qdm-1.2.0 Release Notes
Query's schema release process involves an automated process that compares proposed changes to the last stable version of the schema and preserves or deprecates key elements of older schemata. This allows Query to safely accept most changes from upstream OCSF without breaking customer configurations.
Here are the possible types of changes:
- Add
- An element was added in the new version.
- Remove
- An element was removed in the new version.
- Update
- Schema was updated in the new version.
- Preserve
- The schema changed, but the old version was preserved.
- Deprecate
- The schema changed, but the old version was deprecated rather than removed.
- Ignore
- A schema change was ignored because it is irrelevant to Query.
Below is a list of all changes in qdm-1.2.0. You may also jump straight to the summary.
| Action | Path | New Value | Cause |
|---|---|---|---|
| ADD | objects.data_classification | {'caption': 'Data Classification', 'description': 'The... | ADD |
| ADD | objects.autonomous_system | {'caption': 'Autonomous System', 'description': 'An... | ADD |
| ADD | objects.auth_factor | {'caption': 'Authentication Factor', 'description': 'An... | ADD |
| ADD | objects.unmapped | {'name': 'unmapped', 'caption': 'Unmapped',... | ADD |
| ADD | events.prefetch_query | {'caption': 'Prefetch Query', 'description': 'Prefetch... | ADD |
| ADD | events.registry_value_query | {'caption': 'Registry Value Query', 'description':... | ADD |
| ADD | events.registry_key_query | {'caption': 'Registry Key Query', 'description':... | ADD |
| ADD | events.tunnel_activity | {'caption': 'Tunnel Activity', 'category': 'network',... | ADD |
| ADD | events.peripheral_device_query | {'caption': 'Peripheral Device Query', 'description':... | ADD |
| ADD | events.session_query | {'caption': 'User Session Query', 'description': 'User... | ADD |
| ADD | events.user_query | {'caption': 'User Query', 'description': 'User Query... | ADD |
| REMOVE | events.registry_value_info | REMOVE | |
| REMOVE | events.prefetch_info | REMOVE | |
| REMOVE | events.registry_key_info | REMOVE | |
| ADD | objects.http_cookie.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.request.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.web_resource.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.web_resource.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.web_resource.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.web_resource.profiles | ['data_classification'] | ADD |
| ADD | objects.rule.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.feature.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.policy.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.data_security.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.data_security.attributes.category_id | {'description': 'The normalized identifier of the data... | ADD |
| ADD | objects.data_security.attributes.data_type.@deprecated | {'since': '1.2.0', 'message': 'Deprecated in upgrade... | ADD |
| ADD | objects.data_security.constraints | {'at_least_one': ['data_lifecycle_state_id',... | ADD |
| ADD | objects.data_security.attributes.data_type_id.@deprecated | {'since': '1.2.0', 'message': 'Deprecated in upgrade... | ADD |
| ADD | objects.data_security.attributes.category | {'description': 'The name of the data classification... | ADD |
| IGNORE | objects.data_security.extends | UPDATE | |
| UPDATE | objects.data_security.attributes.confidentiality_id.requirement | recommended | UPDATE |
| UPDATE | objects.data_security.attributes.policy.description | Details about the policy that triggered the finding. | UPDATE |
| ADD | objects._entity.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.email_auth.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.tactic.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.rpc_interface.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.endpoint_connection.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.network_traffic.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.tls.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.session.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.api.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cve.attributes.uid.observable | 18 | ADD |
| ADD | objects.cve.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.network_interface.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.vulnerability.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.os.attributes.country.observable | 14 | ADD |
| ADD | objects.os.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.databucket.profiles | ['data_classification'] | ADD |
| ADD | objects.databucket.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.databucket.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.databucket.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.http_header.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects._dns.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.query_info.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.managed_entity.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.location.attributes.lat | {'requirement': 'optional', 'caption': 'Latitude',... | ADD |
| ADD | objects.location.attributes.coordinates.@deprecated | {'message': 'Use specific <code> lat, long </code>... | ADD |
| ADD | objects.location.attributes.country.observable | 14 | ADD |
| ADD | objects.location.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.location.attributes.geohash | {'requirement': 'optional', 'caption': 'Geohash',... | ADD |
| ADD | objects.location.attributes.long | {'requirement': 'optional', 'caption': 'Longitude',... | ADD |
| UPDATE | objects.location.attributes.coordinates.requirement | optional | UPDATE |
| UPDATE | objects.location.constraints.at_least_one | ['city', 'country', 'postal_code', 'region'] | UPDATE |
| ADD | objects.resource_details.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.resource_details.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.resource_details.attributes.cloud | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | objects.resource_details.attributes.api | {'requirement': 'optional', 'group': 'context',... | ADD |
| ADD | objects.resource_details.profiles | ['cloud'] | ADD |
| ADD | objects.resource_details.attributes.$include | ['profiles/data_classification.json'] | ADD |
| UPDATE | objects.resource_details.attributes.agent_list.description | A list of <code>agent</code> objects associated with a... | UPDATE |
| ADD | objects.malware.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.kernel.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.http_response.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.device.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.device.attributes.agent_list.description | A list of <code>agent</code> objects associated with a... | UPDATE |
