Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

USER, LDAP Person extension by useful fields + cloud profile added to support Azure AD #1122

Open
PavelJurka opened this issue Jun 26, 2024 · 1 comment
Open

USER, LDAP Person extension by useful fields + cloud profile added to support Azure AD #1122

PavelJurka opened this issue Jun 26, 2024 · 1 comment
Labels
v1.5.0 Items to be considered for OCSF v1.5.0

Comments

@PavelJurka
Copy link
Contributor

PavelJurka commented Jun 26, 2024
edited
Loading

This issue is about adding a few useful fields to LDAP user, User object and adding a way how to map Azure ID to it.

USER:

  • bad_password_attempts
  • bad_password_time
  • created_time
  • expiration_time
  • last_login_time
  • lock_out_time
  • logon_count
  • logon_hours
  • modified_time,
  • password_last_set_time
  • password_never_expire
  • is_privileged,
  • status
  • status_id

LDAP Person:

  • allowed_to_act_on_behalf_of_other_identity
  • allowed_to_delegate_to
  • department
  • display_name
  • domain
  • employee_type
  • employee_type_id
  • expiration_time
  • force_change_password_next_sign_in
  • force_change_password_next_sign_in_with_mfa
  • parent_dn
  • proxy_addresses
  • last_known_parent
  • member_of"
  • member_of_guid"
  • member_of_transitive"
  • object_category
  • object_class
  • object_guid
  • primary_group_id
  • resultant_pso
  • is_service_account
  • unique_name
  • usn_changed
  • usn_created
  • user_principal_name
  • user_account_control
  • user_password_expiry_computed_time
  • visibility

Active directory profile:

  • is_privileged
  • classification
  • consistency_guid
  • creator_sid
  • email_addr"
  • forest
  • is_deleted
  • object_sid
  • on_premises_distinguished_name
  • on_premises_domain_name
  • on_premises_immutable_id
  • on_premises_last_sync_time
  • on_premises_sam_account_name
  • on_premises_sync_enabled
  • on_premises_user_principal_name
  • is_recycled
  • nt_security_descriptor
  • is_security_group
  • sam_account_type
  • service_principal_name
  • sam_account_name
  • sid_history
  • token_groups
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 26, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
f68aac2 
…port added

- wip - status: User extended
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 27, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
db3d456 
…port added

- wip - status: Ldap person in progress
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 27, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
7b67f41 
…port added

- wip - status: LDAP person added + AD profile
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
f8d9965 
…port added

- wip - status: LDAP person added + AD profile

missing on_premises_distinguished_name
        on_premises_domain_name
        on_premises_immutable_id
        on_premises_last_sync_time
        on_premises_sam_account_name
        on_premises_sync_enabled
        on_premises_user_principal_name
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
b6728f5 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
502c8dc 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
da5bea1 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jul 1, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
670dec1 
…port added

- wip - status: LDAP person added + AD profile

initial shape

PR - expiration_time instead of account_expiry_time
@PavelJurka PavelJurka mentioned this issue Jul 2, 2024
Draft
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
7746948 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
dda87a8 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
437fb84 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
a122a7f 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
05d55d7 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
8eb30c6 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
c920dea
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
792f673
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - PR
11b83a9
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
7de32c8 
…h AD api
@mikeradka
Copy link
Contributor

Could you add some samples of raw data that you are seeking to normalize to OCSF so we can better understand your use case?

PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
ff3336a
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
de95d11
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
a0b1861
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
bc354a3
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
e2b07c6 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
b501629 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
b82c00c 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
1295dac 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
058ec74 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
20478f1
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
8e15535 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
4a06f36 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
0bf2686 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
efab87d
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
583aee4
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - PR
1ca918f
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
a9dc187 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
094b337 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
91cbeb5
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
4a50434
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
e87c472
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
92ecc6f
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pw_expiry_time to be consistent
3a9f241
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
930248a 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
e9cc985 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
2d89251 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
6f5c27e 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
1f3a99b 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
bb6e83b
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
6f3cfe4
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - PR
c6344f6
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
aa58992 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
0f6f32c 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
e660baa
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
58ec283
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
cedd200
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
0527052
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pw_expiry_time to be consistent
3f131d4
@mikeradka mikeradka added v1.5.0 Items to be considered for OCSF v1.5.0 and removed v1.4.0 Changes marked for the upcoming version 1.4.0 labels Jan 16, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
v1.5.0 Items to be considered for OCSF v1.5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PavelJurka @mikeradka