Merge branch 'main' of https://github.com/ocsf/ocsf-schema into add_h…

…w_uuid_staging Signed-off-by: Anthony Chan <antchan2@cisco.com>
ocsf · Dec 3, 2024 · ff5e78f · ff5e78f
2 parents 9e69b2d + 19077b1
commit ff5e78f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -132,6 +132,7 @@ Thankyou! -->
     1. Added `hostname`, `ip`, and `name` to `resource_details` for purposes of assigning an Observable number. #1250
     1. Added `values` to `key_value_object`. #1251
     1. Added `kernel_release` to `os` object. #1249
+    1. Added `related_analytics` to `osint` object. #1264
     1. Added `os_machine_uuid` to the `device` object. #1268
     1. Added `uuid` to the `device_hw_info` object. #1268
 
@@ -183,6 +184,7 @@ Thankyou! -->
 1. In the metaschema, added support for `@deprecated` in enum values. #1237
 1. Fixed some more formatting of attribute descriptions in `dictionary.json` and `idp.json`. #1239
 1. Added `resource_details.name` as an Observable type `type_id: 38`. #1250
+1. Added 3 new enums (Registry Value, Registry Key, Command Line) to `osint.type_id` and added TLP:WHITE to `osint.tlp` enums. #1264
 
 ## [v1.3.0] - August 1st, 2024
 

diff --git a/objects/osint.json b/objects/osint.json
@@ -57,6 +57,18 @@
           "caption":"File",
           "description":"A file or metadata about a file."
         },
+        "12":{
+          "caption": "Registry Key",
+          "description": "A Windows Registry Key."
+        },
+        "13": {
+          "caption": "Registry Value",
+          "description": "A Windows Registry Value."
+        },
+        "14": {
+          "caption": "Command Line",
+          "description": "A partial or full Command Line used to invoke scripts or other remote commands."
+        },
         "99":{
           "caption":"Other",
           "description":"The indicator type is not directly listed."
@@ -95,6 +107,10 @@
         "CLEAR":{
           "caption":"TLP:CLEAR",
           "description":"TLP:CLEAR denotes that recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction."
+        },
+        "WHITE":{
+          "caption":"TLP:WHITE",
+          "description":"TLP:WHITE and TLP:CLEAR may be used interchangeably, TLP:WHITE is the most up to date (as of TLP 2.0) usage."
         }
       },
 			"requirement":"recommended",
@@ -176,6 +192,11 @@
       "description":"Any pertinent file information related to an indicator or OSINT analysis.",
       "requirement":"optional"
     },
+    "related_analytics": {
+      "caption": "Related Analytics",
+      "description": "Any analytics related to an indicator or OSINT analysis.",
+      "requirement": "optional"
+    },
     "reputation":{
       "description":"Related reputational analysis from third-party engines and analysts for a given indicator or OSINT analysis.",
       "requirement":"optional"