Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add Event family metaschema keywords to Discovery classes #1331

Closed
wants to merge 16 commits into from
Closed

Add Event family metaschema keywords to Discovery classes #1331

wants to merge 16 commits into from

Conversation

pagbabian-splunk
Copy link
Contributor

@pagbabian-splunk pagbabian-splunk commented Jan 31, 2025
edited
Loading

Related Issue: #1261

Description of changes:

Added the family metaschema keyword to the various Discovery classes for future organization of related classes.

Delete once you have confirmed the following:

  1. Did you add a single line summary of changes to Unreleased section in the CHANGELOG.md file?

@pagbabian-splunk
Removed the constraint from group_managenment.
a76f087 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
cbe6ff6
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
d15e704
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
294a294
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
f2b1d72
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
7103620
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main
b197e14
@pagbabian-splunk
Deprecated the email_url_activity and email_file_activity classes in …
5b68b7f 
…favor of an updated email_activity class.

Updated the email object to include domains, files, urls arrays.
Updated the email_activity class to add the message_trace_uid ID.
Updated the email_activity class to use the references[] for the Trace activity_id instead of the description URL.
Updated the email_activity class description to reflect its SMTP protocol and the possible URLs and files attachments.

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Added changed for PR #1259
df7fc18 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
removed the optional tag for email_uid as it was causing the validati…
e69358f 
…on to fail!!

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Relaxed the requirement of 'from' and 'to' to be recommended, and add…
8f2ac70 
…ed an at_least_one constraint on all the to and from attributes. Not all email logs have the 'to' and 'from' but must have at least those or 'smtp_to' and 'smtp_from' in the log.

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Added the constraint and relaxed requirement to the email object.
4e17230 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Added a 'family' meta schema keyword for grouping of classes in a cat…
9b63ed2 
…egory. Updated the Discovery classes with their families of Query, Inventory, State.

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Reverted files from the email_update branch that were incorrectly added.
6932791 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Removed file from branch erroneously included in the commit.
335dd6d 
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk
Merge branch 'main' of https://github.com/ocsf/ocsf-schema into event…
db8667c 
…_famil

Add back changes for the family keywords to conflicting classes for Discoveryy

Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
@pagbabian-splunk pagbabian-splunk added metaschema v1.5.0 Items to be considered for OCSF v1.5.0 labels Jan 31, 2025
@pagbabian-splunk pagbabian-splunk added the enhancement New feature or request label Jan 31, 2025
@pagbabian-splunk pagbabian-splunk deleted the event_family branch February 3, 2025 23:56
@pagbabian-splunk pagbabian-splunk restored the event_family branch February 3, 2025 23:59
@pagbabian-splunk pagbabian-splunk deleted the event_family branch February 4, 2025 00:00
@pagbabian-splunk pagbabian-splunk restored the event_family branch February 4, 2025 00:59
@pagbabian-splunk pagbabian-splunk deleted the event_family branch February 4, 2025 01:00
@pagbabian-splunk pagbabian-splunk restored the event_family branch February 4, 2025 01:23
@pagbabian-splunk pagbabian-splunk deleted the event_family branch February 4, 2025 01:27
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

@jonrau-at-queryai jonrau-at-queryai Awaiting requested review from jonrau-at-queryai jonrau-at-queryai is a code owner

@davemcatcisco davemcatcisco Awaiting requested review from davemcatcisco davemcatcisco is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request metaschema v1.5.0 Items to be considered for OCSF v1.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pagbabian-splunk