Fixing inconsistencies in the findings classes, other desc corrections (

#1150) #### Related Issue: n/a #### Description of changes: 1. Making `resources` available in Vuln Finding and Compliance Finding event classes. 2. Deprecating `resource` attribute. 3. Fixing desc in Data Security Finding event class --------- Signed-off-by: Rajas Panat <[email protected]>
ocsf · Jul 30, 2024 · b5c94d3 · b5c94d3
1 parent 85a36b7
commit b5c94d3
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -73,6 +73,7 @@ Thankyou! -->
     5. Added `ticket` to `Incident Finding` event class. #1068
     6. Added new activities `Enroll`, `Activate`, `Deactivate`, `Suspend`, and `Resume` to the `Entity Management` class. #1095
     7. Added new activity `Listen` to `Network Activity` and relax requirement of `src_endpoint`. #1147
+    8. Added `resources` attribute to `Vulnerability Finding` and `Compliance Finding`. #1150 
 * #### Profiles
 * #### Objects
     1. Added `ext` to `File` object. #1046
@@ -96,6 +97,7 @@ Thankyou! -->
 3. Fixed declarations of `data_lifecycle_state_id`, `integrity`, `opcode_id`, `risk_level`, and `analytic.type_id`. #1111
 
 ### Deprecated
+1. Deprecated `resource` in `Vulnerability Finding` and `Compliance Finding` event classes in favor of `resources`. #1150
 
 ### Breaking changes
 

diff --git a/events/findings/compliance_finding.json b/events/findings/compliance_finding.json
@@ -15,9 +15,18 @@
       "requirement": "recommended"
     },
     "resource": {
+      "@deprecated": {
+        "message": "Use the <code>resources</code> attribute instead.",
+        "since": "1.3.0"
+      },
       "description": "Describes details about the resource that is the subject of the compliance check.",
       "group": "primary",
       "requirement": "recommended"
+    },
+    "resources": {
+        "description": "Describes details about the resource/resouces that are the subject of the compliance check.",
+        "group": "primary",
+        "requirement": "recommended"
     }
   }
 }
diff --git a/events/findings/data_security_finding.json b/events/findings/data_security_finding.json
@@ -52,7 +52,7 @@
       },
       "resources": {
         "caption": "Affected Resources",
-        "description": "Describes details about resources twhere classified or sensitive data is stored in, or was accessed from.",
+        "description": "Describes details about resources where classified or sensitive data is stored in, or was accessed from.",
         "group": "context",
         "requirement": "recommended"
       },

diff --git a/events/findings/vulnerability_finding.json b/events/findings/vulnerability_finding.json
@@ -6,10 +6,20 @@
   "uid": 2,
   "attributes": {
     "resource": {
+      "@deprecated": {
+        "message": "Use the <code>resources</code> attribute instead.",
+        "since": "1.3.0"
+      },
       "description": "Describes details about the resource that is affected by the vulnerability/vulnerabilities.",
       "group": "primary",
       "requirement": "recommended"
     },
+    "resources": {
+        "caption": "Affected Resources",
+        "description": "Describes details about the resource/resources that are affected by the vulnerability/vulnerabilities.",
+        "group": "primary",
+        "requirement": "recommended"
+    },
     "vulnerabilities": {
       "group": "primary",
       "requirement": "required"