ocsf · pagbabian-splunk · Dec 22, 2023 · Dec 7, 2023 · Dec 7, 2023 · Dec 19, 2023
@@ -1353,6 +1353,12 @@
       "description": "The end time of a time period. See specific usage.",
       "type": "timestamp_t"
     },
+    "endpoint_connections": {
+      "caption": "Endpoint Connections",
+      "description": "Contains information about network connection attempts. See specific usage.",
+      "is_array": true,
+      "type": "endpoint_connection"
+    },
     "enrichments": {
       "caption": "Enrichments",
       "description": "The additional information from an external data source, which is associated with the event or a finding. For example add location information for the IP address in the DNS answers:</p><code>[{\"name\": \"answers.ip\", \"value\": \"92.24.47.250\", \"type\": \"location\", \"data\": {\"city\": \"Socotra\", \"continent\": \"Asia\", \"coordinates\": [-25.4153, 17.0743], \"country\": \"YE\", \"desc\": \"Yemen\"}}]</code>",
@@ -2008,6 +2014,11 @@
       "description": "The name or identifier of the license applied on package or software. See <a target='_blank' href='https://spdx.org/licenses/'>SPDX License List</a>.",
       "type": "string_t"
     },
+    "load_balancer": {
+      "caption": "Load Balancer",
+      "description": "The Load Balancer object contains information related to the device that is distributing incoming traffic to specified destinations.",
+      "type": "load_balancer"
+    },
     "load_type": {
       "caption": "Load Type",
       "description": "The load type, normalized to the caption of the load_type_id value. In the case of 'Other', it is defined by the event source. It describes how the module was loaded in memory.",
@@ -2214,6 +2225,11 @@
       "description": "The network driver used by the container. For example, bridge, overlay, host, none, etc.",
       "type": "string_t"
     },
+    "network_endpoint": {
+      "caption": "Network Endpoint",
+      "description": "The Network Endpoint object describes characteristics of a network endpoint. See specific usage.",
+      "type": "network_endpoint"
+    },
     "network_interfaces": {
       "caption": "Network Interfaces",
       "description": "The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination.<p><b>Note:</b> The first element of the array is the network information that pertains to the event.</p>",

@@ -7,13 +7,15 @@
   "profiles": [
     "host",
     "network_proxy",
-    "security_control"
+    "security_control",
+    "load_balancer"
   ],
   "attributes": {
     "$include": [
       "profiles/host.json",
       "profiles/network_proxy.json",
-      "profiles/security_control.json"
+      "profiles/security_control.json",
+      "profiles/load_balancer.json"
     ],
     "activity_id": {
       "enum": {

@@ -0,0 +1,25 @@
+{
+    "caption": "Endpoint Connection",
+    "name": "endpoint_connection",
+    "description": "The Endpoint Connection object contains information detailing a connection attempt to an endpoint.",
+    "extends": "object",
+    "attributes": {
+        "code": { 
+            "caption": "Response Code",
+            "description": "A numerical response status code providing details about the connection.",
+            "requirement": "recommended"
+            },
+        "network_endpoint": {
+            "description": "Provides characteristics of the network endpoint.",
+            "requirement": "recommended"
+        }
+    },
+    "constraints": {
+        "at_least_one": [
+          "network_endpoint",
+          "code"
+        ]
+    }
+}
+
+
@@ -0,0 +1,57 @@
+{
+    "caption": "Load Balancer",
+    "name": "load_balancer",
+    "extends": "_entity", 
+    "description": "The load balancer object describes the load balancer entity and contains additional information regarding the distribution of traffic across a network.",
+    "attributes": {
+
+    "metrics": {
+        "caption": "Metrics",
+        "description": "General purpose metrics associated with the load balancer.",
+        "is_array": true,
+        "requirement": "optional"
+        },
+    "dst_endpoint": { 
+        "caption": "Destination Endpoint",
+        "description": "The destination to which the load balancer is distributing traffic.",
+        "requirement": "recommended"
+        },
+    "code": {
+        "caption": "Response Code",
+        "description": "The numeric response status code detailing the connection from the load balancer to the destination target.",
+        "requirement": "recommended"
+        },
+    "endpoint_connections":{
+        "caption": "Endpoint Connections",
+        "description": "An object detailing the load balancer connection attempts and responses.",
+        "requirement": "recommended"
+    },    
+    "classification": {
+        "caption": "Classification",
+        "description": "The request classification as defined by the load balancer.",
+        "requirement": "optional"
+        },
+    "status_detail": {
+        "caption": "Status Detail",
+        "description": "The status detail contains additional status information about the load balancer distribution event.",
+        "requirement": "optional"
+        },
+    "error_message": {
+        "caption": "Error Message",
+        "description": "The load balancer error message.",
+        "requirement": "optional"
+        },
+    "message": {
+        "caption": "Message",
+        "description": "The load balancer message.",
+        "requirement": "optional"
+        }, 
+    "name": {
+        "description": "The name of the load balancer."
+        },
+    "uid": {
+        "description": "The unique identifier for the load balancer."
+        }
+
+    }
+} 
@@ -0,0 +1,14 @@
+{
+    "description": "The attributes that describe information specific to load balancers.",
+    "meta": "profile",
+    "caption": "Load Balancer",
+    "name": "load_balancer",
+    "annotations": {
+    "group": "primary"
+  },
+    "attributes": {
+    "load_balancer": {
+        "requirement": "recommended" 
+        }
+    }
+}