Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add File Access Check class #1296

Open
rmouritzen-splunk opened this issue Dec 23, 2024 · 0 comments
Open

Add File Access Check class #1296

rmouritzen-splunk opened this issue Dec 23, 2024 · 0 comments
Assignees
@rmouritzen-splunk
Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes system_activity Issues related to System Activity Category v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF

Comments

@rmouritzen-splunk
Copy link
Contributor

rmouritzen-splunk commented Dec 23, 2024
edited
Loading

Add a File Access Check class to the System category.

The Splunk private schema has this class, and it is so far there is no equivalent in the core schema. This event class is useful for the 5140 and 5145 Windows Event types.
@rmouritzen-splunk rmouritzen-splunk self-assigned this Dec 23, 2024
@rmouritzen-splunk rmouritzen-splunk added enhancement New feature or request system_activity Issues related to System Activity Category non_breaking Non Breaking, backwards compatible changes v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF labels Dec 23, 2024
rmouritzen-splunk added a commit to rmouritzen-splunk/ocsf-schema that referenced this issue Dec 23, 2024
@rmouritzen-splunk
Issue ocsf#1296: Add File Access Check event class
0662050
@rmouritzen-splunk rmouritzen-splunk mentioned this issue Dec 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmouritzen-splunk rmouritzen-splunk

Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes system_activity Issues related to System Activity Category v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rmouritzen-splunk