| ADD | objects.endpoint.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.endpoint.attributes.agent_list.description | A list of <code>agent</code> objects associated with a... | UPDATE |
| ADD | objects.cloud.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.file.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.file.profiles | ['data_classification'] | ADD |
| ADD | objects.file.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.file.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.actor.attributes.app_uid | {'description': 'The unique identifier of the client... | ADD |
| ADD | objects.actor.attributes.app_name | {'description': 'The client application or service that... | ADD |
| ADD | objects.actor.attributes.invoked_by.@deprecated | {'message': 'Use <code> app_name, app_uid </code>... | ADD |
| ADD | objects.actor.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.actor.constraints.at_least_one | ['process', 'user', 'invoked_by', 'session', 'app_name',... | UPDATE |
| UPDATE | objects.actor.description | The Actor object contains details about the user, role,... | UPDATE |
| ADD | objects.service.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.service.attributes.cmd_line.observable | 13 | ADD |
| ADD | objects.epss.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.metadata.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.metadata.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.metadata.profiles | ['data_classification'] | ADD |
| ADD | objects.metadata.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.kernel_driver.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.fingerprint.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.agent.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.network_connection_info.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.authorization.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.tls_extension.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.peripheral_device.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.display.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cis_benchmark_result.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cwe.attributes.uid.observable | 17 | ADD |
| ADD | objects.cwe.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.device_hw_info.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.container.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.network_proxy.attributes.autonomous_system | {'requirement': 'optional', 'caption': 'Autonomous... | ADD |
| ADD | objects.network_proxy.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.network_proxy.observable | 20 | UPDATE |
| UPDATE | objects.network_proxy.attributes.agent_list.description | A list of <code>agent</code> objects associated with a... | UPDATE |
| ADD | objects.account.attributes.labels | {'caption': 'Labels', 'description': 'The list of... | ADD |
| ADD | objects.account.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.object.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.ldap_person.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.technique.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.dns_query.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cis_csc.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.certificate.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.evidences.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.evidences.attributes.database | {'description': 'Describes details about the database... | ADD |
| ADD | objects.evidences.attributes.container | {'description': 'Describes details about the container... | ADD |
| ADD | objects.evidences.attributes.databucket | {'description': 'Describes details about the databucket... | ADD |
| UPDATE | objects.evidences.constraints.at_least_one | ['actor', 'api', 'connection_info', 'data', 'database',... | UPDATE |
| ADD | objects.user.attributes.risk_score | {'requirement': 'optional', 'caption': 'Risk Score',... | ADD |
| ADD | objects.user.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.user.attributes.risk_level | {'requirement': 'optional', 'caption': 'Risk Level',... | ADD |
| ADD | objects.user.attributes.risk_level_id | {'requirement': 'optional', 'caption': 'Risk Level ID',... | ADD |
| ADD | objects.kill_chain_phase.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.url.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.url.attributes.category_ids.description | The Website categorization identifiers. | UPDATE |
| ADD | objects.package.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.affected_code.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.attack.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.http_request.attributes.user_agent.observable | 16 | ADD |
| ADD | objects.http_request.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.database.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.database.profiles | ['data_classification'] | ADD |
| ADD | objects.database.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.database.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| UPDATE | objects.database.attributes.desc.description | The description of the database. | UPDATE |
| REMOVE | objects.database.attributes.type_id.enum.3.caption | UPDATE | |
| ADD | objects.table.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.remediation.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.security_state.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.metric.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.load_balancer.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cvss.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.job.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.job.attributes.cmd_line.observable | 13 | ADD |
| ADD | objects.analytic.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.digital_signature.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.logger.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.logger.attributes.transmit_time.description | The time when the event was transmitted from the logging... | UPDATE |
| ADD | objects.organization.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.reputation.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.dce_rpc.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.finding.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.module.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.observable.attributes.type_id.enum.14 | {'caption': 'Country', 'description': "The ISO 3166-1... | ADD |
| ADD | objects.observable.attributes.type_id.enum.15 | {'caption': 'Process ID', 'description': 'The process... | ADD |
| ADD | objects.observable.attributes.type_id.enum.17 | {'caption': 'CWE ID', 'description': 'The Common... | ADD |
| ADD | objects.observable.attributes.type_id.enum.16 | {'caption': 'HTTP User-Agent', 'description': 'The... | ADD |
| ADD | objects.observable.attributes.type_id.enum.18 | {'caption': 'CVE ID', 'description': 'The Common... | ADD |
