Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Event family meta schema keyword and Discovery classes #1260

Draft
wants to merge 15 commits into
base: main
Choose a base branch
from
Draft

Add Event family meta schema keyword and Discovery classes #1260

wants to merge 15 commits into from

Commits on Oct 4, 2024

  1. Removed the constraint from group_managenment. 

    Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    a76f087 View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Oct 8, 2024
    Configuration menu
    Copy the full SHA
    cbe6ff6 View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Oct 16, 2024
    Configuration menu
    Copy the full SHA
    d15e704 View commit details
    Browse the repository at this point in the history

Commits on Oct 29, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Oct 29, 2024
    Configuration menu
    Copy the full SHA
    294a294 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    f2b1d72 View commit details
    Browse the repository at this point in the history

Commits on Nov 4, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Nov 4, 2024
    Configuration menu
    Copy the full SHA
    7103620 View commit details
    Browse the repository at this point in the history

Commits on Nov 20, 2024

  1. Merge branch 'main' of https://github.com/ocsf/ocsf-schema into main

    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    b197e14 View commit details
    Browse the repository at this point in the history

  2. Deprecated the email_url_activity and email_file_activity classes in … 

    …favor of an updated email_activity class.

Updated the email object to include domains, files, urls arrays.
Updated the email_activity class to add the message_trace_uid ID.
Updated the email_activity class to use the references[] for the Trace activity_id instead of the description URL.
Updated the email_activity class description to reflect its SMTP protocol and the possible URLs and files attachments.

Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    5b68b7f View commit details
    Browse the repository at this point in the history

  3. Added changed for PR #1259 

    Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    df7fc18 View commit details
    Browse the repository at this point in the history

  4. removed the optional tag for email_uid as it was causing the validati… 

    …on to fail!!

Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    e69358f View commit details
    Browse the repository at this point in the history

  5. Relaxed the requirement of 'from' and 'to' to be recommended, and add… 

    …ed an at_least_one constraint on all the to and from attributes. Not all email logs have the 'to' and 'from' but must have at least those or 'smtp_to' and 'smtp_from' in the log.

Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    8f2ac70 View commit details
    Browse the repository at this point in the history

  6. Added the constraint and relaxed requirement to the email object. 

    Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    4e17230 View commit details
    Browse the repository at this point in the history

  7. Added a 'family' meta schema keyword for grouping of classes in a cat… 

    …egory. Updated the Discovery classes with their families of Query, Inventory, State.

Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 20, 2024
    Configuration menu
    Copy the full SHA
    9b63ed2 View commit details
    Browse the repository at this point in the history

Commits on Nov 21, 2024

  1. Reverted files from the email_update branch that were incorrectly added. 

    Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 21, 2024
    Configuration menu
    Copy the full SHA
    6932791 View commit details
    Browse the repository at this point in the history

  2. Removed file from branch erroneously included in the commit. 

    Signed-off-by: Paul Agbabian <[email protected]>
    @pagbabian-splunk
    pagbabian-splunk committed Nov 21, 2024
    Configuration menu
    Copy the full SHA
    335dd6d View commit details
    Browse the repository at this point in the history