diff --git a/CHANGELOG.md b/CHANGELOG.md
index daa5d5ecc..732c1e3e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -80,6 +80,7 @@ Thankyou! -->
     1. Added `os_machine_uuid` as a `uuid_t`.  #1268
     1. Added `sbom`, `author`, `related_component`, `relationship`, `relationship_id` and `software_component` to support SBOMs. #1262
     1. Added `related_events_count` as an `int_t`. #1271
+    1. Added `event_uid` as a `string_t`. #1312
 * #### Objects
     1. Added `environment_variable` object. #1172, #1288
     1. Added `advisory` object. #1176
@@ -106,7 +107,6 @@ Thankyou! -->
     1. Added `Archived|5` as an enum item to `status_id` attribute in Findings classes. #1219
     1. Added a `Trace` `activity_id` to the `Email Activity` class. #1252
     1. Added a `message_trace_uid` to the `Email Activity` class. #1259
-    1. Added a `Trace`, `activity_id` to the `Email Activity` class. #1252
     1. Added `vendor_attributes` to all `Findings` Category classes. #1257
     1. Added `sbom` to `Software Inventory Info` class. #1262
     1. Relaxed requirements on the `dst_endpoint` attribute in the `network_activity` event class and added an `at_least_one` constraint with `src_endpoint` and `dst_endpoint`. #1274
@@ -117,6 +117,8 @@ Thankyou! -->
     1. Add `policies` to `Account Change` class. #1282
     1. Add `Unlock` activity to `account_change` class. #1285
     1. Add `incident` profile to `finding` to affect classes that extend it. #1293
+    1. Add `keyboard_info` object to RDP event class. #1313
+    1. Added attributes and a new Activity ID to the `File Hosting Activity` class for network file share services and authorization check result. Activity ID added: `17` - "Access Check". Optional `context` group attributes added: `access_list`, `access_mask`, `access_result`, `share`, `share_type`, and `share_type_id`. #1297
 * #### Profiles
     1. Added `is_alert`, `confidence_id`, `confidence`, `confidence_score` attributes to the `security_control` profile. #1178
     1. Added `risk_level_id`, `risk_level`, `risk_score`, `risk_details` attributes to the `security_control` profile.  #1178
@@ -169,6 +171,7 @@ Thankyou! -->
     1. Added `cpu_architecture` and `cpu_architecture_id` to `device_hw_info` object. #1278
     1. Added `name` to `script` object. #1284
     1. Relax requirement of `fingerprints` in `certificate` object. #1302
+    1. Added `event_uid` to the `logger` object. #1312
 
 
 ### Bugfixes
diff --git a/dictionary.json b/dictionary.json
index b702c36ee..dff2a96e4 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -2040,6 +2040,11 @@
       "description": "The <code>Event ID, Code, or Name</code> that the product uses to primarily identify the event.",
       "type": "string_t"
     },
+    "event_uid": {
+      "caption": "Event UID",
+      "description": "The unique identifier of an event. See specific usage.",
+      "type": "string_t"
+    },
     "evidence": {
       "caption": "Evidence",
       "description": "The data the finding exposes to the analyst.",
diff --git a/events/application/file_hosting.json b/events/application/file_hosting.json
index 320366959..dc5c1f568 100644
--- a/events/application/file_hosting.json
+++ b/events/application/file_hosting.json
@@ -1,10 +1,23 @@
 {
   "uid": 6,
   "caption": "File Hosting Activity",
-  "description": "File Hosting Activity events report the actions taken by file management applications, including file sharing servers like Sharepoint and services such as Box, MS OneDrive, or Google Drive.",
+  "description": "File Hosting Activity events report the actions taken by file management applications, including file sharing servers like Sharepoint and services such as Box, MS OneDrive, Google Drive, or network file share services.",
   "extends": "application",
   "name": "file_hosting",
   "attributes": {
+    "access_list": {
+      "group": "context",
+      "requirement": "optional"
+    },
+    "access_mask": {
+      "description": "The sum of hexadecimal values of requested access rights.",
+      "group": "context",
+      "requirement": "optional"
+    },
+    "access_result": {
+      "group": "context",
+      "requirement": "optional"
+    },
     "activity_id": {
       "enum": {
         "1": {
@@ -70,6 +83,10 @@
         "16": {
           "caption": "Unsync",
           "description": "Mark a file or folder to not sync with a computer."
+        },
+        "17": {
+          "caption": "Access Check",
+          "description": "Access check for a file. The <code>security_control</code> profile can be used to add the access check results."
