Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enums with only the nominal values (0/99 or 99) in dictionary have 'See specific usage' in the description #1146

Merged
merged 2 commits into from
Jul 25, 2024
Merged

Enums with only the nominal values (0/99 or 99) in dictionary have 'See specific usage' in the description #1146

merged 2 commits into from
Jul 25, 2024

Conversation

mlmitch
Copy link
Contributor

@mlmitch mlmitch commented Jul 19, 2024
edited
Loading

This change was a suggestion from @pagbabian-splunk in #1111

After this PR, all enums that are defined in dictionary.json with only the nominal values (0/99 or 99) also have 'See specific usage' in the description.
The effect is that a warning will be generated by the OCSF server if these attributes are used without overriding the description.

The process for these changes was:

  • Decide if the attribute name is general enough to have other uses or not.
  • If the name is general enough, the definition in dictionary.json only has 0/99 and 'See specific usage' is in description. The use of the enum has the additional enum values and a description override.
  • If the name is very specific, then the whole enum definition is now in dictionary.json and the use of it only specifies optionality.

@mlmitch
Enum definitions refactored so generic enum descriptions have "See sp…
3c85501 
…ecific usage" in the description

`algorithm_id` description grammar tweaked

`classification_ids` definition details pushed down into it's specific use

`disposition_id` definition brought entirely into `dictionary.json`

`flag_ids` description has "See specific usage" added

`integrity_id` definition brought entirely into `dictionary.json`

`load_type_id` definition details pushed down into it's specific use

Signed-off-by: Mitchell Wasson <[email protected]>
@mlmitch mlmitch force-pushed the enum-definition-and-specific-usage branch from c0bd360 to 3c85501 Compare July 19, 2024 13:25
@mlmitch
Copy link
Contributor Author

mlmitch commented Jul 19, 2024

The one attribute I didn't touch with this change is activity_id. It is used in every event, so adding "See specific usage" to the definition in dictionary.json would mean overriding the description in every event.

I can add this, but I wanted to see if this would be a good addition before I do the typing.

@mikeradka mikeradka self-requested a review July 23, 2024 17:19
@floydtree floydtree added the v1.3.0 Changes marked for v1.3.0 of OCSF label Jul 23, 2024
@mlmitch mlmitch mentioned this pull request Jul 23, 2024
Open
@pagbabian-splunk pagbabian-splunk merged commit 819c74c into ocsf:main Jul 25, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikeradka mikeradka mikeradka approved these changes

@floydtree floydtree floydtree approved these changes

@pagbabian-splunk pagbabian-splunk pagbabian-splunk approved these changes

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

Assignees
No one assigned
Labels
v1.3.0 Changes marked for v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mlmitch @pagbabian-splunk @floydtree @mikeradka