Last active
August 7, 2024 15:22
-
-
Save chrisberkhout/1ae2f2a8dcc4f487cc8db6cabee76be7 to your computer and use it in GitHub Desktop.
Build simplifed representations of the the OCSF schema with required attributes only
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env python | |
import json | |
import urllib.request | |
import argparse | |
def by_class(all_fields_to_depth): | |
url = "https://raw.githubusercontent.com/ocsf/ocsf-lib-py/main/schema_cache/schema-1.3.0.json" | |
schema = json.loads(urllib.request.urlopen(url).read().decode('utf-8')) | |
by_class = {} | |
for class_name, klass in schema["classes"].items(): | |
by_class[class_name] = process_attributes(schema, klass, all_fields_to_depth) | |
return by_class | |
def process_attributes(schema, class_or_obj, all_fields_to_depth, current_depth=1): | |
all_attribs = [] | |
for k, v in class_or_obj["attributes"].items(): | |
if current_depth <= all_fields_to_depth or v["requirement"] == "required": | |
all_attribs += [(k, v)] | |
# A profile is an optional overlay on event classes and objects that reference it. | |
if class_or_obj["profiles"] is not None: | |
for profile_name in class_or_obj["profiles"]: | |
if current_depth <= all_fields_to_depth: | |
all_attribs += schema["profiles"][profile_name]["attributes"].items() | |
result = {} | |
for attrib_key, attrib in all_attribs: | |
if attrib.get("type_name") is not None: | |
result[attrib_key] = attrib["type_name"] | |
elif attrib.get("object_type") is not None: | |
result[attrib_key] = get_obj(schema, attrib["object_type"], all_fields_to_depth, current_depth+1) | |
else: | |
exit(f"Found a required attribute without a type_name or object_type: {attrib_key}") | |
return result | |
def get_obj(schema, obj_type, all_fields_to_depth, current_depth): | |
return process_attributes(schema, schema["objects"][obj_type], all_fields_to_depth, current_depth) | |
def merged(all_fields_to_depth): | |
merged = {} | |
for attribs in by_class(all_fields_to_depth).values(): | |
merged = deep_merge(merged, attribs) | |
return merged | |
def deep_merge(dict1, dict2): | |
for key in dict2: | |
if key in dict1: | |
if isinstance(dict1[key], dict) and isinstance(dict2[key], dict): | |
dict1[key] = deep_merge(dict1[key], dict2[key]) | |
elif dict1[key] == dict2[key]: | |
pass | |
else: | |
exit("There are conflicting types for the attribute '{key}'") | |
else: | |
dict1[key] = dict2[key] | |
return dict1 | |
def main(): | |
parser = argparse.ArgumentParser() | |
parser.add_argument('--by-class', action='store_true', help='Results separated by class (default: False)') | |
parser.add_argument('--all-fields-to-depth', type=int, default=0, help='Include non-required fields at this depth and higher (default: 0)') | |
args = parser.parse_args() | |
if args.by_class: | |
print(json.dumps(by_class(args.all_fields_to_depth))) | |
else: | |
print(json.dumps(merged(args.all_fields_to_depth))) | |
if __name__ == "__main__": | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer", | |
"email_uid": "String", | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"query_result_id": "Integer", | |
"folder": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"job": { | |
"name": "String", | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"status_id": "Integer", | |
"finding_info_list": { | |
"title": "String", | |
"uid": "String" | |
}, | |
"session": {}, | |
"reg_key": { | |
"path": "String" | |
}, | |
"actor": {}, | |
"device": { | |
"type_id": "Integer" | |
}, | |
"process": {}, | |
"command_uid": "String", | |
"reg_value": { | |
"name": "String", | |
"path": "String" | |
}, | |
"finding_info": { | |
"title": "String", | |
"uid": "String" | |
}, | |
"src_endpoint": {}, | |
"dst_endpoint": {}, | |
"scan": { | |
"type_id": "Integer" | |
}, | |
"privileges": "String", | |
"win_resource": { | |
"type_id": "Integer" | |
}, | |
"web_resources": {}, | |
"module": { | |
"load_type_id": "Integer" | |
}, | |
"state_id": "Integer", | |
"connection_info": { | |
"direction_id": "Integer" | |
}, | |
"entity": {}, | |
"direction_id": "Integer", | |
"email": { | |
"from": "Email Address", | |
"to": "Email Address" | |
}, | |
"peripheral_device": { | |
"name": "String", | |
"class": "String" | |
}, | |
"kernel": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"vulnerabilities": {}, | |
"network_interfaces": { | |
"type_id": "Integer" | |
}, | |
"group": {}, | |
"driver": { | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"compliance": { | |
"standards": "String" | |
}, | |
"name": "String", | |
"win_service": { | |
"name": "String" | |
}, | |
"api": { | |
"operation": "String" | |
}, | |
"app": { | |
"vendor_name": "String" | |
}, | |
"finding": { | |
"title": "String", | |
"uid": "String" | |
}, | |
"http_request": {}, | |
"package": { | |
"name": "String", | |
"version": "String" | |
}, | |
"version": "String", | |
"service": {}, | |
"url": {}, | |
"http_response": { | |
"code": "Integer" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"authentication": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"email_file_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"email_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer" | |
}, | |
"folder_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"folder": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"activity_id": "Integer" | |
}, | |
"job_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"job": { | |
"name": "String", | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"incident_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"status_id": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"finding_info_list": { | |
"title": "String", | |
"uid": "String" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"session_query": { | |
"session": {}, | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/registry_key_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"reg_key": { | |
"path": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"process_remediation_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"command_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"event_log": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/registry_value_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"reg_value": { | |
"name": "String", | |
"path": "String" | |
}, | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"detection_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer", | |
"finding_info": { | |
"title": "String", | |
"uid": "String" | |
} | |
}, | |
"authorize_session": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"account_change": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"network_file_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"src_endpoint": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"tunnel_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"ftp_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"file_hosting": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"src_endpoint": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"scan_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"scan": { | |
"type_id": "Integer" | |
}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"user_access": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"privileges": "String", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/resource_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"win_resource": { | |
"type_id": "Integer" | |
}, | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"file_remediation_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"command_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"user_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"ssh_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"file_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"datastore_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"src_endpoint": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"web_resources_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"web_resources": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"module_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"module": { | |
"load_type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"network_connection_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"state_id": "Integer", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"connection_info": { | |
"direction_id": "Integer" | |
}, | |
"activity_id": "Integer" | |
}, | |
"entity_management": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"entity": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"scheduled_job_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"job": { | |
"name": "String", | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/registry_value_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"reg_value": { | |
"name": "String", | |
"path": "String" | |
}, | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"email_activity": { | |
"direction_id": "Integer", | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"email": { | |
"from": "Email Address", | |
"to": "Email Address" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer" | |
}, | |
"peripheral_device_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"peripheral_device": { | |
"name": "String", | |
"class": "String" | |
}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"kernel_object_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"kernel": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"vulnerability_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"vulnerabilities": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer", | |
"finding_info": { | |
"title": "String", | |
"uid": "String" | |
} | |
}, | |
"rdp_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"network_remediation_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"command_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"connection_info": { | |
"direction_id": "Integer" | |
}, | |
"activity_id": "Integer" | |
}, | |
"network_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"module_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"module": { | |
"load_type_id": "Integer" | |
}, | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"networks_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"network_interfaces": { | |
"type_id": "Integer" | |
}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"file_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"memory_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"admin_group_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"group": {}, | |
"activity_id": "Integer" | |
}, | |
"base_event": { | |
"time": "Timestamp", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"type_uid": "Long", | |
"activity_id": "Integer", | |
"class_uid": "Integer", | |
"category_uid": "Integer", | |
"cloud": { | |
"provider": "String" | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"kernel_extension": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"driver": { | |
"file": { | |
"name": "String", | |
"type_id": "Integer" | |
} | |
}, | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"compliance_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"compliance": { | |
"standards": "String" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer", | |
"finding_info": { | |
"title": "String", | |
"uid": "String" | |
} | |
}, | |
"win/prefetch_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"name": "String", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/win_service_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"win_service": { | |
"name": "String" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"api_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"src_endpoint": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"api": { | |
"operation": "String" | |
}, | |
"activity_id": "Integer" | |
}, | |
"application_lifecycle": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"app": { | |
"vendor_name": "String" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"security_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"state_id": "Integer", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"finding": { | |
"title": "String", | |
"uid": "String" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"web_resource_access_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"web_resources": {}, | |
"http_request": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"data_security_finding": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer", | |
"finding_info": { | |
"title": "String", | |
"uid": "String" | |
} | |
}, | |
"remediation_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"command_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"process_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"win/registry_key_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"reg_key": { | |
"path": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"software_info": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"package": { | |
"name": "String", | |
"version": "String" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"ntp_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"version": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"user_inventory": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"user": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"group_management": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"group": {}, | |
"activity_id": "Integer" | |
}, | |
"patch_state": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"device_config_state_change": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"service_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"service": {}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"smb_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"email_url_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"email_uid": "String", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"url": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer" | |
}, | |
"kernel_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"actor": {}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"kernel": { | |
"name": "String", | |
"type_id": "Integer" | |
}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"http_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"http_response": { | |
"code": "Integer" | |
}, | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"http_request": {}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"dst_endpoint": {}, | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"process_query": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"process": {}, | |
"time": "Timestamp", | |
"query_result_id": "Integer", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"dns_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"inventory_info": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"dhcp_activity": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"action_id": "Integer", | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
}, | |
"config_state": { | |
"cloud": { | |
"provider": "String" | |
}, | |
"class_uid": "Integer", | |
"time": "Timestamp", | |
"type_uid": "Long", | |
"device": { | |
"type_id": "Integer" | |
}, | |
"metadata": { | |
"version": "String", | |
"product": { | |
"vendor_name": "String" | |
} | |
}, | |
"severity_id": "Integer", | |
"osint": { | |
"value": "String", | |
"type_id": "Integer" | |
}, | |
"category_uid": "Integer", | |
"activity_id": "Integer" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment