fix: add missing data_component_name to log source permutations array

clemiller · clemiller · commit 0a5d5470905b · 2025-08-28T11:34:41.000-04:00
diff --git a/docs/SPEC.md b/docs/SPEC.md
@@ -445,6 +445,7 @@ The `log_source_permutation` object defines platform-specific collection configu
 | --------- | ------ | -------------------------------------------------------------------- |
 | `name`    | string | Log source identifier (e.g., "sysmon", "auditd")                     |
 | `channel` | string | Specific log channel or event type (e.g., "1" for Sysmon Process Creation) |
+| `data_component_name` | string | Name of the specific data component. |
 
 **Example:** A single log source for 'Process Creation' might contain permutations for:
 - Windows: (name: "sysmon", channel: "1")
diff --git a/examples/sdo/log-source.example.ts b/examples/sdo/log-source.example.ts
@@ -29,11 +29,13 @@ const validLogSource = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "sysmon",
-			"channel": "EventCode=10"
+			"channel": "EventCode=10",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "auditd:SYSCALL",
-			"channel": "ptrace"
+			"channel": "ptrace",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -83,15 +85,18 @@ const validLogSourceMultiplePermutations = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "Security",
-			"channel": "Security"
+			"channel": "Security",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "System",
-			"channel": "System"
+			"channel": "System",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "Application",
-			"channel": "Application"
+			"channel": "Application",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -190,11 +195,13 @@ const invalidLogSourceDuplicatePermutations = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "Security",
-			"channel": "Security"
+			"channel": "Security",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "Security",
-			"channel": "Security"
+			"channel": "Security",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -227,15 +234,18 @@ const validLogSourceSameNameDifferentChannels = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "Sysmon",
-			"channel": "EventCode=1"
+			"channel": "EventCode=1",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "Sysmon",
-			"channel": "EventCode=3"
+			"channel": "EventCode=3",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "Sysmon",
-			"channel": "EventCode=10"
+			"channel": "EventCode=10",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -251,7 +261,8 @@ const invalidLogSourceEmptyPermutationName = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "",
-			"channel": "Security"
+			"channel": "Security",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -275,7 +286,8 @@ const invalidLogSourceEmptyPermutationChannel = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "Security",
-			"channel": ""
+			"channel": "",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -319,11 +331,13 @@ const validMobileLogSource = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "logcat",
-			"channel": "system"
+			"channel": "system",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "logcat",
-			"channel": "main"
+			"channel": "main",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -359,15 +373,18 @@ const validMultiDomainLogSource = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "pcap",
-			"channel": "network"
+			"channel": "network",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "netflow",
-			"channel": "flow"
+			"channel": "flow",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "firewall",
-			"channel": "traffic"
+			"channel": "traffic",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -424,11 +441,13 @@ const validLogSourceSpecialChars = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "Security/Application-Logs_2024",
-			"channel": "Microsoft-Windows-Security-Auditing/Operational"
+			"channel": "Microsoft-Windows-Security-Auditing/Operational",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "EventLog:Security",
-			"channel": "EventID=4624"
+			"channel": "EventID=4624",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
@@ -502,19 +521,23 @@ const validLogSourceComplexPermutations = {
 	"x_mitre_log_source_permutations": [
 		{
 			"name": "sysmon:1",
-			"channel": "process_creation"
+			"channel": "process_creation",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "auditd:SYSCALL",
-			"channel": "execve"
+			"channel": "execve",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "powershell:4104",
-			"channel": "script_block"
+			"channel": "script_block",
+			"data_component_name": "Process Creation"
 		},
 		{
 			"name": "wmi:19",
-			"channel": "wmi_event"
+			"channel": "wmi_event",
+			"data_component_name": "Process Creation"
 		}
 	]
 };
diff --git a/src/generator/index.ts b/src/generator/index.ts
@@ -214,6 +214,7 @@ const minimalLogSource = {
     {
       name: 'Security',
       channel: 'Security',
+      data_component_name: 'Security',
     },
   ],
 };
diff --git a/src/schemas/sdo/log-source.schema.ts b/src/schemas/sdo/log-source.schema.ts
@@ -20,6 +20,7 @@ export const xMitreLogSourcePermutationsSchema = z
     z.object({
       name: z.string().nonempty(),
       channel: z.string().nonempty(),
+      data_component_name: z.string().nonempty(),
     }),
   )
   .nonempty()
diff --git a/test/objects/log-source.test.ts b/test/objects/log-source.test.ts
@@ -1,9 +1,7 @@
 import { v4 as uuidv4 } from 'uuid';
 import { describe, expect, it } from 'vitest';
 import { createSyntheticStixObject } from '../../src/generator';
-import {
-    type ExternalReferences
-} from '../../src/schemas/common/index';
+import { type ExternalReferences } from '../../src/schemas/common/index';
 import { type LogSource, logSourceSchema } from '../../src/schemas/sdo/log-source.schema';
 
 describe('logSourceSchema', () => {
@@ -22,10 +20,12 @@ describe('logSourceSchema', () => {
           {
             name: 'Security',
             channel: 'Security',
+            data_component_name: 'Process Creation',
           },
           {
             name: 'System',
             channel: 'System',
+            data_component_name: 'Process Creation',
           },
         ],
       };
@@ -39,14 +39,17 @@ describe('logSourceSchema', () => {
           {
             name: 'Application',
             channel: 'Application',
+            data_component_name: 'Process Creation',
           },
           {
             name: 'Security',
             channel: 'Security',
+            data_component_name: 'Process Creation',
           },
           {
             name: 'System',
             channel: 'System',
+            data_component_name: 'Process Creation',
           },
         ],
       };
@@ -109,31 +112,55 @@ describe('logSourceSchema', () => {
       it('should reject permutations with empty name', () => {
         const invalidObject = {
           ...minimalLogSource,
-          x_mitre_log_source_permutations: [{ name: '', channel: 'Security' }],
+          x_mitre_log_source_permutations: [
+            { name: '', channel: 'Security', data_component_name: 'Security' },
+          ],
         };
         expect(() => logSourceSchema.parse(invalidObject)).toThrow();
       });
 
       it('should reject permutations with empty channel', () => {
         const invalidObject = {
           ...minimalLogSource,
-          x_mitre_log_source_permutations: [{ name: 'Security', channel: '' }],
+          x_mitre_log_source_permutations: [
+            { name: 'Security', channel: '', data_component_name: 'Security' },
+          ],
+        };
+        expect(() => logSourceSchema.parse(invalidObject)).toThrow();
+      });
+
+      it('should reject permutations with empty data component name', () => {
+        const invalidObject = {
+          ...minimalLogSource,
+          x_mitre_log_source_permutations: [
+            { name: 'Security', channel: 'Security', data_component_name: '' },
+          ],
         };
         expect(() => logSourceSchema.parse(invalidObject)).toThrow();
       });
 
       it('should reject permutations missing name', () => {
         const invalidObject = {
           ...minimalLogSource,
-          x_mitre_log_source_permutations: [{ channel: 'Security' }],
+          x_mitre_log_source_permutations: [
+            { channel: 'Security', data_component_name: 'Security' },
+          ],
         };
         expect(() => logSourceSchema.parse(invalidObject)).toThrow();
       });
 
       it('should reject permutations missing channel', () => {
         const invalidObject = {
           ...minimalLogSource,
-          x_mitre_log_source_permutations: [{ name: 'Security' }],
+          x_mitre_log_source_permutations: [{ name: 'Security', data_component_name: 'Security' }],
+        };
+        expect(() => logSourceSchema.parse(invalidObject)).toThrow();
+      });
+
+      it('should reject permutations missing data component name', () => {
+        const invalidObject = {
+          ...minimalLogSource,
+          x_mitre_log_source_permutations: [{ name: 'Security', channel: 'Security' }],
         };
         expect(() => logSourceSchema.parse(invalidObject)).toThrow();
       });
@@ -211,10 +238,12 @@ describe('logSourceSchema', () => {
           {
             name: 'Security',
             channel: 'Security',
+            data_component_name: 'Security',
           },
           {
             name: 'Security',
             channel: 'Security',
+            data_component_name: 'Security',
           },
         ],
       };
@@ -230,10 +259,12 @@ describe('logSourceSchema', () => {
           {
             name: 'Security',
             channel: 'Security',
+            data_component_name: 'Security',
           },
           {
             name: 'Security',
             channel: 'Application',
+            data_component_name: 'Security',
           },
         ],
       };
@@ -247,24 +278,27 @@ describe('logSourceSchema', () => {
           {
             name: 'Security',
             channel: 'EventLog',
+            data_component_name: 'Security',
           },
           {
             name: 'Application',
             channel: 'EventLog',
+            data_component_name: 'Security',
           },
         ],
       };
       expect(() => logSourceSchema.parse(logSourceWithSameChannel)).not.toThrow();
     });
 
-    it('should handle very long permutation names and channels', () => {
+    it('should handle very long permutation names, channels, and data component names', () => {
       const longString = 'A'.repeat(1000);
       const logSourceWithLongStrings: LogSource = {
         ...minimalLogSource,
         x_mitre_log_source_permutations: [
           {
             name: longString,
             channel: longString,
+            data_component_name: longString,
           },
         ],
       };
@@ -278,6 +312,7 @@ describe('logSourceSchema', () => {
           {
             name: 'Security/Application-Logs_2024',
             channel: 'Microsoft-Windows-Security-Auditing/Operational',
+            data_component_name: 'Security',
           },
         ],
       };

