forked from ocsf/ocsf-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create
OSINT Inventory Info
Discovery Event (ocsf#1154)
Adds a `OSINT Inventory Info` event to the Discovery category to represent retrieval of OSINT, CTI, and other enrichment data from TIPs, XDRs, and other sources of OSINT/CTI --------- Co-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>
- Loading branch information
Showing
2 changed files
with
25 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"caption": "OSINT Inventory Info", | ||
"description": "OSINT Inventory Info events report open source intelligence or threat intelligence inventory data that is either logged or proactively collected. For example, when collecting OSINT information from Threat Intelligence Platforms (TIPs) or Extended Detection and Response (XDR) platforms, or collecting data from OSINT or other generic threat intelligence and enrichment feeds such as APIs and datastores.", | ||
"extends": "discovery", | ||
"name": "osint_inventory_info", | ||
"uid": 21, | ||
"attributes": { | ||
"actor": { | ||
"description": "The actor describes the process that was the source of the inventory activity. In the case of OSINT inventory data, that could be a particular process or script that is run to scrape the OSINT or threat intelligence data. For example, it could be a Python process that runs to pull data from a MISP or Shodan API.", | ||
"group": "context", | ||
"requirement": "optional" | ||
}, | ||
"osint": { | ||
"group": "primary", | ||
"requirement": "required", | ||
"description": "The OSINT that is being discovered by an inventory process." | ||
} | ||
} | ||
} |