Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Actor description to distinguish from a campaign threat actor #1290

Open
wants to merge 13 commits into
base: main
Choose a base branch
from

Conversation

pagbabian-splunk
Copy link
Contributor

Related Issue: N/A (Slack discussion)

Description of changes:

There was a discussion in Slack that called out some new OCSF users being confused by actor thinking it is a threat actor, i.e. from a campaign. Although actor might be a vehicle for a threat actor, the descriptions in the dictionary and the object add a sentence making the distinction.

@mikeradka mikeradka added enhancement New feature or request grammar_consistency Issues related to the attribute grammar consistency work-stream v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF labels Dec 18, 2024
@mikeradka
Copy link
Contributor

A note here since it came up in discussion, per @jonrau-at-queryai, as far as OSINT is concerned when we get to 1.5.0-dev we will start work on some generic attribution/campaign object.

Also per @pagbabian-splunk , if we update OSINT in 1.5.0-dev, we would want to be explicit (e.g. threat_actor campaign_actor)

@pagbabian-splunk pagbabian-splunk added description_updates Issues related to missing/incorrect/lacking descriptions of attributes and removed enhancement New feature or request grammar_consistency Issues related to the attribute grammar consistency work-stream labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
description_updates Issues related to missing/incorrect/lacking descriptions of attributes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants