Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring Discovery EOC event classes (issue 958) #967

Merged
merged 8 commits into from
Mar 6, 2024
Merged

Refactoring Discovery EOC event classes (issue 958) #967

merged 8 commits into from
Mar 6, 2024

Conversation

maxhotta
Copy link
Contributor

Related Issue:
Address: #958

Description of Changes:
Refactoring of Discovery / EOC event classes for consistency with other event types in the category.

Refactored all _info classes added as part of the original PR to use a _query suffix.
Using the query_info object to capture search criteria and details
Activity id has been updated to include query
Added query_result_id to hold the results of the query, as well as its sibling attribute

@maxhotta maxhotta added discovery Issues related to Discovery Category v1.2.0 Changes marked for version v1.2.0 of OCSF labels Feb 17, 2024
@maxhotta
Copy link
Contributor Author

There is one other item I'd like to propose: this was raised by @mikeradka previously, but I'd like to remove the MacOS extension and expand the Startup Application Query to be for all OS types.

@pagbabian-splunk
Copy link
Contributor

Looks really good Max. Could you also add a CHANGELOG.md update as well?

@maxhotta
Copy link
Contributor Author

@pagbabian-splunk I've added the CHANGELOG entries for the event classes added. I've left out the Macos profile in the CHANGELOG, as I'm planning to propose another PR to refactor/remove it in favor of expanding the Startup Application Query class to apply to all OS types.

@pagbabian-splunk pagbabian-splunk merged commit 82e13ee into ocsf:main Mar 6, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pagbabian-splunk pagbabian-splunk pagbabian-splunk approved these changes

@floydtree floydtree floydtree approved these changes

@rmouritzen-splunk rmouritzen-splunk rmouritzen-splunk approved these changes

@jasonbreimer jasonbreimer Awaiting requested review from jasonbreimer

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

Assignees
No one assigned
Labels
discovery Issues related to Discovery Category v1.2.0 Changes marked for version v1.2.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@maxhotta @pagbabian-splunk @floydtree @rmouritzen-splunk