Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Draft] Network Firewall OCSF Compatibility Update #853

Closed
wants to merge 17 commits into from
Closed

[Draft] Network Firewall OCSF Compatibility Update #853

wants to merge 17 commits into from

Conversation

adplotzk
Copy link
Contributor

@adplotzk adplotzk commented Nov 15, 2023
edited
Loading

Proposal to make network firewall type events compatible with OCSF.

Updates to endpoint object

  1. add natip to src_endpoint/dst_endpoint
  2. add natport to src_endpoint/dst_endpoint
  3. add device to src_endpoint/dst_endpoint

Updates to traffic object

  1. add chunks to traffic object
  2. add chunks_out to traffic object
  3. add chunks_in to traffic object

Updates to connection_info object

  1. add process to connection_info
  2. add nssai_type to connection_info
  3. add nssai differentiator to connection_info

Create new object within connection_info object

  1. create new object connection_info.{tunnel_information.uid}
  2. create new object connection_info.{tunnel_information.type}

Updates to session object

  1. add count to session
  2. add end_reason to session

Updates to firewall_rule object

  1. add wan_policy_name to firewall_rule
  2. add wan_cluster_name to firewall_rule
  3. add wan_device_type to firewall_rule
  4. add wan_cluster_type to firewall_rule
  5. add wan_site to firewall_rule

adplotzk added 11 commits October 3, 2023 15:27
@adplotzk
changing response time to duration
c801845 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Update firewall_rule.json
f9efa3d 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Merge branch 'ocsf:main' into main
f385c1e
@adplotzk
Adding nat_ip, nat_port and device to network_endpoint
55aa942 
Adding nat_ip, nat_port and device to network_endpoint

Signed-off-by: Adam P. <[email protected]>
@adplotzk
update placement of device for alphabetic ordering
fd990d1 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Adding chunks, chunks_in, and chunks_out to network traffic
77c5dc4 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Adding process, and nssai fields to network_connection_info
3717766 
Adding process, and nssai fields to network_connection_info

Signed-off-by: Adam P. <[email protected]>
@adplotzk
Adding tunnel_information object
41c0069 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Adding type and uid to tunnel information object
32173d7 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
Adding count and end_reason to session
6015086 
Signed-off-by: Adam P. <[email protected]>
@adplotzk
adding wan fields to firewall_rule object
59cd867 
add wan_policy_name to firewall_rule
add wan_cluster_name to firewall_rule
add wan_device_type to firewall_rule
add wan_cluster_type to firewall_rule
add wan_site to firewall_rule

Signed-off-by: Adam P. <[email protected]>
@adplotzk adplotzk closed this Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

@irakledibm irakledibm Awaiting requested review from irakledibm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@adplotzk