Original file line number	Diff line number	Diff line change
`@@ -29,11 +29,13 @@ const validLogSource = {`
`29`	`29`	`"x_mitre_log_source_permutations": [`
`30`	`30`	`{`
`31`	`31`	`"name": "sysmon",`
`32`		`- "channel": "EventCode=10"`
	`32`	`+ "channel": "EventCode=10",`
	`33`	`+ "data_component_name": "Process Creation"`
`33`	`34`	`},`
`34`	`35`	`{`
`35`	`36`	`"name": "auditd:SYSCALL",`
`36`		`- "channel": "ptrace"`
	`37`	`+ "channel": "ptrace",`
	`38`	`+ "data_component_name": "Process Creation"`
`37`	`39`	`}`
`38`	`40`	`]`
`39`	`41`	`};`
`@@ -83,15 +85,18 @@ const validLogSourceMultiplePermutations = {`
`83`	`85`	`"x_mitre_log_source_permutations": [`
`84`	`86`	`{`
`85`	`87`	`"name": "Security",`
`86`		`- "channel": "Security"`
	`88`	`+ "channel": "Security",`
	`89`	`+ "data_component_name": "Process Creation"`
`87`	`90`	`},`
`88`	`91`	`{`
`89`	`92`	`"name": "System",`
`90`		`- "channel": "System"`
	`93`	`+ "channel": "System",`
	`94`	`+ "data_component_name": "Process Creation"`
`91`	`95`	`},`
`92`	`96`	`{`
`93`	`97`	`"name": "Application",`
`94`		`- "channel": "Application"`
	`98`	`+ "channel": "Application",`
	`99`	`+ "data_component_name": "Process Creation"`
`95`	`100`	`}`
`96`	`101`	`]`
`97`	`102`	`};`
`@@ -190,11 +195,13 @@ const invalidLogSourceDuplicatePermutations = {`
`190`	`195`	`"x_mitre_log_source_permutations": [`
`191`	`196`	`{`
`192`	`197`	`"name": "Security",`
`193`		`- "channel": "Security"`
	`198`	`+ "channel": "Security",`
	`199`	`+ "data_component_name": "Process Creation"`
`194`	`200`	`},`
`195`	`201`	`{`
`196`	`202`	`"name": "Security",`
`197`		`- "channel": "Security"`
	`203`	`+ "channel": "Security",`
	`204`	`+ "data_component_name": "Process Creation"`
`198`	`205`	`}`
`199`	`206`	`]`
`200`	`207`	`};`
`@@ -227,15 +234,18 @@ const validLogSourceSameNameDifferentChannels = {`
`227`	`234`	`"x_mitre_log_source_permutations": [`
`228`	`235`	`{`
`229`	`236`	`"name": "Sysmon",`
`230`		`- "channel": "EventCode=1"`
	`237`	`+ "channel": "EventCode=1",`
	`238`	`+ "data_component_name": "Process Creation"`
`231`	`239`	`},`
`232`	`240`	`{`
`233`	`241`	`"name": "Sysmon",`
`234`		`- "channel": "EventCode=3"`
	`242`	`+ "channel": "EventCode=3",`
	`243`	`+ "data_component_name": "Process Creation"`
`235`	`244`	`},`
`236`	`245`	`{`
`237`	`246`	`"name": "Sysmon",`
`238`		`- "channel": "EventCode=10"`
	`247`	`+ "channel": "EventCode=10",`
	`248`	`+ "data_component_name": "Process Creation"`
`239`	`249`	`}`
`240`	`250`	`]`
`241`	`251`	`};`
`@@ -251,7 +261,8 @@ const invalidLogSourceEmptyPermutationName = {`
`251`	`261`	`"x_mitre_log_source_permutations": [`
`252`	`262`	`{`
`253`	`263`	`"name": "",`
`254`		`- "channel": "Security"`
	`264`	`+ "channel": "Security",`
	`265`	`+ "data_component_name": "Process Creation"`
`255`	`266`	`}`
`256`	`267`	`]`
`257`	`268`	`};`
`@@ -275,7 +286,8 @@ const invalidLogSourceEmptyPermutationChannel = {`
`275`	`286`	`"x_mitre_log_source_permutations": [`
`276`	`287`	`{`
`277`	`288`	`"name": "Security",`
`278`		`- "channel": ""`
	`289`	`+ "channel": "",`
	`290`	`+ "data_component_name": "Process Creation"`
`279`	`291`	`}`
`280`	`292`	`]`
`281`	`293`	`};`
`@@ -319,11 +331,13 @@ const validMobileLogSource = {`
`319`	`331`	`"x_mitre_log_source_permutations": [`
