Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add user_inventory event class and associated person profile #667

Merged
merged 6 commits into from
Jun 20, 2023
Merged

Add user_inventory event class and associated person profile #667

merged 6 commits into from
Jun 20, 2023

Conversation

mtharp0
Copy link
Contributor

@mtharp0 mtharp0 commented Jun 9, 2023

In an effort to get collected AD type data into OCSF, we are adding a new event class called user_inventory. It would collect a lot more attributes associated with a user (person). So, in addition to the new class there is a new person profile that allows us to dynamically add the extended attributes to the user for the user_inventory class (or anywhere else that someone may want to add these attributes to the user object. In order to allow the user location to be specified without the coordinates in a location, we make the coordinates recommended and add constraints to the location object. Finally, the new attributes are added to the dictionary.

@mtharp0
added user_inventory discovery event class
a417fd2 
Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
@mtharp0
added person profile and attributes to extend user
9475ea1 
Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
@mtharp0
changed requirements and added constraints to allow location use in d…
9c5866a 
…ocumenting user office location

Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
@mtharp0
updated description to associate with person profile
121349f 
Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
@mtharp0
removed accidental requirement specification
f128b76 
Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
rroupski
rroupski requested changes Jun 9, 2023
View reviewed changes
dictionary.json Show resolved Hide resolved
dictionary.json Outdated Show resolved Hide resolved
dictionary.json Show resolved Hide resolved
events/discovery/user_inventory.json Show resolved Hide resolved
@mtharp0
renamed employee_id to employee_uid and added better descriptions
32fe06b 
Signed-off-by: Tharp, Matthew <Matthew_Tharp2@comcast.com>
@mtharp0 mtharp0 requested a review from rroupski June 13, 2023 17:32
@rroupski rroupski self-requested a review June 14, 2023 21:13
pagbabian-splunk
pagbabian-splunk approved these changes Jun 19, 2023
View reviewed changes
Copy link
Contributor

@pagbabian-splunk pagbabian-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Separate from this PR, we need to have better guidelines on how and when to use the various IDs for users and their accounts.

@mtharp0 mtharp0 merged commit 2d60145 into ocsf:main Jun 20, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rroupski rroupski rroupski approved these changes

@jasonbreimer jasonbreimer jasonbreimer approved these changes

@pagbabian-splunk pagbabian-splunk pagbabian-splunk approved these changes

@jp-harvey jp-harvey Awaiting requested review from jp-harvey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mtharp0 @rroupski @jasonbreimer @pagbabian-splunk