Skip to content

Commit

Permalink
Merge branch 'main' into main
Browse files Browse the repository at this point in the history 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
  • Loading branch information
@pagbabian-splunk
pagbabian-splunk authored Nov 25, 2024
2 parents c6757b5 + c32ca3d commit 85da295
Show file tree
Hide file tree
Showing 47 changed files with 995 additions and 107 deletions.
26 changes: 25 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ Thankyou! -->
1. Added `Script Activity` event class to the System category. #1159
1. Added `Startup Item Query` event class. #1119
1. Added `Drone Flights Activity` event class to the Unmanned Systems category. #1169
1. Added `Cloud Resources Inventory Info` event class to the Discovery category. #1250
* #### Dictionary Attributes
1. Added `has_mfa` as a `boolean_t`. #1155
1. Added `environment_variables` as an array of `environment_variable` object. #1172
Expand All @@ -68,12 +69,21 @@ Thankyou! -->
1. Added `altitude_ceiling`, `altitude_floor`, `geodetic_altitude`, `aerial_height`, `horizontal_accuracy`, `pressure_altitude`, `radius`, `speed`, `track_direction`, and `vertical_speed` all to support `operating_area` and `unmanned_aerial_system` objects. #1169
1. Added `variable_name` and `variable_value` as `long_string`. #1228
1. Added `imei_list` as an array `string_t`. #1225
1. Added `is_encrypted` as `boolean_t`; `column_name`, `cell_name`, `storage_class`, `key_uid`, `json_path` as `string_t` & `column_number`, `row_number`, `page_number`, `record_index_in_array` as `integer_t`. #1245
1. Added `group_provisioning_enabled`, `scim_group_schema`, `user_provisioning_enabled`, `scim_user_schema`, `scopes`, `idle_timeout`, `login_endpoint`, `logout_endpoint`, and `metadata_url` entries to the dictionary to support the new `scim` and `sso` objects. #1239
1. Added new `11: Basic Authentication` enum value to `auth_protocol_id`. #1239
1. Added `values` as an array of `string_t`. #1251
1. Added `kernel_release` as a `string_t`. #1249
* #### Objects
1. Added `environment_variable` object. #1172
1. Added `advisory` object. #1176
1. Added a generic `key_value_object` object. #1219
1. Added `unmanned_aerial_system` and `unmanned_system_operating_area` objects. #1169
1. Added a `long_string` object. #1228
1. Added `discovery_details`, `encryption_details`, `occurrence_details` objects. #1245
1. Added `scim` object. #1239
1. Added `sso` object. #1239
1. Added `vendor_attributes` object. #1257

### Improved
* #### Event Classes
Expand All @@ -82,10 +92,13 @@ Thankyou! -->
1. Added `risk_details` to `data_security_finding` class. #1178
1. Removed constraint from `group_management` class. #1193
1. Added `Archived|5` as an enum item to `status_id` attribute in Findings classes. #1219
1. Added a `Trace`, `activity_id` to the `Email Activity` class. #1252
1. Added `vendor_attributes` to all `Findings` Category classes. #1257
* #### Profiles
1. Added `is_alert`, `confidence_id`, `confidence`, `confidence_score` attributes to the `security_control` profile. #1178
1. Added `is_alert`, `confidence_id`, `confidence`, `confidence_score` attributes to the `security_control` profile. #1178
1. Added `risk_level_id`, `risk_level`, `risk_score`, `risk_details` attributes to the `security_control` profile. #1178
1. Added `policy` attribute to the `security_control` profile. #1178
1. Added enum values to `action_id` of 'Observed', 'Modified', and 'Unknown'. #1265
* #### Objects
1. Added `phone_number` to `user` and `ldap_person` objects. #1155
1. Added `has_mfa` to `user` object. #1155
Expand All @@ -111,6 +124,13 @@ Thankyou! -->
1. Added `location` to `managed_entity`. #1169
1. Added `imei_list` to the `device` object. #1225
1. Added `tls` and `ja4_fingerprint_list` object to the evidences object. #1244
1. Added `storage_class` & `is_public` as `cloud` profile attributes to `file` object. Also added `is_encrypted`, `encryption_details`, `tags` to the `file` object. #1245
1. Added `discovery_details`, `occurrence_details`, `status` trio, `total`, `uid`, `size`, & `src_url` to the `data_classification` object. #1245
1. `data_bucket` object now inherits `resource_details` instead of `_entity`. Also, added `encryption_details` object to the `data_bucket` object. #1245
1. Added `auth_factors`, `domain`, `fingerprint`, `has_mfa`, `issuer`, `protocol_name`, `scim`, `sso`, `state`, `state_id`, `tenant_uid`, and `uid` to `idp`. #1239
1. Added `hostname`, `ip`, and `name` to `resource_details` for purposes of assigning an Observable number. #1250
1. Added `values` to `key_value_object`. #1251
1. Added `kernel_release` to `os` object. #1249

### Bugfixes
1. Added sibling definition to `confidence_id` in dictionary, accurately associating `confidence` as its sibling. #1180
Expand All @@ -125,6 +145,8 @@ Thankyou! -->
1. Deprecated `tag` in favor of `labels` or `tags` in `image` & `container` object. #1207
1. Deprecated `status_detail` in favor of `status_details` in `compliance object. #1219
1. Deprecated `imei` in favor of `imei_list` in `device` object. #1225
1. Deprecated `data_classification` in favor of `data_classifications` in the `data_classification` profile. #1245
1. Deprecated activity_id `4|Suppressed` in the Data Security Finding event class. This shouldn't have been added when we first created it, as the right place for this info is `status_id`. #1245

### Misc
1. Added `user.uid` as an Observable type - `type_id: 31`. #1155
Expand Down Expand Up @@ -156,6 +178,8 @@ Thankyou! -->
- The `source` and `references` attributes are also supported in when extending or patching event classes and objects.
1. Fixed minor spelling mistakes in attribute descriptions in `dictionary.json`. #1213
1. In the metaschema, added support for `@deprecated` in enum values. #1237
1. Fixed some more formatting of attribute descriptions in `dictionary.json` and `idp.json`. #1239
1. Added `resource_details.name` as an Observable type `type_id: 38`. #1250

## [v1.3.0] - August 1st, 2024

Expand Down
16 changes: 5 additions & 11 deletions NOTICE
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,9 @@
Open Cybersecurity Schema Framework

This project includes the ICD Schema developed by Symantec, a division of Broadcom.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Copyright © OCSF a Series of LF Projects, LLC
For web site terms of use, trademark policy and other project policies please see https://lfprojects.org.

http://www.apache.org/licenses/LICENSE-2.0
This project includes the ICD Schema developed by Symantec, a division of Broadcom.

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Licensed under the Apache 2 license.
Refer to the Apache 2 license in the file LICENSE.
Loading

0 comments on commit 85da295

Please sign in to comment.