Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCSF - use 1.3 version #1348

Merged
merged 7 commits into from
Dec 13, 2024
Merged

OCSF - use 1.3 version #1348

merged 7 commits into from
Dec 13, 2024

Conversation

lvoloshyn-sekoia
Copy link
Contributor

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 11, 2024
edited
Loading

Smart descriptions generated from the latest tests at 2024-12-13 15:38:07:

Test File Smart Description
OCSF/ocsf/tests/generated_file_remediation_activity_1.json File Remediation Activity: Evict file html.pkg
OCSF/ocsf/tests/generated_file_remediation_activity_2.json File Remediation Activity: Harden file panama.jsp
OCSF/ocsf/tests/generated_file_remediation_activity_3.json File Remediation Activity: Evict file brazilian.tar.gz
OCSF/ocsf/tests/generated_network_remediation_activity_1.json Network Remediation Activity: Restore
OCSF/ocsf/tests/generated_network_remediation_activity_2.json Network Remediation Activity: Restore
OCSF/ocsf/tests/generated_process_remediation_activity_1.json Process Remediation Activity: Harden file earliest.pdb by process Success
OCSF/ocsf/tests/generated_process_remediation_activity_2.json Process Remediation Activity: Unknown file propose.pptx by process Prince
OCSF/ocsf/tests/generated_windows_service_1.json Windows Service Activity: Stop
OCSF/ocsf/tests/test_account_change_1.json Account Change: Create user arn:aws:sts::112233445566:assumed-role/Admin/Admin-user
OCSF/ocsf/tests/test_api_activity_1.json API Activity: Read from user Level6
OCSF/ocsf/tests/test_api_activity_2.json API Activity: Create from user system:node:ip-192-001-02-03.ec2.internal
OCSF/ocsf/tests/test_authentication_1.json Authentication: user anaya Logon
OCSF/ocsf/tests/test_authentication_2.json Authentication: user WIN-DC-725$ Logon on win-dc-725.attackrange.local
OCSF/ocsf/tests/test_authentication_3.json Authentication: Logon
OCSF/ocsf/tests/test_compliance_finding_1.json Compliance Finding: Update
OCSF/ocsf/tests/test_detection_finding_1.json Detection Finding: Create
OCSF/ocsf/tests/test_detection_finding_2.json Detection Finding: Update
OCSF/ocsf/tests/test_dns_activity_1.json DNS Activity: Traffic from 10.200.21.100
OCSF/ocsf/tests/test_dns_activity_2.json DNS Activity: Traffic from 1.2.3.4
OCSF/ocsf/tests/test_dns_activity_3.json DNS Activity: Traffic from 1.2.3.4
OCSF/ocsf/tests/test_http_activity_1.json HTTP Activity: Get /CanaryTest from 52.46.82.45
OCSF/ocsf/tests/test_network_activity_1.json Network Activity: Traffic from 192.168.1.10 to 192.168.1.20
OCSF/ocsf/tests/test_network_activity_2.json Network Activity: Refuse from 1.2.3.4 to 172.31.2.52
OCSF/ocsf/tests/test_network_activity_3.json Network Activity: Traffic from 192.168.40.20 to 10.0.40.21
OCSF/ocsf/tests/test_network_activity_4.json Network Activity: connection from 192.168.4.76 to 192.168.4.1
OCSF/ocsf/tests/test_network_activity_5.json Network Activity: connection from 192.168.4.76 to 192.168.4.1
OCSF/ocsf/tests/test_network_activity_6.json Network Activity: connection from 192.168.4.49 to 13.32.202.10
OCSF/ocsf/tests/test_network_activity_7.json Network Activity: Unknown
OCSF/ocsf/tests/test_process_activity_1.json Process Activity: process 4696 - A new process has been created.
OCSF/ocsf/tests/test_process_activity_2.json Process Activity: process 1524 - A process has exited.
OCSF/ocsf/tests/test_security_finding_1.json Security Finding: Generate finding Linux Kernel Module Injection Detected
OCSF/ocsf/tests/test_security_finding_2.json Security Finding: Create finding `BLEEDING-EDGE DOS -ISC- ICMP blind TCP reset DoS guessing attempt
`
OCSF/ocsf/tests/test_security_finding_3.json Security Finding: Generate finding Infection found on 1.183.190.110
OCSF/ocsf/tests/test_security_finding_4.json Security Finding: Generate finding Infection found on 59.11.81.231
OCSF/ocsf/tests/test_security_finding_5.json Security Finding: Generate finding Infection found on 190.109.227.80
OCSF/ocsf/tests/test_security_finding_6.json Security Finding: Generate finding Infection found on 38.7.186.198
OCSF/ocsf/tests/test_system_activity_1.json Windows Resource Activity: A handle to an object was requested.
OCSF/ocsf/tests/test_system_activity_2.json Windows Resource Activity: A privileged service was called.
OCSF/ocsf/tests/test_vulnerability_finding_1.json Vulnerability Finding: Update vulnerability CVE-2023-1255
OCSF/ocsf/tests/test_windows_resource_activity_1.json Windows Resource Activity: Access

@lvoloshyn-sekoia lvoloshyn-sekoia marked this pull request as ready for review November 12, 2024 08:23
squioc
squioc approved these changes Dec 13, 2024
View reviewed changes
Copy link
Collaborator

@squioc squioc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Thanks for the update

@squioc squioc merged commit 1c7479e into main Dec 13, 2024
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squioc squioc squioc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lvoloshyn-sekoia @squioc