{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":482159051,"defaultBranch":"main","name":"ocsf-schema","ownerLogin":"ocsf","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-04-16T04:55:08.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/103786262?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1723566326.0","currentOid":""},"activityList":{"items":[{"before":"d90dcfc076a58e4a1ff50a9e8fa6d9bd0b34e8ae","after":"eff55eb9a3b0088c9a90b832fa213e9ed69fcbfb","ref":"refs/heads/main","pushedAt":"2024-08-23T12:55:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Updated event classes, added missing categories. (#1163)\n\n#### Related Issue: \r\n #1162\r\n#### Description of changes:\r\nUpdated event classes, added missing categories. \r\nIt is not a critical problem, since all events that were missing\r\ncategory were extending higher level event. All higher level events have\r\ncategories specified. This update is for a consistency.","shortMessageHtmlLink":"Updated event classes, added missing categories. (#1163)"}},{"before":"fe3ec22c9f63345a1ce7ae76c37dcffc817390fc","after":"d90dcfc076a58e4a1ff50a9e8fa6d9bd0b34e8ae","ref":"refs/heads/main","pushedAt":"2024-08-22T17:31:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Added Script Activity event class. (#1159)\n\n#### Related Issue: \r\n\r\nhttps://github.com/ocsf/ocsf-schema/issues/1156\r\n\r\n#### Description of changes:\r\n\r\nAdded a Script Activity event class to the System category as described\r\nin the related issue.\r\n\r\nSigned-off-by: Dave McCormack \r\nCo-authored-by: Paul Agbabian ","shortMessageHtmlLink":"Added Script Activity event class. (#1159)"}},{"before":"9fb44653932d0cac9e67ebc1b4ebf7bf44905e88","after":"fe3ec22c9f63345a1ce7ae76c37dcffc817390fc","ref":"refs/heads/main","pushedAt":"2024-08-21T19:38:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"Fix grammar for *_permissions attributes (#1164)\n\n#### Related Issue: N/A\r\n\r\n#### Description of changes:\r\n\r\n1. Today, there are typos in the descriptions of these attributes:\r\n- `actual_permissions`: `The permissions that were granted to the in a\r\nplatform-native format.`\r\n- `requested_permissions`: `The permissions mask that were requested by\r\nthe process`\r\n\r\nThis PR cleans up the typos, and applies our `See specific usage`\r\nverbiage to the base dictionary descriptions.\r\n\r\nNOTE: Since this is simply a description update, no update to CHANGELOG\r\nshould be needed.\r\n\r\n---------\r\n\r\nSigned-off-by: Michael Radka \r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Fix grammar for *_permissions attributes (#1164)"}},{"before":"56bb644135b1eb522235690bcb2a5b37d32f33d5","after":"9fb44653932d0cac9e67ebc1b4ebf7bf44905e88","ref":"refs/heads/main","pushedAt":"2024-08-21T18:37:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonrau-at-queryai","name":"Jonathan Rau","path":"/jonrau-at-queryai","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/139361268?s=80&v=4"},"commit":{"message":"Expand applicability and direction of `cloud.account` and `cloud.org` & deprecate `project_uid` (#1166)\n\n#### Related Issue: \r\n\r\n#### Description of changes:\r\n\r\nAs per conversations with @floydtree and @zschmerber, some better\r\nguidance and applicability of existing `org` and `account` objects was\r\nrequired to account for the various ways that logical\r\ncompartmentalization are defined in various public cloud and SaaS tools.\r\n\r\nFor instance, GCP has Org -> Folder -> Project, OCI has Domain ->\r\nTenancy -> Compartment, AWS has Org -> OU -> Account, and various SaaS\r\ntools have high level compartmentalization such as Servicenow Instances,\r\nM365 Tenants, Salesforce Accounts, etc.\r\n\r\n- Deprecate `project_uid` as it was hyper-specific to GCP and doesn't\r\nfit other CSPs or SaaS, removed `project_uid` from `cloud`.