From 2442e2c205848ee80eb25a570be0ac90a79e162c Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Fri, 28 Jun 2024 10:18:10 -0700 Subject: [PATCH 1/3] New software inventory class New class to capture software inventory data. Signed-off-by: Jason Reimer --- events/discovery/software_inventory_info.json | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 events/discovery/software_inventory_info.json diff --git a/events/discovery/software_inventory_info.json b/events/discovery/software_inventory_info.json new file mode 100644 index 000000000..995417183 --- /dev/null +++ b/events/discovery/software_inventory_info.json @@ -0,0 +1,31 @@ +{ + "caption": "Software Inventory Info", + "description": "Software Inventory Info events report device software inventory data that is either logged or proactively collected. For example, when collecting device information from a CMDB or running a network sweep of connected devices.", + "extends": "discovery", + "name": "software_info", + "uid": 20, + "profiles": [ + "host" + ], + "attributes": { + "actor": { + "group": "context", + "requirement": "optional" + }, + "device": { + "group": "primary", + "requirement": "required", + "description": "The device that is being discovered by an inventory process." + }, + "package": { + "group": "primary", + "requirement": "required", + "description": "The device software that is being discovered by an inventory process." + }, + "product": { + "group": "primary", + "requirement": "optional", + "description": "Additional product attributes that have been discovered or enriched from a catalog or other external source." + } + } +} From ae1e1703d996019fb64ad7e4587bcc8b796e6c93 Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Mon, 1 Jul 2024 09:25:38 -0700 Subject: [PATCH 2/3] fix group issue found in validation primary group to context for Product object. Signed-off-by: Jason Reimer --- events/discovery/software_inventory_info.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/events/discovery/software_inventory_info.json b/events/discovery/software_inventory_info.json index 995417183..86e3f7aa2 100644 --- a/events/discovery/software_inventory_info.json +++ b/events/discovery/software_inventory_info.json @@ -23,7 +23,7 @@ "description": "The device software that is being discovered by an inventory process." }, "product": { - "group": "primary", + "group": "context", "requirement": "optional", "description": "Additional product attributes that have been discovered or enriched from a catalog or other external source." } From 5e6779d6f9aa49a36181c041009428bc1207205e Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Tue, 2 Jul 2024 09:55:21 -0700 Subject: [PATCH 3/3] Update CHANGELOG.md for #1134 Update change log with details from PR 1134. Signed-off-by: Jason Reimer --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f2d9f5295..33a45272f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ Thankyou! --> 1. Added `Event Log Activity` event class. #1014 2. Added `Remediation Activity` `File Remediation Activity` `Process Remediation Activity` `Network Remediation Activity` event classes. #1066 3. Added `Windows Service Activity` event class to the Windows extension. #1103 + 4. Added `Software Inventory Info` event class to the Discovery category. #1134 * #### Profiles 1. Added `osint` Profile based on `osint` object. #992 * #### Objects @@ -297,4 +298,4 @@ Thankyou! --> ## [v1.0.0] -Initial release of OCSF. \ No newline at end of file +Initial release of OCSF.