Add Application Error event class #1289
Labels
application_activity
Issues related to Application Activity Category
enhancement
New feature or request
non_breaking
Non Breaking, backwards compatible changes
Add an Application Error event class with category Application Activity (6).
Question: is "Error" too specific? "Issue" is more general, but doesn't seem to convey the correct idea.
One use is raw event translation errors where the process of translating (mapping) a raw event to OCSF fails such that no normal event can be created.
The kind of error should be captured with
activity_id
:0
- Unknown1
- General error: the application generating OCSF events has experienced an error.2
- Translation error: the application generating OCSF events had encountered an error translating (mapping) a raw event to OCSF. Including the original raw event in theraw_data
field is highly recommended.99
- Other.The
severity_id
values frombase_event
should work fine.The text was updated successfully, but these errors were encountered: