{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":482159051,"defaultBranch":"main","name":"ocsf-schema","ownerLogin":"ocsf","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-04-16T04:55:08.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/103786262?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726264387.0","currentOid":""},"activityList":{"items":[{"before":"f2d5eb23b6d33b2fd094244c4126c99450dca2ac","after":"4a8ad2fa4a1908f1cad2cbf331a1b49efd5001c2","ref":"refs/heads/main","pushedAt":"2024-09-20T13:00:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Sibling bugfix - confidence_id (#1180)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n1. Adding sibling definition for `confidence_id`. It has been missing\r\nsince we first added this attribute to the framework.\r\n2. Adding missing changelog entries for #1176\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Sibling bugfix - confidence_id (#1180)"}},{"before":"bb09b1f2000fe77d008662fbe4b73c665d5d13a0","after":"f2d5eb23b6d33b2fd094244c4126c99450dca2ac","ref":"refs/heads/main","pushedAt":"2024-09-18T19:39:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Aniak5","name":"Ania Kacewicz","path":"/Aniak5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6465263?s=80&v=4"},"commit":{"message":"Add Email Account `type_id` and Forwarding Address Support (#1179)\n\n#### Related Issue: N/A\r\n\r\n#### Description of changes:\r\n\r\nIt is quite common for a user to set a forwarding address for their\r\nemail account.\r\n\r\nThis PR adds:\r\n- An `Email Account` enum as a `type_id` in the `account` object.\r\n- A `forward_addr` attribute to the `dictionary` and `user` object.\r\n\r\n\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/f1966cad-5390-458b-a701-a49603d7450f\"\r\n\r\n\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/ed36f3bc-eadf-4efc-8766-03499e16a4a0\"\r\n\r\n\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/8a737b6d-f763-411d-8e02-8a6e76849f4b\"\r\n\r\n---------\r\n\r\nSigned-off-by: Michael Radka ","shortMessageHtmlLink":"Add Email Account type_id and Forwarding Address Support (#1179)"}},{"before":"43c7b363a504385e440754e19408322324e235ed","after":"bb09b1f2000fe77d008662fbe4b73c665d5d13a0","ref":"refs/heads/main","pushedAt":"2024-09-17T18:40:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"Vulnerability finding improvements (#1176)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n\r\n1. Adding a generalized Security Advisory object to the framework, to\r\nrepresent Apple SAs, Microsoft KB Articles and other vendor published\r\nadvisories\r\n2. Updating descriptions throughout Vulnerability object\r\n3. Adding related_cwes, related_cves, exploit_last_seen_time to the\r\nframework\r\n\r\n--\r\n\r\nDemonstrating use-case of the new advisory object\r\n\r\nOCSF Vuln Finding event, modelling Apple SA based finding.\r\n\r\n```\r\n{\r\n \"activity_id\": 1,\r\n \"activity_name\": \"Create\",\r\n \"resources\": {\r\n \"cloud_partition\": \"aws\", \r\n \"data\": { \r\n \"awsEc2Instance\": { \r\n \"type\": \"mac1.metal\",\r\n \"imageId\": \"ami-1234aa5678b90123b\",\r\n \"ipV4Addresses\": [\r\n \"10.0.0.2\"\r\n ],\r\n \"ipV6Addresses\": [],\r\n \"keyName\": \"Example-KeyPair\",\r\n \"iamInstanceProfileArn\": \"arn:aws:iam::1234567890123:instance-profile/MacSSMRole\",\r\n \"vpcId\": \"vpc-123456a7b8c90123d\",\r\n \"subnetId\": \"subnet-1a23456b7cd89d01a\",\r\n \"launchedAt\": \"2024-08-19T10:45:43.000Z\",\r\n \"platform\": \"MACOS\"\r\n },\r\n \"type\": \"AWS_EC2_INSTANCE\"\r\n },\r\n \"labels\": [\"Name: macOS-BigSur-Example\"], \r\n \"region\": \"us-east-1\",\r\n \"type\": \"AWS_EC2_INSTANCE\", \r\n \"uid\": \"i-123ab4c5678901d23\" \r\n }, \r\n \"category_name\": \"Findings\",\r\n \"category_uid\": 2,\r\n \"class_name\": \"Vulnerability Finding\",\r\n \"class_uid\": 2002,\r\n \"cloud\": {\r\n \"account\": {\r\n \"type_id\": 10, \r\n \"uid\": \"1234567890123\" \r\n },\r\n \"provider\": \"AWS\",\r\n \"region\": \"us-east-1\"\r\n },\r\n \"enrichments\": [\r\n {\r\n \"name\": \"vulnerabilities.advisory.uid\", \r\n \"value\": \"APPLE-SA-2022-12-13-6\", \r\n \"type\": \"Inspector Priority\",\r\n \"provider\": \"Amazon Inspector\",\r\n \"data\": { \r\n \"eeveePriority\": \"IMMEDIATE\",\r\n \"eeveePriorityIntelligence\": \"UNVERIFIED\"\r\n }\r\n }\r\n ],\r\n \"finding_info\": {\r\n \"created_time\": \"2023-04-20T22:01:25.133Z\", \r\n \"first_seen_time\": \"2023-04-20T22:01:25.133Z\", \r\n \"last_seen_time\": \"2024-08-19T10:45:58.815Z\",\r\n \"modified_time\": \"2024-08-19T10:45:58.815Z\", \r\n \"title\": \"APPLE-SA-2022-12-13-6 - macOS 11.7.1\",\r\n \"types\": [\r\n \"PACKAGE_VULNERABILITY\"\r\n ],\r\n \"uid\": \"arn:aws:inspector2:us-east-1:1234567890123:finding/4680fc060e62ccdbf7907f810d844c2b\"\r\n },\r\n \"metadata\": {\r\n \"product\": { \r\n \"name\": \"Amazon Inspector\"\r\n },\r\n \"version\": \"1.4.0-dev\" \r\n },\r\n \"severity\": \"Critical\", \r\n \"severity_id\": 5,\r\n \"status\": \"In Progress\",\r\n \"status_id\": 2,\r\n \"time\": \"2023-04-20T22:01:25.133Z\", \r\n \"type_name\": \"Vulnerability Finding: Create\",\r\n \"type_uid\": 200201,\r\n \"vulnerabilities\": [\r\n {\r\n \"affected_packages\": [ \r\n {\r\n \"architecture\": \"ALL\",\r\n \"epoch\": 0,\r\n \"fixed_in_version\": \"0:11.7.2\",\r\n \"name\": \"macOS\",\r\n \"remediation\": {\r\n \"desc\": \"softwareupdate --list\"\r\n },\r\n \"version\": \"11.7.1\"\r\n }\r\n ],\r\n \"advisory\": {\r\n \"created_time\": \"2022-12-13T12:00:00.000Z\", \r\n \"severity\": \"CRITICAL\", \r\n \"related_cves\": [ \r\n {\r\n \"uid\": \"CVE-2022-32942\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.8,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-32942\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"created_time\": \"2022-12-15T19:15:18Z\",\r\n \"desc\": \"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00097\", \r\n \"percentile\": 0.41423,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:59:08Z\"\r\n },\r\n {\r\n \"uid\": \"CVE-2022-42840\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.8,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42840\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"created_time\": \"2022-12-15T19:15:23Z\",\r\n \"desc\": \"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00097\", \r\n \"percentile\": 0.41423,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:59:23Z\"\r\n },\r\n {\r\n \"uid\": \"CVE-2022-42841\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.8,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42841\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"cwe\": [],\r\n \"created_time\": \"2022-12-15T19:15:32Z\",\r\n \"desc\": \"A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00108\", \r\n \"percentile\": 0.44515,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:59:32Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-42845\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.2,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42845\",\r\n \"vector_string\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"created_time\": \"2022-12-15T19:15:24Z\",\r\n \"desc\": \"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00648\", \r\n \"percentile\": 0.79742,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-11-07T03:53:38Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-46689\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.0,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-46689\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"cwe\": [\r\n \"CWE-362\"\r\n ],\r\n \"created_time\": \"2022-12-15T19:15:26Z\",\r\n \"desc\": \"A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00586\", \r\n \"percentile\": 0.78574,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:48:27Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-40304\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.8,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-40304\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"cwe\": [\r\n \"CWE-415\"\r\n ],\r\n \"created_time\": \"2022-11-23T19:15:26Z\",\r\n \"desc\": \"An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00089\", \r\n \"percentile\": 0.39013,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-11-07T03:52:15Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-42842\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 9.8,\r\n \"severity\": \"CRITICAL\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42842\",\r\n \"vector_string\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"created_time\": \"2022-11-23T19:15:26Z\",\r\n \"desc\": \"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.01213\", \r\n \"percentile\": 0.85593,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:48:27Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-42864\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.0,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42684\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"cwe\": [\r\n \"CWE-362\"\r\n ],\r\n \"created_time\": \"2022-11-23T19:15:26Z\",\r\n \"desc\": \"A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00127\", \r\n \"percentile\": 0.48284,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:48:27Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-40303\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 7.5,\r\n \"severity\": \"HIGH\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-40303\",\r\n \"vector_string\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"cwe\": [\r\n \"CWE-190\"\r\n ],\r\n \"created_time\": \"2022-11-23T19:15:26Z\",\r\n \"desc\": \"An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00499\", \r\n \"percentile\": 0.76752,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:48:27Z\"\r\n }, \r\n {\r\n \"uid\": \"CVE-2022-42821\",\r\n \"cvss\": [\r\n {\r\n \"base_score\": 5.5,\r\n \"severity\": \"MEDIUM\",\r\n \"source\": \"NVD\",\r\n \"source_url\": \"https://nvd.nist.gov/vuln/detail/CVE-2022-42821\",\r\n \"vector_string\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\r\n \"version\": \"CVSS3.1\"\r\n }\r\n ],\r\n \"created_time\": \"2022-11-23T19:15:26Z\",\r\n \"desc\": \"A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.\",\r\n \"epss\": {\r\n \"created_time\": \"2024-09-10T00:00:00+0000\", \r\n \"score\": \"0.00084\", \r\n \"percentile\": 0.36497,\r\n \"version\": \"v2023.03.01\"\r\n },\r\n \"modified_time\": \"2023-01-09T16:48:27Z\"\r\n }\r\n ],\r\n \"desc\": \"macOS Big Sur 11.7.2 addresses multiple issues. Information about the security content is available at: https://support.apple.com/HT213534\",\r\n \"uid\": \"APPLE-SA-2022-12-13-6\" \r\n },\r\n \"is_exploit_available\": false, \r\n \"is_fix_available\": true, \r\n \"references\": [\r\n \"https://lists.apple.com/archives/security-announce/2023/Jan/msg00013.html\",\r\n \"https://support.apple.com/HT213534\"\r\n ]\r\n }\r\n ]\r\n}\r\n\r\n```\r\n\r\n\r\nRaw Finding from Amazon Inspector -\r\n\r\n```\r\n{\r\n \"findingArn\": \"arn:aws:inspector2:us-east-1:1234567890123:finding/4680fc060e62ccdbf7907f810d844c2b\",\r\n \"awsAccountId\": \"1234567890123\",\r\n \"type\": \"PACKAGE_VULNERABILITY\",\r\n \"description\": \"macOS Big Sur 11.7.2 addresses multiple issues. Information about the security content is available at: https://support.apple.com/HT213534\",\r\n \"title\": \"APPLE-SA-2022-12-13-6 - macOS 11.7.1\",\r\n \"remediation\": {\r\n \"recommendation\": {\r\n \"text\": \"macOS Big Sur 11.7.2 may be obtained from the Mac App Store or Apple\\u0027s Software Downloads web site: https://support.apple.com/downloads\"\r\n }\r\n },\r\n \"severity\": \"CRITICAL\",\r\n \"firstObservedAt\": \"2023-04-20T22:01:25.133Z\",\r\n \"lastObservedAt\": \"2024-08-19T10:45:58.815Z\",\r\n \"updatedAt\": \"2024-08-19T10:45:58.815Z\",\r\n \"status\": \"ACTIVE\",\r\n \"resources\": [\r\n {\r\n \"type\": \"AWS_EC2_INSTANCE\",\r\n \"id\": \"i-123ab4c5678901d23\",\r\n \"partition\": \"aws\",\r\n \"region\": \"us-east-1\",\r\n \"tags\": {\r\n \"Name\": \"macOS-BigSur-Example\"\r\n },\r\n \"details\": {\r\n \"awsEc2Instance\": {\r\n \"type\": \"mac1.metal\",\r\n \"imageId\": \"ami-1234aa5678b90123b\",\r\n \"ipV4Addresses\": [\r\n \"10.0.0.2\"\r\n ],\r\n \"ipV6Addresses\": [],\r\n \"keyName\": \"Example-KeyPair\",\r\n \"iamInstanceProfileArn\": \"arn:aws:iam::1234567890123:instance-profile/MacSSMRole\",\r\n \"vpcId\": \"vpc-123456a7b8c90123d\",\r\n \"subnetId\": \"subnet-1a23456b7cd89d01a\",\r\n \"launchedAt\": \"2024-08-19T10:45:43.000Z\",\r\n \"platform\": \"MACOS\"\r\n }\r\n }\r\n }\r\n ],\r\n \"inspectorScoreDetails\": {},\r\n \"packageVulnerabilityDetails\": {\r\n \"vulnerabilityId\": \"APPLE-SA-2022-12-13-6\",\r\n \"vulnerablePackages\": [\r\n {\r\n \"name\": \"macOS\",\r\n \"version\": \"11.7.1\",\r\n \"epoch\": 0,\r\n \"arch\": \"ALL\",\r\n \"packageManager\": \"OS\",\r\n \"fixedInVersion\": \"0:11.7.2\",\r\n \"remediation\": \"softwareupdate --list\"\r\n }\r\n ],\r\n \"source\": \"MACOS\",\r\n \"cvss\": [],\r\n \"relatedVulnerabilities\": [\r\n \"CVE-2022-32942\",\r\n \"CVE-2022-42840\",\r\n \"CVE-2022-42841\",\r\n \"CVE-2022-42845\",\r\n \"CVE-2022-46689\",\r\n \"CVE-2022-40304\",\r\n \"CVE-2022-42842\",\r\n \"CVE-2022-42864\",\r\n \"CVE-2022-40303\",\r\n \"CVE-2022-42821\"\r\n ],\r\n \"sourceUrl\": \"https://support.apple.com/HT213534\",\r\n \"vendorSeverity\": \"UNTRIAGED\",\r\n \"vendorCreatedAt\": \"2022-12-13T12:00:00.000Z\",\r\n \"referenceUrls\": [\r\n \"https://lists.apple.com/archives/security-announce/2023/Jan/msg00013.html\",\r\n \"https://support.apple.com/HT213534\"\r\n ]\r\n },\r\n \"fixAvailable\": \"YES\",\r\n \"exploitAvailable\": \"NO\",\r\n \"exploitabilityDetails\": {\r\n \"lastKnownExploitAt\": \"\"\r\n }\r\n}\r\n```\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Vulnerability finding improvements (#1176)"}},{"before":"2ee6d3fc647aa4793948862e75b8f4c2c36c1c6c","after":"a6be91c67b5584010e3694886f2bcde4773df3b4","ref":"refs/heads/is_detection","pushedAt":"2024-09-13T22:03:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Updated for PR 1178 - is_detection.\n\nSigned-off-by: Paul Agbabian ","shortMessageHtmlLink":"Updated for PR 1178 - is_detection."}},{"before":"975b2738d46c175cdaecf305a966f7dd2e182123","after":"2ee6d3fc647aa4793948862e75b8f4c2c36c1c6c","ref":"refs/heads/is_detection","pushedAt":"2024-09-13T21:59:45.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Merge branch 'main' into is_detection","shortMessageHtmlLink":"Merge branch 'main' into is_detection"}},{"before":null,"after":"975b2738d46c175cdaecf305a966f7dd2e182123","ref":"refs/heads/is_detection","pushedAt":"2024-09-13T21:53:07.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Added the is_detection flag to the dictionary, the security_conttrol profile, and the detection_finding class.\n\nSigned-off-by: Paul Agbabian ","shortMessageHtmlLink":"Added the is_detection flag to the dictionary, the security_conttrol …"}},{"before":"2238718d9402c2fdf0a21f9ed9a49673c09633df","after":"43c7b363a504385e440754e19408322324e235ed","ref":"refs/heads/main","pushedAt":"2024-09-13T20:50:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"Strengthen the event_code description verbiage (#1175)\n\n#### Related Issue: N/A\r\n\r\n#### Description of changes:\r\n\r\nMinor but useful update to the `event_code` attribute description to\r\nindicate that it represents the event's code, id, or name that is used\r\nto primarily identify the event.\r\n\r\n\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/e5dee2b6-2bcc-4b55-8482-f65c1195a37a\"\r\n\r\nNote: since this is a description change, no need to update the\r\nCHANGELOG.\r\n\r\n---------\r\n\r\nSigned-off-by: Michael Radka ","shortMessageHtmlLink":"Strengthen the event_code description verbiage (#1175)"}},{"before":"0c28132ee0c9c33047b84b7af40564cf21c7d575","after":"2238718d9402c2fdf0a21f9ed9a49673c09633df","ref":"refs/heads/main","pushedAt":"2024-09-13T12:46:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Updating data type constraints (#1174)\n\n#### Related Issue: Discussed in the Weekly Call Sep 10, 2024.\r\n\r\n#### Description of changes:\r\n1. Removing max limits from `file_hash_t`, `resource_uid_t` & `string_t`\r\n2. Fixing datetime_t regex, to allow t/T , z/Z in the timestamp string,\r\nallowing supported variations as defined in the RFC3339 -\r\nhttps://www.rfc-editor.org/rfc/rfc3339#section-5.6\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Updating data type constraints (#1174)"}},{"before":"d4a370bacad5e3b0d2e736d0fe25bcb6d1ec312d","after":"0c28132ee0c9c33047b84b7af40564cf21c7d575","ref":"refs/heads/main","pushedAt":"2024-09-12T18:14:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Eliminated includes directory and associated metaschema (#1171)\n\n#### Related Issue: \r\n#1170 \r\n\r\n#### Description of changes:\r\nFollowing on from https://github.com/ocsf/ocsf-schema/pull/1167, this PR\r\nremoves the `includes/` folder and the associated `include` metaschema.\r\n\r\n### Delete once you have confirmed the following: \r\n1. Did you add a single line summary of changes to `Unreleased` section\r\nin the\r\n[CHANGELOG.md](https://github.com/ocsf/ocsf-schema/blob/main/CHANGELOG.md)\r\nfile?\r\n2. Have you followed the [contribution\r\nguidelines](https://github.com/ocsf/ocsf-schema/blob/main/CONTRIBUTING.md)?\r\n3. Did you run a local instance of the\r\n[ocsf-server](https://github.com/ocsf/ocsf-server) and ensure it ran\r\nwithout any errors/warnings?\r\n4. Is your PR title in sync with the description?