`320`	`332`	`{`
`321`	`333`	`"name": "logcat",`
`322`		`- "channel": "system"`
	`334`	`+ "channel": "system",`
	`335`	`+ "data_component_name": "Process Creation"`
`323`	`336`	`},`
`324`	`337`	`{`
`325`	`338`	`"name": "logcat",`
`326`		`- "channel": "main"`
	`339`	`+ "channel": "main",`
	`340`	`+ "data_component_name": "Process Creation"`
`327`	`341`	`}`
`328`	`342`	`]`
`329`	`343`	`};`
`@@ -359,15 +373,18 @@ const validMultiDomainLogSource = {`
`359`	`373`	`"x_mitre_log_source_permutations": [`
`360`	`374`	`{`
`361`	`375`	`"name": "pcap",`
`362`		`- "channel": "network"`
	`376`	`+ "channel": "network",`
	`377`	`+ "data_component_name": "Process Creation"`
`363`	`378`	`},`
`364`	`379`	`{`
`365`	`380`	`"name": "netflow",`
`366`		`- "channel": "flow"`
	`381`	`+ "channel": "flow",`
	`382`	`+ "data_component_name": "Process Creation"`
`367`	`383`	`},`
`368`	`384`	`{`
`369`	`385`	`"name": "firewall",`
`370`		`- "channel": "traffic"`
	`386`	`+ "channel": "traffic",`
	`387`	`+ "data_component_name": "Process Creation"`
`371`	`388`	`}`
`372`	`389`	`]`
`373`	`390`	`};`
`@@ -424,11 +441,13 @@ const validLogSourceSpecialChars = {`
`424`	`441`	`"x_mitre_log_source_permutations": [`
`425`	`442`	`{`
`426`	`443`	`"name": "Security/Application-Logs_2024",`
`427`		`- "channel": "Microsoft-Windows-Security-Auditing/Operational"`
	`444`	`+ "channel": "Microsoft-Windows-Security-Auditing/Operational",`
	`445`	`+ "data_component_name": "Process Creation"`
`428`	`446`	`},`
`429`	`447`	`{`
`430`	`448`	`"name": "EventLog:Security",`
`431`		`- "channel": "EventID=4624"`
	`449`	`+ "channel": "EventID=4624",`
	`450`	`+ "data_component_name": "Process Creation"`
`432`	`451`	`}`
`433`	`452`	`]`
`434`	`453`	`};`
`@@ -502,19 +521,23 @@ const validLogSourceComplexPermutations = {`
`502`	`521`	`"x_mitre_log_source_permutations": [`
`503`	`522`	`{`
`504`	`523`	`"name": "sysmon:1",`
`505`		`- "channel": "process_creation"`
	`524`	`+ "channel": "process_creation",`
	`525`	`+ "data_component_name": "Process Creation"`
`506`	`526`	`},`
`507`	`527`	`{`
`508`	`528`	`"name": "auditd:SYSCALL",`
`509`		`- "channel": "execve"`
	`529`	`+ "channel": "execve",`
	`530`	`+ "data_component_name": "Process Creation"`
`510`	`531`	`},`
`511`	`532`	`{`
`512`	`533`	`"name": "powershell:4104",`
`513`		`- "channel": "script_block"`
	`534`	`+ "channel": "script_block",`
	`535`	`+ "data_component_name": "Process Creation"`
`514`	`536`	`},`
`515`	`537`	`{`
`516`	`538`	`"name": "wmi:19",`
`517`		`- "channel": "wmi_event"`
	`539`	`+ "channel": "wmi_event",`
	`540`	`+ "data_component_name": "Process Creation"`
`518`	`541`	`}`
`519`	`542`	`]`
`520`	`543`	`};`
Original file line number	Diff line number	Diff line change
`@@ -214,6 +214,7 @@ const minimalLogSource = {`
`214`	`214`	`{`
`215`	`215`	`name: 'Security',`
`216`	`216`	`channel: 'Security',`
	`217`	`+ data_component_name: 'Security',`
`217`	`218`	`},`
`218`	`219`	`],`
`219`	`220`	`};`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ export const xMitreLogSourcePermutationsSchema = z`
`20`	`20`	`z.object({`
`21`	`21`	`name: z.string().nonempty(),`
`22`	`22`	`channel: z.string().nonempty(),`
	`23`	`+ data_component_name: z.string().nonempty(),`
`23`	`24`	`}),`
`24`	`25`	`)`
`25`	`26`	`.nonempty()`