Skip to content

Commit

Permalink
Create OSINT Inventory Info Discovery Event (ocsf#1154)
Browse files Browse the repository at this point in the history
Adds a `OSINT Inventory Info` event to the Discovery category to
represent retrieval of OSINT, CTI, and other enrichment data from TIPs,
XDRs, and other sources of OSINT/CTI

---------

Co-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>
  • Loading branch information
2 people authored and srotsinha committed Sep 3, 2024
1 parent c8bde8c commit 9deadc6
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ Thankyou! -->
-->

## [Unreleased]

### Added
* #### Event Classes
1. Added `OSINT Inventory Info` event class to the Discovery category. #1154

## [v1.3.0] - August 1st, 2024

### Added
Expand Down
19 changes: 19 additions & 0 deletions events/discovery/osint_inventory_info.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"caption": "OSINT Inventory Info",
"description": "OSINT Inventory Info events report open source intelligence or threat intelligence inventory data that is either logged or proactively collected. For example, when collecting OSINT information from Threat Intelligence Platforms (TIPs) or Extended Detection and Response (XDR) platforms, or collecting data from OSINT or other generic threat intelligence and enrichment feeds such as APIs and datastores.",
"extends": "discovery",
"name": "osint_inventory_info",
"uid": 21,
"attributes": {
"actor": {
"description": "The actor describes the process that was the source of the inventory activity. In the case of OSINT inventory data, that could be a particular process or script that is run to scrape the OSINT or threat intelligence data. For example, it could be a Python process that runs to pull data from a MISP or Shodan API.",
"group": "context",
"requirement": "optional"
},
"osint": {
"group": "primary",
"requirement": "required",
"description": "The OSINT that is being discovered by an inventory process."
}
}
}

0 comments on commit 9deadc6

Please sign in to comment.