Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace reg_value.type_id with official Microsoft Windows specification #865

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Replace reg_value.type_id with official Microsoft Windows specification #865

wants to merge 1 commit into from

Conversation

alvinnieto
Copy link
Contributor

@alvinnieto alvinnieto commented Nov 21, 2023
edited

Use official Microsoft Windows registry "Type ID" for registry type id enum

Reference: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/25cce700-7fcf-4bb6-a2f3-0f6d08430a55

Reason: Avoid maintaining separate registry Type ID mapping for Microsoft Windows and another for OCSF registry value type ID specification

@alvinnieto
Replace reg_value.type_id with official Microsoft Windows specification
22449c6 
Use official Microsoft Windows Type ID for registry objects

Reference: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/25cce700-7fcf-4bb6-a2f3-0f6d08430a55

Reason: Avoid maintaining separate Type ID mapping for Microsoft Windows and another for OCSF registry value type ID specification

Signed-off-by: alvinnieto <alvin_nieto@trendmicro.com>
@floydtree floydtree added the v2.0 and later Changes marked for v2.0 of OCSF, due to their breaking nature label Dec 5, 2023
@floydtree
Copy link
Contributor

Agreed, no reason to maintain a separate registry. Just note that, this will be a breaking change and we'll need to consider it for v2.0 of the schema.

@floydtree floydtree added enhancement New feature or request breaking Any breaking, non backwards compatible changes system_activity Issues related to System Activity Category labels Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
breaking Any breaking, non backwards compatible changes enhancement New feature or request system_activity Issues related to System Activity Category v2.0 and later Changes marked for v2.0 of OCSF, due to their breaking nature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alvinnieto @floydtree