Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create agent Object, add agent and owner to endpoint #987

Merged
merged 14 commits into from
Mar 28, 2024
Merged

Create agent Object, add agent and owner to endpoint #987

merged 14 commits into from
Mar 28, 2024

Conversation

jonrau-at-queryai
Copy link
Contributor

Related Issue:

#986

Description of changes:

  • Adds owner to device, endpoint, and network_endpoint.
  • Adds a new agent object that defines various sensors and agent.
  • Adds the new agent object to device, resource, and endpoint.
  • Adds is_applied Boolean to policy.

mlmitch
mlmitch reviewed Mar 18, 2024
View reviewed changes
dictionary.json Outdated Show resolved Hide resolved
@jonrau-at-queryai jonrau-at-queryai marked this pull request as ready for review March 18, 2024 21:27
floydtree
floydtree requested changes Mar 19, 2024
View reviewed changes
objects/device.json Outdated Show resolved Hide resolved
objects/network_endpoint.json Outdated Show resolved Hide resolved
@jonrau-at-queryai jonrau-at-queryai changed the title Create agent Object, add agent and owner to device Create agent Object, add agent and owner to endpoint Mar 19, 2024
floydtree
floydtree previously approved these changes Mar 19, 2024
View reviewed changes
Copy link
Contributor

@floydtree floydtree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

mikeradka
mikeradka previously approved these changes Mar 19, 2024
View reviewed changes
Copy link
Contributor

@mikeradka mikeradka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@jonrau-at-queryai jonrau-at-queryai dismissed stale reviews from mikeradka and floydtree via dcdba03 March 19, 2024 15:51
@pagbabian-splunk
Copy link
Contributor

Please check the description of name : "Organization name for the Autonomous System."

mlmitch
mlmitch reviewed Mar 20, 2024
View reviewed changes
Copy link
Contributor

@mlmitch mlmitch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

This is a great addition for being able to natively use OCSF in an EDR.
Having homes for the agent identifier and the customer organization identifier is crucial.

zschmerber
zschmerber previously approved these changes Mar 24, 2024
View reviewed changes
mikeradka
mikeradka previously approved these changes Mar 25, 2024
View reviewed changes
@mikeradka
Copy link
Contributor

@jonrau-at-queryai Looks good to me, just approved, but there is a small merge conflict with the CHANGELOG. Could you update that so we can merge?

@jonrau-at-queryai
Copy link
Contributor Author

@jonrau-at-queryai Looks good to me, just approved, but there is a small merge conflict with the CHANGELOG. Could you update that so we can merge?

Looks like it's fixed, but it bumped all of the approvals again.

mikeradka
mikeradka previously approved these changes Mar 25, 2024
View reviewed changes
floydtree
floydtree previously approved these changes Mar 26, 2024
View reviewed changes
This was referenced Mar 26, 2024
Closed
Merged
Aniak5
Aniak5 reviewed Mar 28, 2024
View reviewed changes
dictionary.json Outdated Show resolved Hide resolved
@jonrau-at-queryai jonrau-at-queryai dismissed stale reviews from mikeradka and floydtree via f902fef March 28, 2024 14:32
@Aniak5
Copy link
Contributor

Aniak5 commented Mar 28, 2024

Looks great! Thanks for this addition, its super useful!

Aniak5
Aniak5 approved these changes Mar 28, 2024
View reviewed changes
Copy link
Contributor

@Aniak5 Aniak5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@floydtree floydtree merged commit d3c4677 into ocsf:main Mar 28, 2024
2 checks passed
@jonrau-at-queryai jonrau-at-queryai deleted the sensor-and-device-owner branch March 28, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikeradka mikeradka mikeradka approved these changes

@floydtree floydtree floydtree approved these changes

@Aniak5 Aniak5 Aniak5 approved these changes

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

@mlmitch mlmitch Awaiting requested review from mlmitch

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@jonrau-at-queryai @pagbabian-splunk @mikeradka @Aniak5 @mlmitch @zschmerber @floydtree