diff --git a/CHANGELOG.md b/CHANGELOG.md index fefdd8810..56b0b0629 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ Thankyou! --> 1. Added `Event Log Activity` event class. #1014 2. Added `Remediation Activity` `File Remediation Activity` `Process Remediation Activity` `Network Remediation Activity` event classes. #1066 3. Added `Windows Service Activity` event class to the Windows extension. #1103 + 4. Added `Software Inventory Info` event class to the Discovery category. #1134 * #### Profiles 1. Added `osint` Profile based on `osint` object. #992 * #### Objects @@ -301,4 +302,4 @@ Thankyou! --> ## [v1.0.0] -Initial release of OCSF. \ No newline at end of file +Initial release of OCSF. diff --git a/events/discovery/software_inventory_info.json b/events/discovery/software_inventory_info.json new file mode 100644 index 000000000..86e3f7aa2 --- /dev/null +++ b/events/discovery/software_inventory_info.json @@ -0,0 +1,31 @@ +{ + "caption": "Software Inventory Info", + "description": "Software Inventory Info events report device software inventory data that is either logged or proactively collected. For example, when collecting device information from a CMDB or running a network sweep of connected devices.", + "extends": "discovery", + "name": "software_info", + "uid": 20, + "profiles": [ + "host" + ], + "attributes": { + "actor": { + "group": "context", + "requirement": "optional" + }, + "device": { + "group": "primary", + "requirement": "required", + "description": "The device that is being discovered by an inventory process." + }, + "package": { + "group": "primary", + "requirement": "required", + "description": "The device software that is being discovered by an inventory process." + }, + "product": { + "group": "context", + "requirement": "optional", + "description": "Additional product attributes that have been discovered or enriched from a catalog or other external source." + } + } +}