Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the Security Control action_id enumeration #1265

Merged
merged 10 commits into from
Nov 25, 2024
Merged

Update the Security Control action_id enumeration #1265

merged 10 commits into from
Nov 25, 2024

Conversation

pagbabian-splunk
Copy link
Contributor

Related Issue: Slack discussion 11/25/2024

Description of changes:

Security Control had been modified to add a required action_id with only two values, Allowed and Denied.
This PR adds Observed and Modified for cases where the control or monitor doesn't explicitly allow or deny but observes and reports or in some cases modified the activity.

Also corrected a previous error in the profile's description and added the standard Other enum that was omitted, possibly on purpose.

@pagbabian-splunk
Removed the constraint from group_managenment.
a76f087 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
cbe6ff6
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
d15e704
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
294a294
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
f2b1d72
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
7103620
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
b197e14
@pagbabian-splunk
Added Observed and Modified to Security Control with additional descr…
d217c2a 
…iption examples. Also corrected the profile description where is_detection was referenced vs. is_alert.

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Added to Improved: profile enum additions.
1b3b0b8 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@floydtree floydtree merged commit c32ca3d into main Nov 25, 2024
3 checks passed
@floydtree floydtree deleted the sec_ctrl_update branch November 25, 2024 20:50
@mlmitch mlmitch mentioned this pull request Nov 25, 2024
Closed
@pagbabian-splunk pagbabian-splunk added enhancement New feature or request non_breaking Non Breaking, backwards compatible changes description_updates Issues related to missing/incorrect/lacking descriptions of attributes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF labels Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davemcatcisco davemcatcisco davemcatcisco approved these changes

@floydtree floydtree floydtree approved these changes

@zschmerber zschmerber zschmerber approved these changes

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@jonrau-at-queryai jonrau-at-queryai Awaiting requested review from jonrau-at-queryai jonrau-at-queryai is a code owner

Assignees
No one assigned
Labels
description_updates Issues related to missing/incorrect/lacking descriptions of attributes enhancement New feature or request non_breaking Non Breaking, backwards compatible changes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pagbabian-splunk @zschmerber @floydtree @davemcatcisco