\r\n- Update all descriptions within `org` and `account` to reflect the\r\napplicability to CSP and SaaS platforms with more examples for mappers.\r\n- Added several new `account.type_id` to reflect AWS Account-like\r\nequivalents for Azure, GCP, OCI, Salesforce, M365, and Servicenow.","shortMessageHtmlLink":"Expand applicability and direction of cloud.account and cloud.org…"}},{"before":"98f540947d6d17b9ab4002d4fd11bfa5c70e4c1b","after":"56bb644135b1eb522235690bcb2a5b37d32f33d5","ref":"refs/heads/main","pushedAt":"2024-08-21T17:21:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Minor addition to the cvss object (#1165)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n1. Adding `vendor_name` to the `cvss` object to help represent the\r\nsource/vendor that provided the cvss scores.\r\n2. Snippet from a sample source event from Amazon Inspector\r\n\r\n```\r\n\"cvss\": [\r\n {\r\n \"baseScore\": 10,\r\n \"scoringVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\r\n \"version\": \"3.1\",\r\n \"source\": \"UBUNTU_CVE\"\r\n },\r\n {\r\n \"baseScore\": 10,\r\n \"scoringVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\r\n \"version\": \"3.1\",\r\n \"source\": \"NVD\"\r\n }\r\n ],\r\n\r\n```\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Minor addition to the cvss object (#1165)"}},{"before":"a656184ff064ce388df6392ee15257cfa1181339","after":"98f540947d6d17b9ab4002d4fd11bfa5c70e4c1b","ref":"refs/heads/main","pushedAt":"2024-08-16T18:06:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Change \"misspellings\" of identifier contraction \"Id\" to \"ID\" (#1160)\n\n#### Related Issue: \r\nNone\r\n\r\n#### Description of changes:\r\nChange occurrences of `Id` in `dictionary.json` to `ID`. There were\r\nthree (3) occurrences of `Id` in the dictionary, while the other 69 were\r\n`ID`.\r\n\r\nThis change affects `caption` and `description` fields only. No enum\r\ncaptions were changed. This has no affect on existing OCSF events, and\r\ndoes not represent a breaking change, including while validating events.\r\n\r\n### Delete once you have confirmed the following: \r\n1. Did you add a single line summary of changes to `Unreleased` section\r\nin the\r\n[CHANGELOG.md](https://github.com/ocsf/ocsf-schema/blob/main/CHANGELOG.md)\r\nfile?\r\n * **_Is this necessary for a typo fix?_** (2 reviewers say \"no\".)","shortMessageHtmlLink":"Change \"misspellings\" of identifier contraction \"Id\" to \"ID\" (#1160)"}},{"before":"2a999472b5e366982355f505db40faef494a629f","after":"a656184ff064ce388df6392ee15257cfa1181339","ref":"refs/heads/main","pushedAt":"2024-08-13T17:09:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"`user` Object expansion and related Observables creation (#1155)\n\nExpands the `user` object to add relevant data that comes from various\r\nIdentity Providers or Directories while keep relevance with LDAP and\r\nMITRE D3FEND.\r\n\r\n- Add Observable `type_id` 31-35 for User UID, Group Name, Group UID,\r\nAccount Name, Account UID\r\n- Add `phone_number` to `user` and to `ldap_person` - this attribute can\r\nbe assigned to both or one or the other depending on the upstream\r\nsystem. For instance Entra ID or Okta\r\n- ~~Add `state_id` and `state` to `user` to represent the various states\r\nof a user record in a directory or IDP such as their provisioning\r\nstatus, (de)activation. This is 1:1 with Okta with an extra `Deleted`\r\nenum added for Google Workspace~~ Removed as #1136 already has a\r\nsolution\r\n- Add `has_mfa` Boolean to Dictionary and `user` object as a quick way\r\nto tell if a `user` has MFA/2FA enabled/assigned to them\r\n\r\n---------\r\n\r\nSigned-off-by: Jonathan Rau <139361268+jonrau-at-queryai@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"user Object expansion and related Observables creation (#1155)"}},{"before":"cde2c7f5b6a09a425abd2793fadb093b19c801c1","after":"2a999472b5e366982355f505db40faef494a629f","ref":"refs/heads/main","pushedAt":"2024-08-13T17:03:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonrau-at-queryai","name":"Jonathan Rau","path":"/jonrau-at-queryai","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/139361268?s=80&v=4"},"commit":{"message":"Create `OSINT Inventory Info` Discovery Event (#1154)\n\nAdds a `OSINT Inventory Info` event to the Discovery category to\r\nrepresent retrieval of OSINT, CTI, and other enrichment data from TIPs,\r\nXDRs, and other sources of OSINT/CTI\r\n\r\n---------\r\n\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Create OSINT Inventory Info Discovery Event (#1154)"}},{"before":"daa8f6945bcc26f4cdfb489261287409fe599061","after":null,"ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-13T16:25:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"}},{"before":"5b8f2ac2609e4a500f47da15e4270a099f44a846","after":"cde2c7f5b6a09a425abd2793fadb093b19c801c1","ref":"refs/heads/main","pushedAt":"2024-08-13T16:25:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Backwards Compatibility Workflow (#1115)\n\nThis PR does *not* change the OCSF. \r\n\r\nInstead, it enhances the pull request workflow:\r\n* The schema validator version can now be configured with a repository\r\nvariable, allowing repository owners to update the dependency without a\r\nPR.\r\n* A new backwards compatibility validation has been added using the\r\nschema compiler and compatibility validator in the\r\n[ocsf-lib](https://github.com/ocsf/ocsf-lib-py) project.\r\n\r\n---------\r\n\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Backwards Compatibility Workflow (#1115)"}},{"before":"b3d7c051efd2f022b38f8da9c7cf75544f71c4b9","after":"daa8f6945bcc26f4cdfb489261287409fe599061","ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-12T22:48:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"query-jeremy","name":"Jeremy Fisher","path":"/query-jeremy","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106115283?s=80&v=4"},"commit":{"message":"Default version bump","shortMessageHtmlLink":"Default version bump"}},{"before":"9e6417fde641de7a73d8ccaf8cf86c046b059e07","after":"b3d7c051efd2f022b38f8da9c7cf75544f71c4b9","ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-12T19:03:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Merge branch 'main' into validation-cleanup","shortMessageHtmlLink":"Merge branch 'main' into validation-cleanup"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":"5b8f2ac2609e4a500f47da15e4270a099f44a846","ref":"refs/heads/main","pushedAt":"2024-08-01T20:28:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"v1.4.0 prep (#1153)\n\n#### Related Issue: v1.4.0-dev!\r\n\r\n#### Description of changes:\r\n\r\n* Updating changelog \r\n* Updating the versions to 1.4.0-dev\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"v1.4.0 prep (#1153)"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":"c8bde8c4cc7e93bb4a36e873623bbe099da22fb5","ref":"refs/heads/v1.3.0","pushedAt":"2024-08-01T20:14:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"v1.3.0 Release (#1152)\n\n#### Related Issue: n/a Releasing 1.3.0\r\n\r\n#### Description of changes:\r\n1. Updating core and platform extension versions.\r\n2. Updating Changelog.\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"v1.3.0 Release (#1152)"}},{"before":null,"after":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","ref":"refs/heads/v1.3.0","pushedAt":"2024-08-01T18:57:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":" adding state_id IDs (#1143)\n\nRelated Issue:\r\nMissing enable/disable state Ids\r\n\r\nDescription of changes:\r\nadded state id's to Device Config State Change Class.\r\n\r\nSigned-off-by: Sasha Selin (Cyrebro) (sasha.selin@cyrebro.io)\r\n\r\nFollowing closed PR #1076 (#1076), Ive created new PR to create\r\ndisable/enable state to \"device_config_state_change\" class.