From 9768c343eca9e82e669fb32a280f8d7dfbd468f5 Mon Sep 17 00:00:00 2001
From: Michael Radka <mradka@splunk.com>
Date: Mon, 8 Jan 2024 14:00:38 -0500
Subject: [PATCH 1/4] #884 Add firewall, router, switch, utm, hub to endpoint
 types.

Signed-off-by: Michael Radka <mradka@splunk.com>
---
 objects/endpoint.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/objects/endpoint.json b/objects/endpoint.json
index e5e702701..b02603467 100644
--- a/objects/endpoint.json
+++ b/objects/endpoint.json
@@ -71,6 +71,19 @@
         },
         "8": {
           "caption": "Browser"
+        },
+        "9": {
+          "caption": "Firewall"
+        },
+        "10": {
+          "caption": "Switch"
+        },
+        "11": {
+          "caption": "UTM",
+          "description": "Unified Threat Management device"
+        },
+        "12": {
+          "caption": "Hub"
         }
       },
       "requirement": "recommended"

From 3e8c422deffb1c48ecabd68a665a932086c00936 Mon Sep 17 00:00:00 2001
From: Michael Radka <mradka@splunk.com>
Date: Mon, 8 Jan 2024 17:16:41 -0500
Subject: [PATCH 2/4] Add descriptions, remove UTM

Signed-off-by: Michael Radka <mradka@splunk.com>
---
 objects/endpoint.json | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/objects/endpoint.json b/objects/endpoint.json
index b02603467..43906cfc6 100644
--- a/objects/endpoint.json
+++ b/objects/endpoint.json
@@ -49,41 +49,48 @@
       "description": "The endpoint type ID.",
       "enum": {
         "1": {
-          "caption": "Server"
+          "caption": "Server",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Server/'>server</a>."
         },
         "2": {
-          "caption": "Desktop"
+          "caption": "Desktop",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:DesktopComputer/'>desktop computer</a>."
         },
         "3": {
-          "caption": "Laptop"
+          "caption": "Laptop",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:LaptopComputer/'>laptop computer</a>."
         },
         "4": {
-          "caption": "Tablet"
+          "caption": "Tablet",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:TabletComputer/'>tablet computer</a>."
         },
         "5": {
-          "caption": "Mobile"
+          "caption": "Mobile",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:MobilePhone/'>mobile phone</a>."
         },
         "6": {
-          "caption": "Virtual"
+          "caption": "Virtual",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:VirtualizationSoftware/'>virtual machine</a>."
         },
         "7": {
-          "caption": "IOT"
+          "caption": "IOT",
+          "description": "A <a target='_blank' href='https://www.techtarget.com/iotagenda/definition/IoT-device'>IOT (Internet of Things) device</a>."
         },
         "8": {
-          "caption": "Browser"
+          "caption": "Browser",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Browser/'>web browser</a>."
         },
         "9": {
-          "caption": "Firewall"
+          "caption": "Firewall",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Firewall/'>networking firewall</a>."
         },
         "10": {
-          "caption": "Switch"
+          "caption": "Switch",
+          "description": "A <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:Switch/'>networking switch</a>."
         },
         "11": {
-          "caption": "UTM",
-          "description": "Unified Threat Management device"
-        },
-        "12": {
-          "caption": "Hub"
+          "caption": "Hub",
+          "description": "A <a target='_blank' href='https://en.wikipedia.org/wiki/Ethernet_hub'>networking hub</a>."
         }
       },
       "requirement": "recommended"

From 2d831e300b634bf1fc46f8d3a78995e7237cda9e Mon Sep 17 00:00:00 2001
From: Michael Radka <mradka@splunk.com>
Date: Tue, 9 Jan 2024 10:52:25 -0500
Subject: [PATCH 3/4] Add is_vpn attribute to session object

Signed-off-by: Michael Radka <mradka@splunk.com>
---
 dictionary.json      | 5 +++++
 objects/session.json | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/dictionary.json b/dictionary.json
index bc50295ab..06f942904 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -1870,6 +1870,11 @@
       "description": "The event occurred on a trusted device.",
       "type": "boolean_t"
     },
+    "is_vpn": {
+      "caption": "VPN Session",
+      "description": "The indication of whether the session is a VPN session.",
+      "type": "boolean_t"
+    },
     "isp": {
       "caption": "ISP",
       "description": "The name of the Internet Service Provider (ISP).",
diff --git a/objects/session.json b/objects/session.json
index ba701109d..e14e108ca 100644
--- a/objects/session.json
+++ b/objects/session.json
@@ -21,6 +21,11 @@
     "is_mfa":{
       "requirement": "optional"
     },
+    "is_vpn": {
+      "caption": "VPN Session",
+      "description": "The indication of whether the session is a VPN session.",
+      "type": "boolean_t"
+    },
     "issuer": {
       "description": "The identifier of the session issuer.",
       "requirement": "recommended"

From aadd4d025799ac1cb134dd4eb7c02bee9e34d827 Mon Sep 17 00:00:00 2001
From: Michael Radka <mradka@splunk.com>
Date: Tue, 9 Jan 2024 11:07:42 -0500
Subject: [PATCH 4/4] Removing redundant fields, setting requirement

Signed-off-by: Michael Radka <mradka@splunk.com>
---
 objects/session.json | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/objects/session.json b/objects/session.json
index e14e108ca..9c97f43c3 100644
--- a/objects/session.json
+++ b/objects/session.json
@@ -22,9 +22,7 @@
       "requirement": "optional"
     },
     "is_vpn": {
-      "caption": "VPN Session",
-      "description": "The indication of whether the session is a VPN session.",
-      "type": "boolean_t"
+      "requirement": "optional"
     },
     "issuer": {
       "description": "The identifier of the session issuer.",