\r\n\r\n---------\r\n\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Eliminated includes directory and associated metaschema (#1171)"}},{"before":"2540764270cc366d1d898617c75fc87b5eab36bc","after":"d4a370bacad5e3b0d2e736d0fe25bcb6d1ec312d","ref":"refs/heads/main","pushedAt":"2024-09-12T18:11:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"zschmerber","name":"Zach Schmerber","path":"/zschmerber","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13574947?s=80&v=4"},"commit":{"message":"Add array of environment variables for the \"process\" object. (#1172)\n\nAdding environment variables which frequently have security relevant\r\ncontent in them.\r\n\"Pasted\r\n\"Pasted\r\n\r\nSigned-off-by: Daniel Sabourov ","shortMessageHtmlLink":"Add array of environment variables for the \"process\" object. (#1172)"}},{"before":"c1ea8ff8876a540fc37eea822d88891619f0aefb","after":"2540764270cc366d1d898617c75fc87b5eab36bc","ref":"refs/heads/main","pushedAt":"2024-09-04T14:27:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Adding the Startup Application Query event class in the discovery category. (#1119)\n\nThe Startup Application Query class captures the results of a discovery\r\non target devices.\r\nThis class was refactored from a previous submission, while\r\nincorporating feedback from Paul.\r\n\r\n#### Description of changes:\r\nMade the Startup Application object more clear by factoring out\r\nunrelated items in the type_id list.\r\nThe list now describes only the type of application.\r\nA run_mode attribute was added as an array to capture the other items.\r\nAlso added a run_state to capture the state of the application at the\r\ntime the event was logged.\r\n\r\n---------\r\n\r\nSigned-off-by: maxhotta <116037141+maxhotta@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Adding the Startup Application Query event class in the discovery cat…"}},{"before":"2322992a47a52491e354ce4c2e5f240cc4588d7c","after":"c1ea8ff8876a540fc37eea822d88891619f0aefb","ref":"refs/heads/main","pushedAt":"2024-08-30T16:43:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"query-jeremy","name":"Jeremy Fisher","path":"/query-jeremy","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106115283?s=80&v=4"},"commit":{"message":"Expand `osint` object (#1168)\n\n#### Description of changes:\r\n\r\n- Add a handful of objects into the `osint` object: `file`,\r\n`reputation`, `subnet`, `script`\r\n- Add an additional enum to `osint.type_id` for File\r\n- Update Captions and Descriptions to reflect changes\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Expand osint object (#1168)"}},{"before":"4b841702d0333fc195cd15c72167156831520b21","after":"2322992a47a52491e354ce4c2e5f240cc4588d7c","ref":"refs/heads/main","pushedAt":"2024-08-29T18:04:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonrau-at-queryai","name":"Jonathan Rau","path":"/jonrau-at-queryai","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/139361268?s=80&v=4"},"commit":{"message":"Add evidences to Compliance Finding (#1157)\n\nWhen reporting Compliance Finding, we want to specify which File, API or\r\nDevice caused us to trigger the finding. For example, if we have a\r\nterraform file which creates an AWS ec2 instance with public 22 port, we\r\nwant to point to the file where we found the issue.\r\n\r\n#### Description of changes:\r\n* Add evidences to Compliance Finding\r\n\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Lukáš Křečan \r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Add evidences to Compliance Finding (#1157)"}},{"before":"eff55eb9a3b0088c9a90b832fa213e9ed69fcbfb","after":"4b841702d0333fc195cd15c72167156831520b21","ref":"refs/heads/main","pushedAt":"2024-08-28T17:16:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"General cleanup of metaschema (#1167)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n\r\n1. Sorting all event class definition files, renaming files wherever\r\nnecessary (making things consistent with class_name == file_name\r\nconvention)\r\n2. Removing includes folder to simplify reference chains in schema\r\ndefinition files\r\n3. Updating vscode metadata, metaschema files\r\n4. Updating contribution guide to remove references to includes dir\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"General cleanup of metaschema (#1167)"}},{"before":"d90dcfc076a58e4a1ff50a9e8fa6d9bd0b34e8ae","after":"eff55eb9a3b0088c9a90b832fa213e9ed69fcbfb","ref":"refs/heads/main","pushedAt":"2024-08-23T12:55:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Updated event classes, added missing categories. (#1163)\n\n#### Related Issue: \r\n #1162\r\n#### Description of changes:\r\nUpdated event classes, added missing categories. \r\nIt is not a critical problem, since all events that were missing\r\ncategory were extending higher level event. All higher level events have\r\ncategories specified. This update is for a consistency.","shortMessageHtmlLink":"Updated event classes, added missing categories. (#1163)"}},{"before":"fe3ec22c9f63345a1ce7ae76c37dcffc817390fc","after":"d90dcfc076a58e4a1ff50a9e8fa6d9bd0b34e8ae","ref":"refs/heads/main","pushedAt":"2024-08-22T17:31:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Added Script Activity event class. (#1159)\n\n#### Related Issue: \r\n\r\nhttps://github.com/ocsf/ocsf-schema/issues/1156\r\n\r\n#### Description of changes:\r\n\r\nAdded a Script Activity event class to the System category as described\r\nin the related issue.\r\n\r\nSigned-off-by: Dave McCormack \r\nCo-authored-by: Paul Agbabian ","shortMessageHtmlLink":"Added Script Activity event class. (#1159)"}},{"before":"9fb44653932d0cac9e67ebc1b4ebf7bf44905e88","after":"fe3ec22c9f63345a1ce7ae76c37dcffc817390fc","ref":"refs/heads/main","pushedAt":"2024-08-21T19:38:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"Fix grammar for *_permissions attributes (#1164)\n\n#### Related Issue: N/A\r\n\r\n#### Description of changes:\r\n\r\n1. Today, there are typos in the descriptions of these attributes:\r\n- `actual_permissions`: `The permissions that were granted to the in a\r\nplatform-native format.`\r\n- `requested_permissions`: `The permissions mask that were requested by\r\nthe process`\r\n\r\nThis PR cleans up the typos, and applies our `See specific usage`\r\nverbiage to the base dictionary descriptions.\r\n\r\nNOTE: Since this is simply a description update, no update to CHANGELOG\r\nshould be needed.\r\n\r\n---------\r\n\r\nSigned-off-by: Michael Radka \r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Fix grammar for *_permissions attributes (#1164)"}},{"before":"56bb644135b1eb522235690bcb2a5b37d32f33d5","after":"9fb44653932d0cac9e67ebc1b4ebf7bf44905e88","ref":"refs/heads/main","pushedAt":"2024-08-21T18:37:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonrau-at-queryai","name":"Jonathan Rau","path":"/jonrau-at-queryai","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/139361268?s=80&v=4"},"commit":{"message":"Expand applicability and direction of `cloud.account` and `cloud.org` & deprecate `project_uid` (#1166)\n\n#### Related Issue: \r\n\r\n#### Description of changes:\r\n\r\nAs per conversations with @floydtree and @zschmerber, some better\r\nguidance and applicability of existing `org` and `account` objects was\r\nrequired to account for the various ways that logical\r\ncompartmentalization are defined in various public cloud and SaaS tools.\r\n\r\nFor instance, GCP has Org -> Folder -> Project, OCI has Domain ->\r\nTenancy -> Compartment, AWS has Org -> OU -> Account, and various SaaS\r\ntools have high level compartmentalization such as Servicenow Instances,\r\nM365 Tenants, Salesforce Accounts, etc.\r\n\r\n- Deprecate `project_uid` as it was hyper-specific to GCP and doesn't\r\nfit other CSPs or SaaS, removed `project_uid` from `cloud`.\r\n- Update all descriptions within `org` and `account` to reflect the\r\napplicability to CSP and SaaS platforms with more examples for mappers.\r\n- Added several new `account.type_id` to reflect AWS Account-like\r\nequivalents for Azure, GCP, OCI, Salesforce, M365, and Servicenow.","shortMessageHtmlLink":"Expand applicability and direction of cloud.account and cloud.org…"}},{"before":"98f540947d6d17b9ab4002d4fd11bfa5c70e4c1b","after":"56bb644135b1eb522235690bcb2a5b37d32f33d5","ref":"refs/heads/main","pushedAt":"2024-08-21T17:21:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Minor addition to the cvss object (#1165)\n\n#### Related Issue: n/a\r\n\r\n#### Description of changes:\r\n1. Adding `vendor_name` to the `cvss` object to help represent the\r\nsource/vendor that provided the cvss scores.