External ticket support of ticketing systems like salesforce. (#1067)

Signed-off-by: Pavel Jurka <pavel.jurka@sentinelone.com>
ocsf · May 17, 2024 · 3e8dc0f · 3e8dc0f
1 parent fea283d
commit 3e8dc0f
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -50,6 +50,7 @@ Thankyou! -->
     1. Added `d3fend` `d3f_tactic` `d3f_technique` MITRE objects. #1066 
     2. Added `ja4_fingerprint` object. #834
     3. Added `ja4_fingerprint_list` as a list of `ja4_fingerprint` objects.  #834
+    4. Added `ticket` object. #1068
 * #### Platform Extensions
 
 ### Improved
@@ -64,6 +65,7 @@ Thankyou! -->
     1. Added `ext` to `File` object. #1046
     2. Added `account`, `device`, `email`, `url`, `user` to `evidences` in detection finding. #1000
     3. Added `state_id`, `state` to `Digital Signature` object. #1069
+    4. Added `ticket` to `Incident Finding` object. ticket. #1068
 * #### Platform Extensions
 
 ### Bugfixes

diff --git a/dictionary.json b/dictionary.json
@@ -4060,6 +4060,11 @@
       "description": "The number of minutes that the reported event <code>time</code> is ahead or behind UTC, in the range -1,080 to +1,080.",
       "type": "integer_t"
     },
+    "ticket": {
+      "caption": "Ticket",
+      "description": "The linked ticket in the ticketing system.",
+      "type": "ticket"
+    },
     "title": {
       "caption": "Title",
       "description": "The title of an entity. See specific usage.",

diff --git a/events/findings/incident_finding.json b/events/findings/incident_finding.json
@@ -132,6 +132,10 @@
       "group": "primary",
       "requirement": "required"
     },
+    "ticket": {
+      "group": "context",
+      "requirement": "optional"
+    },
     "is_suspected_breach": {
       "group": "context",
       "requirement": "optional"

diff --git a/objects/ticket.json b/objects/ticket.json
@@ -0,0 +1,50 @@
+{
+  "caption": "Ticket",
+  "name": "ticket",
+  "description": "The Ticket object represents ticket in the customer's systems like Salesforce, jira etc.",
+  "extends": "object",
+  "attributes": {
+    "src_url": {
+      "description": "The url of a ticket in the ticket system.",
+      "requirement": "recommended"
+    },
+    "uid": {
+      "description": "Unique ticket identifier like ticket id.",
+      "requirement": "recommended"
+    },
+    "type": {
+      "caption": "Ticket Type",
+      "description": "The linked ticket type determines whether the ticket is internal or in an external ticketing system.",
+      "requirement": "optional"
+    },
+    "type_id": {
+      "caption": "Ticket Type ID",
+      "description": "The normalized identifier for the ticket type.",
+      "enum": {
+        "0": {
+          "caption": "Unknown"
+        },
+        "1": {
+          "caption": "Internal"
+        },
+        "2": {
+          "caption": "External"
+        },
+        "99": {
+          "caption": "Other"
+        }
+      },
+      "requirement": "optional"
+    },
+    "title": {
+      "description": "The title of the ticket.",
+      "requirement": "optional"
+    }
+  },
+  "constraints": {
+    "at_least_one": [
+      "src_url",
+      "uid"
+    ]
+  }
+}