Merge branch 'main' into package_extension_1091

Signed-off-by: Pavel Jurka <[email protected]>
ocsf · May 30, 2024 · 63350b7 · 63350b7
2 parents 5e2dca9 + c12527d
commit 63350b7
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -67,10 +67,14 @@ Thankyou! -->
     3. Added `state_id`, `state` to `Digital Signature` object. #1069
     4. Added `ticket` to `Incident Finding` object. ticket. #1068
     5. Added `domain` to `Uniform Resource Locator` object. #1096
-    6. Added `vendor_name`, `type`, `type_id` to object `package`. #1091 
+    6. Added `reg_key` and `reg_value` to `Evidence Artifacts` object. #1078
+    7. Added `vendor_name`, `type`, `type_id` to object `package`. #1091 
+
 * #### Platform Extensions
 
 ### Bugfixes
+    1. Fixed the host profile construction in `patch_state` event class. #1087
+    2. Removed the optional requirement overrides for `name` and `uid` in `_resource` as they are part of a constraint. #1087
 
 ### Deprecated
 
@@ -284,4 +288,4 @@ Thankyou! -->
 
 ## [v1.0.0]
 
-Initial release of OCSF.
+Initial release of OCSF.
diff --git a/events/discovery/patch_state.json b/events/discovery/patch_state.json
@@ -8,7 +8,11 @@
     "host"
   ],
   "attributes": {
+    "$include": [
+      "profiles/host.json"
+  ],
     "device": {
+      "profile": null,
       "group": "primary",
       "requirement": "required"
     },

diff --git a/extensions/windows/objects/evidences.json b/extensions/windows/objects/evidences.json
@@ -0,0 +1,36 @@
+{
+  "caption": "Windows Evidence Artifacts",
+  "description": "Extends the evidences object to add Windows specific fields",
+  "extends": "evidences",
+  "attributes": {
+    "reg_key": {
+      "description": "Describes details about the registry key that triggered the detection.",
+      "requirement": "recommended"
+    },
+    "reg_value": {
+      "description": "Describes details about the registry value that triggered the detection.",
+      "requirement": "recommended"
+    }
+  },
+  "constraints": {
+    "at_least_one": [
+      "actor",
+      "api",
+      "connection_info",
+      "data",
+      "database",
+      "databucket",
+      "device",
+      "dst_endpoint",
+      "email",
+      "file",
+      "process",
+      "query",
+      "src_endpoint",
+      "url",
+      "user",
+      "reg_key",
+      "reg_value"
+    ]
+  }
+}
diff --git a/objects/_resource.json b/objects/_resource.json
@@ -19,16 +19,14 @@
       "requirement": "optional"
     },
     "name": {
-      "description": "The name of the resource.",
-      "requirement": "optional"
+      "description": "The name of the resource."
     },
     "type": {
       "description": "The resource type as defined by the event source.",
       "requirement": "optional"
     },
     "uid": {
-      "description": "The unique identifier of the resource.",
-      "requirement": "optional"
+      "description": "The unique identifier of the resource."
     }
   }
 }