.type_id` and added TLP:WHITE to `osint.tlp` enums. #1264
 
 ## [v1.3.0] - August 1st, 2024
 

diff --git a/objects/osint.json b/objects/osint.json
@@ -57,6 +57,18 @@
           "caption":"File",
           "description":"A file or metadata about a file."
         },
+        "12":{
+          "caption": "Registry Key",
+          "description": "A Windows Registry Key."
+        },
+        "13": {
+          "caption": "Registry Value",
+          "description": "A Windows Registry Value."
+        },
+        "14": {
+          "caption": "Command Line",
+          "description": "A partial or full Command Line used to invoke scripts or other remote commands."
+        },
         "99":{
           "caption":"Other",
           "description":"The indicator type is not directly listed."
@@ -95,6 +107,10 @@
         "CLEAR":{
           "caption":"TLP:CLEAR",
           "description":"TLP:CLEAR denotes that recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction."
+        },
+        "WHITE":{
+          "caption":"TLP:WHITE",
+          "description":"TLP:WHITE and TLP:CLEAR may be used interchangeably, TLP:WHITE is the most up to date (as of TLP 2.0) usage."
         }
       },
 			"requirement":"recommended",
@@ -176,6 +192,11 @@
       "description":"Any pertinent file information related to an indicator or OSINT analysis.",
       "requirement":"optional"
     },
+    "related_analytics": {
+      "caption": "Related Analytics",
+      "description": "Any analytics related to an indicator or OSINT analysis.",
+      "requirement": "optional"
+    },
     "reputation":{
       "description":"Related reputational analysis from third-party engines and analysts for a given indicator or OSINT analysis.",
       "requirement":"optional"