From b5c94d3fbc81dec0d1ef635c8b90e4ea9d8c345b Mon Sep 17 00:00:00 2001 From: Rajas <89877409+floydtree@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:13:26 -0400 Subject: [PATCH] Fixing inconsistencies in the findings classes, other desc corrections (#1150) #### Related Issue: n/a #### Description of changes: 1. Making `resources` available in Vuln Finding and Compliance Finding event classes. 2. Deprecating `resource` attribute. 3. Fixing desc in Data Security Finding event class --------- Signed-off-by: Rajas Panat --- CHANGELOG.md | 2 ++ events/findings/compliance_finding.json | 9 +++++++++ events/findings/data_security_finding.json | 2 +- events/findings/vulnerability_finding.json | 10 ++++++++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e311d6e6..427ca984a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -73,6 +73,7 @@ Thankyou! --> 5. Added `ticket` to `Incident Finding` event class. #1068 6. Added new activities `Enroll`, `Activate`, `Deactivate`, `Suspend`, and `Resume` to the `Entity Management` class. #1095 7. Added new activity `Listen` to `Network Activity` and relax requirement of `src_endpoint`. #1147 + 8. Added `resources` attribute to `Vulnerability Finding` and `Compliance Finding`. #1150 * #### Profiles * #### Objects 1. Added `ext` to `File` object. #1046 @@ -96,6 +97,7 @@ Thankyou! --> 3. Fixed declarations of `data_lifecycle_state_id`, `integrity`, `opcode_id`, `risk_level`, and `analytic.type_id`. #1111 ### Deprecated +1. Deprecated `resource` in `Vulnerability Finding` and `Compliance Finding` event classes in favor of `resources`. #1150 ### Breaking changes diff --git a/events/findings/compliance_finding.json b/events/findings/compliance_finding.json index bf8b6f95f..e46e7602c 100644 --- a/events/findings/compliance_finding.json +++ b/events/findings/compliance_finding.json @@ -15,9 +15,18 @@ "requirement": "recommended" }, "resource": { + "@deprecated": { + "message": "Use the resources attribute instead.", + "since": "1.3.0" + }, "description": "Describes details about the resource that is the subject of the compliance check.", "group": "primary", "requirement": "recommended" + }, + "resources": { + "description": "Describes details about the resource/resouces that are the subject of the compliance check.", + "group": "primary", + "requirement": "recommended" } } } \ No newline at end of file diff --git a/events/findings/data_security_finding.json b/events/findings/data_security_finding.json index e97056758..674a4ea67 100644 --- a/events/findings/data_security_finding.json +++ b/events/findings/data_security_finding.json @@ -52,7 +52,7 @@ }, "resources": { "caption": "Affected Resources", - "description": "Describes details about resources twhere classified or sensitive data is stored in, or was accessed from.", + "description": "Describes details about resources where classified or sensitive data is stored in, or was accessed from.", "group": "context", "requirement": "recommended" }, diff --git a/events/findings/vulnerability_finding.json b/events/findings/vulnerability_finding.json index f4a9c4cb8..cf0af64ae 100644 --- a/events/findings/vulnerability_finding.json +++ b/events/findings/vulnerability_finding.json @@ -6,10 +6,20 @@ "uid": 2, "attributes": { "resource": { + "@deprecated": { + "message": "Use the resources attribute instead.", + "since": "1.3.0" + }, "description": "Describes details about the resource that is affected by the vulnerability/vulnerabilities.", "group": "primary", "requirement": "recommended" }, + "resources": { + "caption": "Affected Resources", + "description": "Describes details about the resource/resources that are affected by the vulnerability/vulnerabilities.", + "group": "primary", + "requirement": "recommended" + }, "vulnerabilities": { "group": "primary", "requirement": "required"