Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add evidences to Compliance Finding #1157

Merged
merged 2 commits into from
Aug 29, 2024
Merged

Add evidences to Compliance Finding #1157

merged 2 commits into from
Aug 29, 2024

Conversation

lukas-krecan
Copy link
Contributor

When reporting Compliance Finding, we want to specify which File, API or Device caused us to trigger the finding. For example, if we have a terraform file which creates an AWS ec2 instance with public 22 port, we want to point to the file where we found the issue.

Description of changes:

  • Add evidences to Compliance Finding

mikeradka
mikeradka requested changes Aug 15, 2024
View reviewed changes
Copy link
Contributor

@mikeradka mikeradka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks straightforward, but can you please make sure to update the CHANGELOG.md? Thanks.

@mikeradka mikeradka added findings Issues related to Findings Category non_breaking Non Breaking, backwards compatible changes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF labels Aug 15, 2024
@lukas-krecan
Copy link
Contributor Author

Sorry, added

@lukas-krecan lukas-krecan requested a review from mikeradka August 16, 2024 06:58
mikeradka
mikeradka requested changes Aug 16, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@mikeradka
Copy link
Contributor

For this one, we should probably change the dictionary definition of evidences from:

  • A collection of evidence artifacts associated to the activity/activities that triggered a security detection . to
  • A collection of evidence artifacts associated to the activity/activities that triggered a finding. See specific usage.

@lukas-krecan lukas-krecan force-pushed the evidence branch 2 times, most recently from e35d89c to 616fc2b Compare August 16, 2024 19:31
@lukas-krecan lukas-krecan requested a review from mikeradka August 16, 2024 19:32
@jonrau-at-queryai
Copy link
Contributor

I feel as if evidences should just be a Profile instead to give flexibility across the entirety of the schema, similar to how OSINT is now - since any type of event could be implicated in a greater detection or case management context.

@lukas-krecan-s1
Add evidences to Compliance Finding
b9cbd27 
When reporting Compliance Finding, we want to specify which File, API or
Device caused us to trigger the finding.
@floydtree
Merge branch 'main' into evidence
a0243c2 
Signed-off-by: Rajas <89877409+floydtree@users.noreply.github.com>
@jonrau-at-queryai jonrau-at-queryai merged commit 2322992 into ocsf:main Aug 29, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonrau-at-queryai jonrau-at-queryai jonrau-at-queryai approved these changes

@mikeradka mikeradka mikeradka approved these changes

@floydtree floydtree floydtree approved these changes

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

Assignees
No one assigned
Labels
findings Issues related to Findings Category non_breaking Non Breaking, backwards compatible changes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lukas-krecan @mikeradka @jonrau-at-queryai @floydtree @lukas-krecan-s1