\r\n\r\nstate “disable/enable” is very common when it comes to FortiGate logs,\r\nespecially where the subtype=”system” and action=”add”.\r\nThe “status” field on this type of logs are represent the “cfgattr”\r\n(Configuration value changed) status.\r\n\r\nRaw log for example:\r\n\r\n<118>date=2024-05-01 time=11:43:38 devname=\"Test for OCSF\"\r\ndevid=\"FG11256985563\" eventtime=1714553018203018280 tz=\"+0300\"\r\nlogid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"information\"\r\nvd=\"North\" logdesc=\"Object attribute configured\" user=\"SashaS\"\r\nui=\"GUI(192.168.190.54)\" action=\"Add\" cfgtid=10691505\r\ncfgpath=\"firewall.policy\" cfgobj=\"136\"\r\ncfgattr=\"status[disable]srcintf[OCSF-Test]dstintf[OCSF-Test]srcaddr[Sasha-selin-ocsf-test]dstaddr[Sasha-selin]srcaddr6[]dstaddr6[]src-vendor-mac[]action[accept]schedule[always]service[RDP]groups[]users[]fsso-groups[]comments[\r\n(Copy of 148)]custom-log-fields[]\" msg=\"Add firewall.policy 136\"\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/fcd7991a-aec8-4fe1-b511-3cc2173da6a8)\r\n\r\n---------\r\n\r\nSigned-off-by: SashaSelin <145011693+SashaSelin@users.noreply.github.com>\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":" adding state_id IDs (#1143)"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":null,"ref":"refs/heads/1.3.0","pushedAt":"2024-08-01T18:56:55.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"}},{"before":null,"after":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","ref":"refs/heads/1.3.0","pushedAt":"2024-08-01T18:56:33.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":" adding state_id IDs (#1143)\n\nRelated Issue:\r\nMissing enable/disable state Ids\r\n\r\nDescription of changes:\r\nadded state id's to Device Config State Change Class.\r\n\r\nSigned-off-by: Sasha Selin (Cyrebro) (sasha.selin@cyrebro.io)\r\n\r\nFollowing closed PR #1076 (#1076), Ive created new PR to create\r\ndisable/enable state to \"device_config_state_change\" class.\r\n\r\nstate “disable/enable” is very common when it comes to FortiGate logs,\r\nespecially where the subtype=”system” and action=”add”.\r\nThe “status” field on this type of logs are represent the “cfgattr”\r\n(Configuration value changed) status.\r\n\r\nRaw log for example:\r\n\r\n<118>date=2024-05-01 time=11:43:38 devname=\"Test for OCSF\"\r\ndevid=\"FG11256985563\" eventtime=1714553018203018280 tz=\"+0300\"\r\nlogid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"information\"\r\nvd=\"North\" logdesc=\"Object attribute configured\" user=\"SashaS\"\r\nui=\"GUI(192.168.190.54)\" action=\"Add\" cfgtid=10691505\r\ncfgpath=\"firewall.policy\" cfgobj=\"136\"\r\ncfgattr=\"status[disable]srcintf[OCSF-Test]dstintf[OCSF-Test]srcaddr[Sasha-selin-ocsf-test]dstaddr[Sasha-selin]srcaddr6[]dstaddr6[]src-vendor-mac[]action[accept]schedule[always]service[RDP]groups[]users[]fsso-groups[]comments[\r\n(Copy of 148)]custom-log-fields[]\" msg=\"Add firewall.policy 136\"\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/fcd7991a-aec8-4fe1-b511-3cc2173da6a8)\r\n\r\n---------\r\n\r\nSigned-off-by: SashaSelin <145011693+SashaSelin@users.noreply.github.com>\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":" adding state_id IDs (#1143)"}},{"before":"fd8818410e2a74991f27b6ceedcdd5908c0050d2","after":"9e6417fde641de7a73d8ccaf8cf86c046b059e07","ref":"refs/heads/validation-cleanup","pushedAt":"2024-07-31T22:35:22.000Z","pushType":"push","commitsCount":22,"pusher":{"login":"query-jeremy","name":"Jeremy Fisher","path":"/query-jeremy","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106115283?s=80&v=4"},"commit":{"message":"Merge branch 'main' into validation-cleanup","shortMessageHtmlLink":"Merge branch 'main' into validation-cleanup"}},{"before":"54191a0e532b1b010a92031b45610491fb96cfb4","after":"fd8818410e2a74991f27b6ceedcdd5908c0050d2","ref":"refs/heads/validation-cleanup","pushedAt":"2024-07-31T22:16:22.