Skip to content

Commit

Permalink
Merge pull request #469 from splunk/main
Browse files Browse the repository at this point in the history
Add missing user session attributes
  • Loading branch information
rroupski authored Feb 1, 2023
2 parents 5a74371 + 4fa43b3 commit af6412f
Show file tree
Hide file tree
Showing 6 changed files with 47 additions and 34 deletions.
6 changes: 3 additions & 3 deletions dictionary.json
Original file line number Diff line number Diff line change
Expand Up @@ -2616,8 +2616,8 @@
"type": "service"
},
"session": {
"caption": "Session",
"description": "This object describes details about an authenticated session. e.g. Session Creation Time, Session Issuer.",
"caption": "User Session",
"description": "The authenticated user session.",
"type": "session"
},
"severity": {
Expand Down Expand Up @@ -3031,7 +3031,7 @@
},
"vulnerabilities": {
"caption": "Vulnerabilities",
"description": "This object describes vulnerabilities reported in a security finding",
"description": "This object describes vulnerabilities reported in a security finding.",
"is_array": true,
"type": "vulnerability"
},
Expand Down
52 changes: 28 additions & 24 deletions events/audit/authentication.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,6 @@
"extends": "audit",
"name": "authentication",
"uid": 2,
"associations": {
"dst_endpoint": [
"user"
],
"user": [
"dst_endpoint"
],
"src_endpoint": [
"actor.user"
],
"actor.user": [
"src_endpoint"
]
},
"attributes": {
"activity_id": {
"enum": {
Expand Down Expand Up @@ -57,20 +43,11 @@
"group": "primary",
"requirement": "required"
},
"http_request":{
"http_request": {
"description": "Details about the underlying http request.",
"group": "context",
"requirement": "optional"
},
"mfa": {
"group": "primary",
"requirement": "optional"
},
"user": {
"description": "The target identity (user/role) to authenticate.",
"group": "primary",
"requirement": "required"
},
"is_cleartext": {
"group": "primary",
"requirement": "optional"
Expand All @@ -90,13 +67,40 @@
"group": "primary",
"requirement": "recommended"
},
"mfa": {
"group": "primary",
"requirement": "optional"
},
"session": {
"description": "The new session of the authenticated user.",
"requirement": "optional"
},
"src_endpoint": {
"description": "The Endpoint from which the authentication was requested.",
"group": "primary",
"requirement": "optional"
},
"status_detail": {
"description": "The details about the authentication request. For example, possible details for Windows logon or logoff events are:<ul><li>Success</li><ul><li>LOGOFF_USER_INITIATED</li><li>LOGOFF_OTHER</li></ul><li>Failure</li><ul><li>USER_DOES_NOT_EXIST</li><li>INVALID_CREDENTIALS</li><li>ACCOUNT_DISABLED</li><li>ACCOUNT_LOCKED_OUT</li><li>PASSWORD_EXPIRED</li></ul></ul>"
},
"user": {
"description": "The target identity (user/role) to authenticate.",
"group": "primary",
"requirement": "required"
}
},
"associations": {
"actor.user": [
"src_endpoint"
],
"dst_endpoint": [
"user"
],
"src_endpoint": [
"actor.user"
],
"user": [
"dst_endpoint"
]
}
}
4 changes: 4 additions & 0 deletions events/audit/authorization.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@
"group": "primary",
"requirement": "required"
},
"session": {
"description": "The modified user session.",
"requirement": "optional"
},
"user": {
"description": "The user to which new privileges were assigned.",
"group": "primary",
Expand Down
9 changes: 5 additions & 4 deletions objects/actor.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"description": "The actor object describes details about the user/role/process that was the source of the activity.",
"caption": "Actor",
"description": "The actor object describes details about the user/role/process that was the source of the activity.",
"name": "actor",
"attributes": {
"authorizations": {
Expand All @@ -12,13 +12,14 @@
"invoked_by": {
"requirement": "optional"
},
"session": {
"requirement": "optional"
},
"process": {
"description": "The process that initiated the activity.",
"requirement": "recommended"
},
"session": {
"description": "The user session from which the activity was initiated.",
"requirement": "optional"
},
"user": {
"description": "The user that initiated the activity or the user context from which the activity was initiated.",
"requirement": "recommended"
Expand Down
8 changes: 6 additions & 2 deletions objects/process.json
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@
"sandbox": {
"requirement": "optional"
},
"session": {
"description": "The user session under which this process is running.",
"requirement": "optional"
},
"terminated_time": {
"description": "The time when the process was terminated.",
"requirement": "optional"
Expand All @@ -81,8 +85,8 @@
"requirement": "recommended"
},
"user": {
"description": "The user context under which this process is running.",
"caption": "Process user context",
"description": "The user under which this process is running.",
"caption": "User",
"requirement": "recommended"
},
"xattributes": {
Expand Down
2 changes: 1 addition & 1 deletion version.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"version": "0.99.1"
"version": "0.99.2"
}

0 comments on commit af6412f

Please sign in to comment.