New Load Balancer object for HTTP Activity 4002

[nathanbvail]

Related Issue: Discussion 846

Description of changes: Updated from Draft PR 861.

• Created a new Load Balancer object that contains specific Load Balancer related information and added that object as an optional attribute in HTTP Activity 4002
• Created a new endpoint_connections object that sits as an attribute inside of the load_balancer object
• Created a new endpoint attribute that is an array of Network Endpoint objects
• Lastly, updated the dictionary with the necessary additions endpoint, endpoint_connections, and load_balancer

[Aniak5]

We may want to reword this to be A numerical response status code providing details about the connection..

[Aniak5]

This is no longer an array. And instead of endpoint we should be using network_endpoint.

[Aniak5]

This should be singular as its no longer an array but a single instance of an endpoint and response code.

[Aniak5]

The type should become singular per the comments on that specific object.

[Aniak5]

This is no longer needed and can be deleted.

[nathanbvail]

Comments from 12/13 meeting:

• Create a LB profile that contains the LB object, this will allow for additional Load Balancer types to utilize the objects across Networking classes (i.e. HTTP Activity & Network Activity classes)
• Remove endpoint from the dictionary & replace endpoint attribute with the existing network_endpoint attribute inside of endpoint_connections.json

[nathanbvail]

@Aniak5 / @pagbabian-splunk - Before I commit changes , are we all in agreement on going forward with a Load Balancer Profile that can be applied to the Networking class (expanding to other classes if needed) ?

If that is the case then I will remove the load_balancer attribute from http.json and transform this PR to just be the object.

[Aniak5]

@Aniak5 / @pagbabian-splunk - Before I commit changes , are we all in agreement on going forward with a Load Balancer Profile that can be applied to the Networking class (expanding to other classes if needed) ?

If that is the case then I will remove the load_balancer attribute from http.json and transform this PR to just be the object.

Yup, that's exactly what we want to do @nathanbvail.

[nathanbvail]

Uploading screenshots of the LB Profile changes -

[nathanbvail]

Per todays OCSF General Call (12/19) - I will be closing out this PR & creating a new PR due to the profile approach instead of an object which resulted in fairly significant changes from the initial draft.