diff --git a/CHANGELOG.md b/CHANGELOG.md index 427ca984a..59c611763 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -73,7 +73,9 @@ Thankyou! --> 5. Added `ticket` to `Incident Finding` event class. #1068 6. Added new activities `Enroll`, `Activate`, `Deactivate`, `Suspend`, and `Resume` to the `Entity Management` class. #1095 7. Added new activity `Listen` to `Network Activity` and relax requirement of `src_endpoint`. #1147 - 8. Added `resources` attribute to `Vulnerability Finding` and `Compliance Finding`. #1150 + 8. Added `state` object to `Device Config State Change`. #1143 + 9. Added `state_id` object to `Device Config State Change`. #1143 + 10. Added `resources` attribute to `Vulnerability Finding` and `Compliance Finding`. #1150 * #### Profiles * #### Objects 1. Added `ext` to `File` object. #1046 diff --git a/events/discovery/device_config_state_change.json b/events/discovery/device_config_state_change.json index a86998572..9862d7396 100644 --- a/events/discovery/device_config_state_change.json +++ b/events/discovery/device_config_state_change.json @@ -1,47 +1,75 @@ { - "uid": 19, - "caption": "Device Config State Change", - "description": "Device Config State Change events report state changes that impact the security of the device.", - "extends": "discovery", - "name": "device_config_state_change", - "attributes": { - "actor": { - "group": "context", - "requirement": "optional" + "uid": 19, + "caption": "Device Config State Change", + "description": "Device Config State Change events report state changes that impact the security of the device.", + "extends": "discovery", + "name": "device_config_state_change", + "attributes": { + "actor": { + "group": "context", + "requirement": "optional" + }, + "device": { + "description": "The device that is impacted by the state change.", + "group": "primary", + "requirement": "required" + }, + "prev_security_level": { + "group": "primary", + "requirement": "recommended" + }, + "prev_security_level_id": { + "group": "primary", + "requirement": "recommended" + }, + "prev_security_states": { + "description": "The previous security states of the device.", + "group": "primary", + "requirement": "recommended" + }, + "security_level": { + "group": "primary", + "requirement": "recommended" + }, + "security_level_id": { + "group": "primary", + "requirement": "recommended" + }, + "security_states": { + "description": "The current security states of the device.", + "group": "primary", + "requirement": "recommended" + }, + "state": { + "caption": "Config Change State", + "description": "The Config Change Stat, normalized to the caption of the state_id value. In the case of 'Other', it is defined by the source.", + "requirement": "optional" + }, + "state_id": { + "caption": "Config Change State ID", + "description": "The Config Change State of the managed entity.", + "requirement": "recommended", + "enum": { + "0": { + "caption": "Unknown", + "description": "The Config Change state is unknown." + }, + "1": { + "caption": "Disabled", + "description": "Config State Changed to Disabled." + }, + "2": { + "caption": "Enabled", + "description": "Config State Changed to Enabled." + }, + "99": { + "caption": "Other", + "description": "The Config Change is not mapped. See the state attribute, which contains data source specific values." + } + } + } }, - "device": { - "description": "The device that is impacted by the state change.", - "group": "primary", - "requirement": "required" - }, - "prev_security_level": { - "group": "primary", - "requirement": "recommended" - }, - "prev_security_level_id": { - "group": "primary", - "requirement": "recommended" - }, - "prev_security_states": { - "description": "The previous security states of the device.", - "group": "primary", - "requirement": "recommended" - }, - "security_level": { - "group": "primary", - "requirement": "recommended" - }, - "security_level_id": { - "group": "primary", - "requirement": "recommended" - }, - "security_states": { - "description": "The current security states of the device.", - "group": "primary", - "requirement": "recommended" - } - }, - "profiles": [ - "host" - ] -} \ No newline at end of file + "profiles": [ + "host" + ] +}