\r\n2. Snippet from a sample source event from Amazon Inspector\r\n\r\n```\r\n\"cvss\": [\r\n {\r\n \"baseScore\": 10,\r\n \"scoringVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\r\n \"version\": \"3.1\",\r\n \"source\": \"UBUNTU_CVE\"\r\n },\r\n {\r\n \"baseScore\": 10,\r\n \"scoringVector\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\r\n \"version\": \"3.1\",\r\n \"source\": \"NVD\"\r\n }\r\n ],\r\n\r\n```\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"Minor addition to the cvss object (#1165)"}},{"before":"a656184ff064ce388df6392ee15257cfa1181339","after":"98f540947d6d17b9ab4002d4fd11bfa5c70e4c1b","ref":"refs/heads/main","pushedAt":"2024-08-16T18:06:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"Change \"misspellings\" of identifier contraction \"Id\" to \"ID\" (#1160)\n\n#### Related Issue: \r\nNone\r\n\r\n#### Description of changes:\r\nChange occurrences of `Id` in `dictionary.json` to `ID`. There were\r\nthree (3) occurrences of `Id` in the dictionary, while the other 69 were\r\n`ID`.\r\n\r\nThis change affects `caption` and `description` fields only. No enum\r\ncaptions were changed. This has no affect on existing OCSF events, and\r\ndoes not represent a breaking change, including while validating events.\r\n\r\n### Delete once you have confirmed the following: \r\n1. Did you add a single line summary of changes to `Unreleased` section\r\nin the\r\n[CHANGELOG.md](https://github.com/ocsf/ocsf-schema/blob/main/CHANGELOG.md)\r\nfile?\r\n * **_Is this necessary for a typo fix?_** (2 reviewers say \"no\".)","shortMessageHtmlLink":"Change \"misspellings\" of identifier contraction \"Id\" to \"ID\" (#1160)"}},{"before":"2a999472b5e366982355f505db40faef494a629f","after":"a656184ff064ce388df6392ee15257cfa1181339","ref":"refs/heads/main","pushedAt":"2024-08-13T17:09:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mikeradka","name":"Mike Radka (Splunk)","path":"/mikeradka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91983279?s=80&v=4"},"commit":{"message":"`user` Object expansion and related Observables creation (#1155)\n\nExpands the `user` object to add relevant data that comes from various\r\nIdentity Providers or Directories while keep relevance with LDAP and\r\nMITRE D3FEND.\r\n\r\n- Add Observable `type_id` 31-35 for User UID, Group Name, Group UID,\r\nAccount Name, Account UID\r\n- Add `phone_number` to `user` and to `ldap_person` - this attribute can\r\nbe assigned to both or one or the other depending on the upstream\r\nsystem. For instance Entra ID or Okta\r\n- ~~Add `state_id` and `state` to `user` to represent the various states\r\nof a user record in a directory or IDP such as their provisioning\r\nstatus, (de)activation. This is 1:1 with Okta with an extra `Deleted`\r\nenum added for Google Workspace~~ Removed as #1136 already has a\r\nsolution\r\n- Add `has_mfa` Boolean to Dictionary and `user` object as a quick way\r\nto tell if a `user` has MFA/2FA enabled/assigned to them\r\n\r\n---------\r\n\r\nSigned-off-by: Jonathan Rau <139361268+jonrau-at-queryai@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"user Object expansion and related Observables creation (#1155)"}},{"before":"cde2c7f5b6a09a425abd2793fadb093b19c801c1","after":"2a999472b5e366982355f505db40faef494a629f","ref":"refs/heads/main","pushedAt":"2024-08-13T17:03:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonrau-at-queryai","name":"Jonathan Rau","path":"/jonrau-at-queryai","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/139361268?s=80&v=4"},"commit":{"message":"Create `OSINT Inventory Info` Discovery Event (#1154)\n\nAdds a `OSINT Inventory Info` event to the Discovery category to\r\nrepresent retrieval of OSINT, CTI, and other enrichment data from TIPs,\r\nXDRs, and other sources of OSINT/CTI\r\n\r\n---------\r\n\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Create OSINT Inventory Info Discovery Event (#1154)"}},{"before":"daa8f6945bcc26f4cdfb489261287409fe599061","after":null,"ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-13T16:25:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"}},{"before":"5b8f2ac2609e4a500f47da15e4270a099f44a846","after":"cde2c7f5b6a09a425abd2793fadb093b19c801c1","ref":"refs/heads/main","pushedAt":"2024-08-13T16:25:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Backwards Compatibility Workflow (#1115)\n\nThis PR does *not* change the OCSF. \r\n\r\nInstead, it enhances the pull request workflow:\r\n* The schema validator version can now be configured with a repository\r\nvariable, allowing repository owners to update the dependency without a\r\nPR.\r\n* A new backwards compatibility validation has been added using the\r\nschema compiler and compatibility validator in the\r\n[ocsf-lib](https://github.com/ocsf/ocsf-lib-py) project.