         }
       }
     },
@@ -102,6 +119,19 @@
       "group": "context",
       "requirement": "optional"
     },
+    "share": {
+      "description": "The share name.",
+      "group": "context",
+      "requirement": "optional"
+    },
+    "share_type": {
+      "group": "context",
+      "requirement": "optional"
+    },
+    "share_type_id": {
+      "group": "context",
+      "requirement": "optional"
+    },
     "src_endpoint": {
       "description": "The endpoint that performed the activity on the target file.",
       "group": "primary",
diff --git a/events/network/rdp_activity.json b/events/network/rdp_activity.json
index aa0af67f1..90265b7f9 100644
--- a/events/network/rdp_activity.json
+++ b/events/network/rdp_activity.json
@@ -34,6 +34,7 @@
       }
     },
     "capabilities": {
+      "group": "context",
       "requirement": "optional"
     },
     "certificate_chain": {
@@ -55,6 +56,10 @@
       "group": "context",
       "requirement": "optional"
     },
+    "keyboard_info": {
+      "group": "context",
+      "requirement": "optional"
+    },
     "protocol_ver": {
       "caption": "RDP Version",
       "description": "The Remote Desktop Protocol version.",
@@ -62,6 +67,7 @@
       "requirement": "recommended"
     },
     "remote_display": {
+      "group": "context",
       "requirement": "optional"
     },
     "request": {
diff --git a/objects/logger.json b/objects/logger.json
index 6078360ab..42cc4e535 100644
--- a/objects/logger.json
+++ b/objects/logger.json
@@ -1,47 +1,51 @@
 {
-    "caption": "Logger",
-    "description": "The Logger object represents the device and product where events are stored with times for receipt and transmission.  This may be at the source device where the event occurred, a remote scanning device, intermediate hops, or the ultimate destination.",
-    "name": "logger",
-    "extends": "_entity",
-    "attributes": {
-        "device": {
-            "description": "The device where the events are logged.",
-            "requirement": "recommended"
-        },
-        "log_level": {
-            "requirement": "optional"
-        },
-        "log_name": {
-            "requirement": "recommended"
-        },
-        "log_provider": {
-            "requirement": "recommended"
-        },
-        "log_version": {
-            "requirement": "optional"
-        },
-        "logged_time": {
-            "requirement": "recommended"
-        },
-        "name": {
-            "description": "The name of the logging product instance.",
-            "requirement": "recommended"
-        },
-        "product": {
-            "description": "The product logging the event.  This may be the event source product, a management server product, a scanning product, a SIEM, etc.",
-            "requirement": "recommended"
-        },
-        "transmit_time": {
-            "description": "The time when the event was transmitted from the logging device to it's next destination.",
-            "requirement": "optional"
-        },
-        "uid": {
-            "description": "The unique identifier of the logging product instance.",
-            "requirement": "recommended"
-          },      
-        "version": {
-            "description": "The version of the logging product.",
-            "requirement": "optional"
-        }
+  "caption": "Logger",
+  "description": "The Logger object represents the device and product where events are stored with times for receipt and transmission.  This may be at the source device where the event occurred, a remote scanning device, intermediate hops, or the ultimate destination.",
+  "name": "logger",
+  "extends": "_entity",
+  "attributes": {
+    "device": {
+      "description": "The device where the events are logged.",
+      "requirement": "recommended"
+    },
+    "event_uid": {
+      "description": "The unique identifier of the event assigned by the logger.",
+      "requirement": "optional"
+    },
+    "log_level": {
+      "requirement": "optional"
+    },
+    "log_name": {
+      "requirement": "recommended"
+    },
+    "log_provider": {
+      "requirement": "recommended"
+    },
+    "log_version": {
+      "requirement": "optional"
+    },
+    "logged_time": {
+      "requirement": "recommended"
+    },
+    "name": {
+      "description": "The name of the logging product instance.",
+      "requirement": "recommended"
+    },
+    "product": {
+      "description": "The product logging the event.  This may be the event source product, a management server product, a scanning product, a SIEM, etc.",
+      "requirement": "recommended"
+    },
+    "transmit_time": {
+      "description": "The time when the event was transmitted from the logging device to it's next destination.",
+      "requirement": "optional"
+    },
+    "uid": {
+      "description": "The unique identifier of the logging product instance.",
+      "requirement": "recommended"
+    },
+    "version": {
+      "description": "The version of the logging product.",
+      "requirement": "optional"
     }
-}  
\ No newline at end of file
+  }
+}
\ No newline at end of file