| ADD | objects.observable.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.observable.attributes.type_id.enum.11 | {'caption': 'Port', 'description': 'The TCP/UDP port... | ADD |
| ADD | objects.observable.attributes.type_id.enum.12 | {'caption': 'Subnet', 'description': 'The subnet... | ADD |
| ADD | objects.observable.attributes.type_id.enum.13 | {'caption': 'Command Line', 'description': "The full... | ADD |
| ADD | objects.cis_control.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.email.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.email.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.email.profiles | ['data_classification'] | ADD |
| ADD | objects.email.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects._resource.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects._resource.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects._resource.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects._resource.profiles | ['data_classification'] | ADD |
| ADD | objects.hassh.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.process.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.process.attributes.pid.observable | 15 | ADD |
| ADD | objects.process.attributes.cmd_line.observable | 13 | ADD |
| UPDATE | objects.process.attributes.cmd_line.description | The full command line used to launch an application,... | UPDATE |
| ADD | objects.san.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.group.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.response.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.product.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.product.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.product.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.product.profiles | ['data_classification'] | ADD |
| ADD | objects.kb_article.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.enrichment.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.related_event.attributes.type_name | {'description': 'The type of the related OCSF event, as... | ADD |
| ADD | objects.related_event.attributes.type.@deprecated | {'message': 'Use <code>type_name</code> attribute... | ADD |
| ADD | objects.related_event.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.related_event.attributes.uid.description | The unique identifier of the related OCSF event. This... | UPDATE |
| UPDATE | objects.related_event.attributes.type.description | The type of the related event, as defined by... | UPDATE |
| UPDATE | objects.related_event.description | The Related Event object describes an OCSF event related... | UPDATE |
| UPDATE | objects.related_event.attributes.type_uid.description | The unique identifier of the related OCSF event type.... | UPDATE |
| ADD | objects.scan.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.cis_benchmark.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.keyboard_info.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.compliance.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.sub_technique.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.image.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.extension.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.dns_answer.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.idp.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.network_endpoint.attributes.autonomous_system | {'requirement': 'optional', 'caption': 'Autonomous... | ADD |
| ADD | objects.network_endpoint.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.network_endpoint.observable | 20 | UPDATE |
| UPDATE | objects.network_endpoint.attributes.agent_list.description | A list of <code>agent</code> objects associated with a... | UPDATE |
| ADD | objects.finding_info.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.firewall_rule.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.affected_package.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.threat_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.domain_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.reg_key.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.reg_value.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.win_resource.attributes.data_classification | {'group': 'context', 'requirement': 'recommended',... | ADD |
| ADD | objects.win_resource.attributes.$include | ['profiles/data_classification.json'] | ADD |
| ADD | objects.win_resource.profiles | ['data_classification'] | ADD |
| ADD | objects.win_resource.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.url_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| UPDATE | objects.url_intelligence.attributes.category_ids.description | The Website categorization identifiers. | UPDATE |
| ADD | objects.ip_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects.file_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | objects._base_threat_intelligence.attributes.unmapped | {'caption': 'Unmapped Data', 'description': 'The... | ADD |
| ADD | events.iam.attributes.http_request | {'description': 'Details about the underlying HTTP... | ADD |
| ADD | events.iam.attributes.unmapped.is_array | True | ADD |
| ADD | events.iam.attributes.src_endpoint | {'description': 'Details about the source of the IAM... | ADD |
| IGNORE | events.iam.attributes.class_uid.description | UPDATE | |
| UPDATE | events.iam.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.iam.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.iam.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.iam.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.file_hosting.attributes.unmapped.is_array | True | ADD |
| ADD | events.file_hosting.attributes.connection_info.group | context | ADD |
| UPDATE | events.file_hosting.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.file_hosting.attributes.class_uid.description | UPDATE | |
| UPDATE | events.file_hosting.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.file_hosting.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.file_hosting.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.resource_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.resource_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.resource_activity.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.resource_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.resource_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.resource_activity.attributes.status.requirement | recommended | UPDATE |
| ADD | events.discovery_result.attributes.unmapped.is_array | True | ADD |
| ADD | events.discovery_result.attributes.query_result_id | {'group': 'primary', 'requirement': 'required',... | ADD |
| ADD | events.discovery_result.attributes.query_result | {'group': 'primary', 'requirement': 'recommended',... | ADD |
| ADD | events.discovery_result.attributes.query_info | {'description': 'The search details associated with the... | ADD |
