Add evidences to Compliance Finding

When reporting Compliance Finding, we want to specify which File, API or Device caused us to trigger the finding.
ocsf · Aug 27, 2024 · b9cbd27 · b9cbd27
1 parent a656184
commit b9cbd27
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -42,6 +42,7 @@ Thankyou! -->
 ### Added
 * #### Event Classes
     1. Added `OSINT Inventory Info` event class to the Discovery category. #1154
+    2. Added `evidences` to `compliance_finding` class. #1157
 
 ### Improved
 * #### Objects

diff --git a/dictionary.json b/dictionary.json
@@ -1858,7 +1858,7 @@
     },
     "evidences": {
       "caption": "Evidence Artifacts",
-      "description": "Describes various evidence artifacts associated to the activity/activities that triggered a security detection.",
+      "description": "A collection of evidence artifacts associated to the activity/activities that triggered a finding. See specific usage.",
       "type": "evidences",
       "is_array": true
     },

diff --git a/events/findings/compliance_finding.json b/events/findings/compliance_finding.json
@@ -10,6 +10,11 @@
       "group": "primary",
       "requirement": "required"
     },
+    "evidences": {
+      "group": "context",
+      "description": "Describes various evidence artifacts associated with the compliance finding.",
+      "requirement": "optional"
+    },
     "remediation": {
       "group": "context",
       "requirement": "recommended"

diff --git a/events/findings/detection_finding.json b/events/findings/detection_finding.json
@@ -14,6 +14,7 @@
     ],
     "evidences": {
       "group": "primary",
+      "description": "Describes various evidence artifacts associated to the activity/activities that triggered a security detection.",
       "requirement": "recommended"
     },
     "impact": {