Observable removal, changelog

CHANGELOG.md

@@ -47,6 +47,7 @@ Thankyou! -->
 * #### Objects
     1. Added `phone_number` to `user` and `ldap_person` objects. #1155
     2. Added `has_mfa` to `user` object. #1155
+    3. Added `parent_process` and `grandparent_process` as standalone objects, distinct from `process`.
 
 ### Misc
 1. Added `user.uid` as an Observable type - `type_id: 31`. #1155

objects/grandparent_process.json

@@ -3,7 +3,6 @@
   "description": "The Grandparent Process object signifies the originating process that indirectly initiates a chain of descendant processes. By tracing back through Parent Processes, the Grandparent Process object helps to map out the broader process tree, establishing a clearer picture of process lineage and inheritance. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Process/'>d3f:Process</a>.",
   "extends": "_entity",
   "name": "grandparent_process",
-  "observable": 25,
   "profiles": [
     "container"
   ],
@@ -15,11 +14,11 @@
       "requirement": "recommended"
     },
     "created_time": {
-      "description": "The time when the process was created/started.",
+      "description": "The time when the grandparent process was created/started.",
       "requirement": "recommended"
     },
     "file": {
-      "description": "The process file object.",
+      "description": "the grandparent process file object.",
       "requirement": "recommended"
     },
     "integrity": {
@@ -35,7 +34,7 @@
       "requirement": "optional"
     },
     "name": {
-      "description": "The friendly name of the process, for example: <code>Notepad++</code>.",
+      "description": "The friendly name of the grandparent process, for example: <code>Notepad++</code>.",
       "type": "process_name_t"
     },
     "pid": {
@@ -49,7 +48,7 @@
       "requirement": "optional"
     },
     "terminated_time": {
-      "description": "The time when the process was terminated.",
+      "description": "The time when the grandparent process was terminated.",
       "requirement": "optional"
     },
     "tid": {

objects/parent_process.json

@@ -3,7 +3,6 @@
   "description": "The Parent Process object represents the process that initiates or spawns a new child process. This object tracks the lineage and origin of child processes, providing visibility into the hierarchical structure of process execution. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Process/'>d3f:Process</a>.",
   "extends": "_entity",
   "name": "parent_process",
-  "observable": 25,
   "profiles": [
     "container"
   ],
@@ -15,11 +14,11 @@
       "requirement": "recommended"
     },
     "created_time": {
-      "description": "The time when the process was created/started.",
+      "description": "The time when the parent process was created/started.",
       "requirement": "recommended"
     },
     "file": {
-      "description": "The process file object.",
+      "description": "the parent process file object.",
       "requirement": "recommended"
     },
     "integrity": {
@@ -35,7 +34,7 @@
       "requirement": "optional"
     },
     "name": {
-      "description": "The friendly name of the process, for example: <code>Notepad++</code>.",
+      "description": "The friendly name of the parent process, for example: <code>Notepad++</code>.",
       "type": "process_name_t"
     },
     "pid": {
@@ -49,7 +48,7 @@
       "requirement": "optional"
     },
     "terminated_time": {
-      "description": "The time when the process was terminated.",
+      "description": "The time when the parent process was terminated.",
       "requirement": "optional"
     },
     "tid": {