\r\n\r\n---------\r\n\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":"Backwards Compatibility Workflow (#1115)"}},{"before":"b3d7c051efd2f022b38f8da9c7cf75544f71c4b9","after":"daa8f6945bcc26f4cdfb489261287409fe599061","ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-12T22:48:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"query-jeremy","name":"Jeremy Fisher","path":"/query-jeremy","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106115283?s=80&v=4"},"commit":{"message":"Default version bump","shortMessageHtmlLink":"Default version bump"}},{"before":"9e6417fde641de7a73d8ccaf8cf86c046b059e07","after":"b3d7c051efd2f022b38f8da9c7cf75544f71c4b9","ref":"refs/heads/validation-cleanup","pushedAt":"2024-08-12T19:03:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"Merge branch 'main' into validation-cleanup","shortMessageHtmlLink":"Merge branch 'main' into validation-cleanup"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":"5b8f2ac2609e4a500f47da15e4270a099f44a846","ref":"refs/heads/main","pushedAt":"2024-08-01T20:28:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"pagbabian-splunk","name":"Paul Agbabian","path":"/pagbabian-splunk","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/79343846?s=80&v=4"},"commit":{"message":"v1.4.0 prep (#1153)\n\n#### Related Issue: v1.4.0-dev!\r\n\r\n#### Description of changes:\r\n\r\n* Updating changelog \r\n* Updating the versions to 1.4.0-dev\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"v1.4.0 prep (#1153)"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":"c8bde8c4cc7e93bb4a36e873623bbe099da22fb5","ref":"refs/heads/v1.3.0","pushedAt":"2024-08-01T20:14:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":"v1.3.0 Release (#1152)\n\n#### Related Issue: n/a Releasing 1.3.0\r\n\r\n#### Description of changes:\r\n1. Updating core and platform extension versions.\r\n2. Updating Changelog.\r\n\r\n---------\r\n\r\nSigned-off-by: Rajas Panat ","shortMessageHtmlLink":"v1.3.0 Release (#1152)"}},{"before":null,"after":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","ref":"refs/heads/v1.3.0","pushedAt":"2024-08-01T18:57:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"},"commit":{"message":" adding state_id IDs (#1143)\n\nRelated Issue:\r\nMissing enable/disable state Ids\r\n\r\nDescription of changes:\r\nadded state id's to Device Config State Change Class.\r\n\r\nSigned-off-by: Sasha Selin (Cyrebro) (sasha.selin@cyrebro.io)\r\n\r\nFollowing closed PR #1076 (#1076), Ive created new PR to create\r\ndisable/enable state to \"device_config_state_change\" class.\r\n\r\nstate “disable/enable” is very common when it comes to FortiGate logs,\r\nespecially where the subtype=”system” and action=”add”.\r\nThe “status” field on this type of logs are represent the “cfgattr”\r\n(Configuration value changed) status.\r\n\r\nRaw log for example:\r\n\r\n<118>date=2024-05-01 time=11:43:38 devname=\"Test for OCSF\"\r\ndevid=\"FG11256985563\" eventtime=1714553018203018280 tz=\"+0300\"\r\nlogid=\"0100044547\" type=\"event\" subtype=\"system\" level=\"information\"\r\nvd=\"North\" logdesc=\"Object attribute configured\" user=\"SashaS\"\r\nui=\"GUI(192.168.190.54)\" action=\"Add\" cfgtid=10691505\r\ncfgpath=\"firewall.policy\" cfgobj=\"136\"\r\ncfgattr=\"status[disable]srcintf[OCSF-Test]dstintf[OCSF-Test]srcaddr[Sasha-selin-ocsf-test]dstaddr[Sasha-selin]srcaddr6[]dstaddr6[]src-vendor-mac[]action[accept]schedule[always]service[RDP]groups[]users[]fsso-groups[]comments[\r\n(Copy of 148)]custom-log-fields[]\" msg=\"Add firewall.policy 136\"\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/fcd7991a-aec8-4fe1-b511-3cc2173da6a8)\r\n\r\n---------\r\n\r\nSigned-off-by: SashaSelin <145011693+SashaSelin@users.noreply.github.com>\r\nSigned-off-by: Rajas <89877409+floydtree@users.noreply.github.com>\r\nCo-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>","shortMessageHtmlLink":" adding state_id IDs (#1143)"}},{"before":"856af7c30bd9bdf62b181a3dfae7a2096f910a4a","after":null,"ref":"refs/heads/1.3.0","pushedAt":"2024-08-01T18:56:55.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"floydtree","name":"Rajas","path":"/floydtree","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/89877409?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0yMFQxMzowMDoxOC4wMDAwMDBazwAAAAS79-Fo","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0yMFQxMzowMDoxOC4wMDAwMDBazwAAAAS79-Fo","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOC0wMVQxODo1Njo1NS4wMDAwMDBazwAAAASPebZZ"}},"title":"Activity · ocsf/ocsf-schema"}