Recursive network_proxy object #996
Labels
network_activity
Issues related to Network Activity Category
Comments
|
Thanks! Good observation - we want to avoid recursive definitions where possible but where we cannot, we SHOULD always at least indicate caution with a warning. We can add the warning and modify the description. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The network proxy endpoint contains a reference to itself a network proxy. This in itself is not a bad thing as there could be multiple proxy endpoints tied together however other places in the schema where recursive referencing of this type have warnings around how nested the data should be.
The
ldap_person.managerfield has a note to say this should only be applied once per event, the process.parent_process field has a similar note.The
analytic.related_analyticfield was deprecated as of v1, but it would have faced the same issue.Currently when being a consumer of OCSF there is no way to reliably parse the network_proxy object without recursively mapping out every proxy, which becomes doubly difficult when attempting to index the object.
The text was updated successfully, but these errors were encountered: