Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add is_vpn attribute to session object #922

Merged
merged 5 commits into from
Jan 9, 2024
Merged

Conversation

mikeradka
Copy link
Contributor

Related Issue:

N/A

Description of changes:

This PR adds an is_vpn attribute to the session object. This is a useful way to signify that a given session in any event class is a vpn session - particularly this is useful for security analysts and detection engineers, without the need for a yet-another-profile.

image

Signed-off-by: Michael Radka <mradka@splunk.com>
Signed-off-by: Michael Radka <mradka@splunk.com>
Signed-off-by: Michael Radka <mradka@splunk.com>
@mikeradka mikeradka added enhancement New feature or request v1.1.0 Changes marked for v1.1.0 of OCSF labels Jan 9, 2024
@mikeradka mikeradka self-assigned this Jan 9, 2024
@mikeradka mikeradka requested a review from ablyler January 9, 2024 15:56
objects/session.json Outdated Show resolved Hide resolved
Signed-off-by: Michael Radka <mradka@splunk.com>
@Aniak5 Aniak5 self-requested a review January 9, 2024 16:08
Copy link
Contributor

@Aniak5 Aniak5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mikeradka mikeradka merged commit de4c2b4 into ocsf:main Jan 9, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request v1.1.0 Changes marked for v1.1.0 of OCSF
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants