#813 Person profile attributes -> object within user

CONTRIBUTING.md

@@ -105,7 +105,7 @@ An example `vulnerability.json` object file,
         ```
         "attributes": {
           "$include": [
-            "profiles/person.json"
+            "profiles/host.json"
           ],
           ...
         }

dictionary.json

@@ -1273,11 +1273,11 @@
       "description": "The user's primary email address.",
       "type": "email_t"
     },
-    "email_addresses": {
+    "email_addrs": {
       "caption": "Email Addresses",
       "description": "A list of additional email addresses for the user.",
-      "type": "email_t",
-      "is_array": true
+      "is_array": true,
+      "type": "email_t"
     },
     "email_auth": {
       "caption": "Email Authentication",
@@ -1887,6 +1887,11 @@
       "description": "The X.500 Distinguished Name (DN) is a structured string that uniquely identifies an entry, such as a user, in an X.500 directory service For example, <code>cn=John Doe,ou=People,dc=example,dc=com</code>.",
       "type": "string_t"
     },
+    "ldap_person": {
+      "caption": "LDAP Person",
+      "description": "The additonal LDAP attributes that describe a person.",
+      "type": "ldap_person"
+    },
     "lease_dur": {
       "caption": "Lease Duration",
       "description": "This represents the length of the DHCP lease in seconds. This is present in DHCP Ack events.",

events/discovery/user_inventory.json

@@ -1,6 +1,6 @@
 {
     "caption": "User Inventory Info",
-    "description": "User Inventory Info events report user inventory data. For example, this can be used to collect information about users by dumping Active Directory data. This event class is meant to be used in conjunction with the <code>person</code> profile to allow capturing extended information about the user.",
+    "description": "For example, this can be utilized to collect user information by gathering Active Directory data.",
     "extends": "discovery",
     "name": "user_inventory",
     "uid": 3,

profiles/person.json → objects/ldap_person.json

@@ -1,8 +1,8 @@
 {
-  "caption": "Person",
-  "description": "The additonal attributes that describe a person or user beyond those required for a user.",
-  "meta": "profile",
-  "name": "person",
+  "caption": "LDAP Person",
+  "description": "The additonal LDAP attributes that describe a person.",
+  "name": "ldap_person",
+  "extends": "object",
   "attributes": {
     "cost_center": {
       "requirement": "optional"
@@ -14,7 +14,7 @@
     "deleted_time": {
       "requirement": "optional"
     },
-    "email_addresses": {
+    "email_addrs": {
       "requirement": "optional"
     },
     "employee_uid": {
@@ -63,4 +63,4 @@
       "requirement": "optional"
     }
   }
-}
+}

objects/user.json

@@ -4,13 +4,7 @@
   "extends": "_entity",
   "name": "user",
   "observable": 21,
-  "profiles": [
-    "person"
-  ],
   "attributes": {
-    "$include": [
-      "profiles/person.json"
-    ],
     "account": {
       "description": "The user's account or the account associated with the user.",
       "requirement": "optional"
@@ -32,6 +26,10 @@
       "description": "The administrative groups to which the user belongs.",
       "requirement": "optional"
     },
+    "ldap_person": {
+      "description": "The additonal LDAP attributes that describe a person.",
+      "requirement": "optional"
+    },
     "name": {
       "description": "The username. For example, <code>janedoe1</code>.",
       "requirement": "recommended",
@@ -85,4 +83,4 @@
       "uid"
     ]
   }
-}
+}