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"query-jeremy","name":"Jeremy Fisher","path":"/query-jeremy","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106115283?s=80&v=4"},"commit":{"message":"Renaming metaschema validation workflow","shortMessageHtmlLink":"Renaming metaschema validation workflow"}},{"before":"b5c94d3fbc81dec0d1ef635c8b90e4ea9d8c345b","after":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","ref":"refs/heads/main","pushedAt":"2024-07-30T17:04:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":" adding state_id IDs (#1143)\n\nRelated Issue:\r\nMissing enable/disable state Ids\r\n\r\nDescription of changes:\r\nadded state id's to Device Config State Change Class.\r\n\r\nSigned-off-by: Sasha Selin (Cyrebro) (sasha.selin@cyrebro.io)\r\n\r\nFollowing closed PR #1076 (#1076), Ive created new PR to create\r\ndisable/enable state to \"device_config_state_change\" class.\r\n\r\nstate “disable/enable” is very common when it comes to FortiGate logs,\r\nespecially where the subtype=”system” and action=”add”.\r\nThe “status” field on this type of logs are represent the “cfgattr”\r\n(Configuration value changed) status.\r\n\r\nRaw log for example:\r\n\r\n<118>date=2024-05-01 time=11:43:38 devname=\"Test for OCSF\"\r\ndevid=\"FG11256985563\" eventtime=1714553018203018280 tz=\"+0300\"\r\nlogid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"information\"\r\nvd=\"North\" logdesc=\"Object attribute configured\" user=\"SashaS\"\r\nui=\"GUI(192.168.190.54)\" action=\"Add\" cfgtid=10691505\r\ncfgpath=\"firewall.policy\" cfgobj=\"136\"\r\ncfgattr=\"status[disable]srcintf[OCSF-Test]dstintf[OCSF-Test]srcaddr[Sasha-selin-ocsf-test]dstaddr[Sasha-selin]srcaddr6[]dstaddr6[]src-vendor-mac[]action[accept]schedule[always]service[RDP]groups[]users[]fsso-groups[]comments[\r\n(Copy of 148)]custom-log-fields[]\" msg=\"Add firewall.policy 136\"\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/fcd7991a-aec8-4fe1-b511-3cc2173da6a8)\r\n\r\n---------\r\n\r\nSigned-off-by: SashaSelin <145011693+SashaSelin@users.noreply.github.com>\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":" adding state_id IDs (#1143)"}},{"before":"85a36b7b6fda54c9de6afc56fee14b9a292bc2f8","after":"b5c94d3fbc81dec0d1ef635c8b90e4ea9d8c345b","ref":"refs/heads/main","pushedAt":"2024-07-30T16:13:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Fixing inconsistencies in the findings classes, other desc corrections (#1150)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n1. Making `resources` available in Vuln Finding and Compliance Finding\r\nevent classes.\r\n2. Deprecating `resource` attribute.\r\n3. Fixing desc in Data Security Finding event class\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Fixing inconsistencies in the findings classes, other desc corrections ("}},{"before":"e651e9dc9e056a236d48d5ac9c2d3e4715ef8341","after":"85a36b7b6fda54c9de6afc56fee14b9a292bc2f8","ref":"refs/heads/main","pushedAt":"2024-07-30T00:47:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Feat: [1148] - enrichment extension (#1149)\n\n#### Related Issue: 1148\r\n\r\nhttps://github.com/ocsf/ocsf-schema/issues/1148\r\n\r\n#### Description of changes:\r\n\r\nextending - enrichment by:\r\n\r\ntime, recommended - The timestamp when the enrichment data was\r\ngenerated.\r\ndesc optional - A long description of the enrichment data.\r\nreputation optional - The reputation of the enrichment data\r\nshort_desc, recommended - A short description of the enrichment data.