| UPDATE | events.discovery_result.attributes.status.requirement | recommended | UPDATE |
| REMOVE | events.discovery_result.attributes.activity_id.enum.1.caption | UPDATE | |
| UPDATE | events.discovery_result.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.discovery_result.attributes.class_uid.description | UPDATE | |
| UPDATE | events.discovery_result.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.discovery_result.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.user_access.attributes.unmapped.is_array | True | ADD |
| ADD | events.user_access.attributes.http_request | {'description': 'Details about the underlying HTTP... | ADD |
| ADD | events.user_access.attributes.src_endpoint | {'description': 'Details about the source of the IAM... | ADD |
| UPDATE | events.user_access.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.user_access.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.user_access.attributes.resource.requirement | recommended | UPDATE |
| UPDATE | events.user_access.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.user_access.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.user_access.attributes.class_uid.description | UPDATE | |
| ADD | events.registry_key_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.registry_key_activity.attributes.create_mask.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.registry_key_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.registry_key_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.open_mask.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.prev_reg_key.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.access_mask.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.registry_key_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.ssh_activity.attributes.file | {'description': 'The file that is the target of the SSH... | ADD |
| ADD | events.ssh_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.ssh_activity.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.ssh_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.ssh_activity.attributes.auth_type.requirement | recommended | UPDATE |
| UPDATE | events.ssh_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.ssh_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.ssh_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.ssh_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.ssh_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.ssh_activity.attributes.proxy.requirement | recommended | UPDATE |
| ADD | events.email_file_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.email_file_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.email_file_activity.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.email_file_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.email_file_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.email_file_activity.attributes.status.requirement | recommended | UPDATE |
| ADD | events.registry_value_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.registry_value_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.registry_value_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.registry_value_activity.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.registry_value_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.registry_value_activity.attributes.status.requirement | recommended | UPDATE |
| ADD | events.email_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.email_activity.attributes.dst_endpoint.requirement | recommended | UPDATE |
| UPDATE | events.email_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.email_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.email_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.email_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.email_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| IGNORE | events.email_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.detection_finding.attributes.risk_details | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.detection_finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.detection_finding.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.detection_finding.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.detection_finding.attributes.class_uid.description | UPDATE | |
| UPDATE | events.detection_finding.attributes.observables.requirement | recommended | UPDATE |
| ADD | events.dns_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.dns_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.rcode_id.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.dns_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| IGNORE | events.dns_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.dns_activity.attributes.rcode.requirement | recommended | UPDATE |
| ADD | events.ntp_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.ntp_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.ntp_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.dispersion.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.delay.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.stratum.requirement | recommended | UPDATE |
| IGNORE | events.ntp_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.ntp_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.ntp_activity.attributes.traffic.requirement | recommended | UPDATE |
| ADD | events.memory_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.memory_activity.attributes.actual_permissions.requirement | recommended | UPDATE |
| UPDATE | events.memory_activity.attributes.requested_permissions.requirement | recommended | UPDATE |
| UPDATE | events.memory_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.memory_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.memory_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.memory_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.memory_activity.attributes.status.requirement | recommended | UPDATE |
| ADD | events.inventory_info.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.inventory_info.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.inventory_info.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.inventory_info.attributes.class_uid.description | UPDATE | |
| UPDATE | events.inventory_info.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.inventory_info.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.network_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.network_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.network_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.network_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.network_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.url.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.compliance_finding.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.compliance_finding.attributes.class_uid.description | UPDATE | |