\r\nurl_string, recommended - The URL of the source of the enrichment data\r\n\r\n---------\r\n\r\nSigned-off-by: Pavel Jurka \r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Feat: [1148] - enrichment extension (#1149)"}},{"before":"2096473785f4d654e8d3ea186a8781621876b045","after":null,"ref":"refs/heads/load_balancer","pushedAt":"2024-07-26T18:57:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"}},{"before":"c6f4371ce4746ea07a647aab26d89c532d7a6788","after":"e651e9dc9e056a236d48d5ac9c2d3e4715ef8341","ref":"refs/heads/main","pushedAt":"2024-07-26T18:57:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"Enhancement to load_balancer object (#1138)\n\n#### Related Issue: N/A (from Slack)\r\n\r\n#### Description of changes:\r\nAdded ip to the load_balancer object. Added Load Balancer to the\r\nendpoint type_id enum list.\r\n\r\n---------\r\n\r\nSigned-off-by: Paul Agbabian \r\nSigned-off-by: pagbabian-splunk \r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: pagbabian-splunk \r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Enhancement to load_balancer object (#1138)"}},{"before":"0832ddb859d57a1a2d0c08323bf850e71e3c88cc","after":"2096473785f4d654e8d3ea186a8781621876b045","ref":"refs/heads/load_balancer","pushedAt":"2024-07-26T18:17:52.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Merge branch 'main' into load_balancer\n\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Merge branch 'main' into load_balancer"}},{"before":"c7460d34b729cd8401253af003b824a64db4b524","after":null,"ref":"refs/heads/time_span","pushedAt":"2024-07-26T16:59:38.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"}},{"before":"0a1c03c2cd00d89fb18e078377650ea56c752b4d","after":"c6f4371ce4746ea07a647aab26d89c532d7a6788","ref":"refs/heads/main","pushedAt":"2024-07-26T16:59:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"New Timespan object to encapsulate average durations. (#1125)\n\n#### Related Issue: N/A\r\n\r\n#### Description of changes:\r\nAdded a new object that encapsulates the `duration_avg_xx` attributes\r\nwith a `type_id` discriminator and a `just_one` constraint.\r\n\r\n---------\r\n\r\nSigned-off-by: Paul Agbabian \r\nSigned-off-by: pagbabian-splunk \r\nCo-authored-by: pagbabian-splunk ","shortMessageHtmlLink":"New Timespan object to encapsulate average durations. (#1125)"}},{"before":"17e2dc6dc532467ee46126f45e6c80631ce73c1c","after":"c7460d34b729cd8401253af003b824a64db4b524","ref":"refs/heads/time_span","pushedAt":"2024-07-25T18:03:06.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Merge branch 'main' into time_span\n\nSigned-off-by: Paul Agbabian ","shortMessageHtmlLink":"Merge branch 'main' into time_span"}},{"before":"819c74c27526ec10103fdd720896531bf62d2aca","after":"0a1c03c2cd00d89fb18e078377650ea56c752b4d","ref":"refs/heads/main","pushedAt":"2024-07-25T17:42:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Software package object improvements (#1142)\n\nAdd two additional attributes for the Software Package object. In both\r\ninstances the pre-existing attribute is used to uniquely identify the\r\npackage. This can be useful when looking at Software Bill of Materials\r\n(SBOM) inventory data.\r\n\r\n#### Description of changes:\r\nAdd cpe_name attribute. Common Platform Enumeration CPE is used to\r\nuniquely identity software packages.\r\nAdd hash attribute. A cryptographic hash is another common way to\r\nidentify software packages.\r\n\r\nThese changes pass local validation testing.\r\n\r\n---------\r\n\r\nSigned-off-by: Jason Reimer \r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Software package object improvements (#1142)"}},{"before":"db61f5410bb0d95cb893069af62a83d232b02d3d","after":"17e2dc6dc532467ee46126f45e6c80631ce73c1c","ref":"refs/heads/time_span","pushedAt":"2024-07-25T17:26:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Merged newer dictionary attributes; fixed CHANGELOG\n\nSigned-off-by: pagbabian-splunk ","shortMessageHtmlLink":"Merged newer dictionary attributes; fixed CHANGELOG"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEollv1gA","startCursor":null,"endCursor":null}},"title":"Activity · ocsf/ocsf-schema"}