| UPDATE | events.compliance_finding.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.compliance_finding.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.compliance_finding.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.scheduled_job_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.scheduled_job_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.scheduled_job_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.scheduled_job_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.scheduled_job_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.scheduled_job_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.patch_state.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.patch_state.attributes.class_uid.description | UPDATE | |
| UPDATE | events.patch_state.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.patch_state.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.patch_state.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.patch_state.attributes.status.requirement | recommended | UPDATE |
| ADD | events.web_resource_access_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.web_resource_access_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.web_resource_access_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.web_resource_access_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.web_resource_access_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.web_resource_access_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.security_finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.security_finding.attributes.risk_score.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.confidence_score.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.impact_score.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.impact.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.risk_level.requirement | recommended | UPDATE |
| IGNORE | events.security_finding.attributes.class_uid.description | UPDATE | |
| UPDATE | events.security_finding.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.confidence.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.risk_level_id.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.security_finding.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.account_change.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.account_change.attributes.http_request.description | Details about the underlying HTTP request. | UPDATE |
| UPDATE | events.account_change.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.account_change.attributes.src_endpoint.description | Details about the source of the IAM activity. | UPDATE |
| IGNORE | events.account_change.attributes.class_uid.description | UPDATE | |
| UPDATE | events.account_change.attributes.user_result.requirement | recommended | UPDATE |
| UPDATE | events.account_change.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.account_change.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.account_change.attributes.status.requirement | recommended | UPDATE |
| ADD | events.ftp_activity.attributes.unmapped.is_array | True | ADD |
| ADD | events.ftp_activity.attributes.file | {'description': 'The file that is the target of the FTP... | ADD |
| IGNORE | events.ftp_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.ftp_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.ftp_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.ftp_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.ftp_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.ftp_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.ftp_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.ftp_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.discovery.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.discovery.attributes.class_uid.description | UPDATE | |
| UPDATE | events.discovery.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.discovery.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.discovery.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.discovery.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.http_activity.attributes.file | {'description': 'The file that is the target of the HTTP... | ADD |
| ADD | events.http_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.http_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| IGNORE | events.http_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.http_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.http_activity.attributes.http_cookies.requirement | recommended | UPDATE |
| ADD | events.datastore_activity.attributes.malware | {'requirement': 'optional', 'caption': 'Malware',... | ADD |
| ADD | events.datastore_activity.attributes.unmapped.is_array | True | ADD |
| ADD | events.datastore_activity.attributes.action_id | {'caption': 'Action ID', 'description': "The action... | ADD |
| ADD | events.datastore_activity.attributes.attacks | {'requirement': 'optional', 'caption': 'MITRE ATT&CK®... | ADD |
| ADD | events.datastore_activity.attributes.activity_id.enum.8 | {'caption': 'List', 'description': "The 'List' activity... | ADD |
| ADD | events.datastore_activity.attributes.action | {'caption': 'Action', 'description': 'The normalized... | ADD |
| ADD | events.datastore_activity.attributes.$include | ['profiles/security_control.json'] | ADD |
| ADD | events.datastore_activity.attributes.activity_id.enum.10 | {'caption': 'Decrypt', 'description': "The 'Decrypt'... | ADD |
| ADD | events.datastore_activity.attributes.authorizations | {'requirement': 'optional', 'caption': 'Authorization... | ADD |
| ADD | events.datastore_activity.attributes.firewall_rule | {'requirement': 'optional', 'caption': 'Firewall Rule',... | ADD |
| ADD | events.datastore_activity.attributes.type_uid.enum.600508 | {'caption': 'Datastore Activity: List'} | ADD |
| ADD | events.datastore_activity.attributes.type_uid.enum.600509 | {'caption': 'Datastore Activity: Encrypt'} | ADD |
| ADD | events.datastore_activity.attributes.activity_id.enum.9 | {'caption': 'Encrypt', 'description': "The 'Encrypt'... | ADD |
| ADD | events.datastore_activity.attributes.disposition | {'requirement': 'optional', 'caption': 'Disposition',... | ADD |
| ADD | events.datastore_activity.attributes.type_uid.enum.600510 | {'caption': 'Datastore Activity: Decrypt'} | ADD |
| ADD | events.datastore_activity.attributes.disposition_id | {'requirement': 'recommended', 'enum': {'99':... | ADD |
| IGNORE | events.datastore_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.datastore_activity.attributes.table.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.datastore_activity.profiles | UPDATE | |
| UPDATE | events.datastore_activity.attributes.dst_endpoint.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.http_request.requirement | recommended | UPDATE |
| UPDATE | events.datastore_activity.attributes.query_info.requirement | recommended | UPDATE |
| ADD | events.authentication.attributes.unmapped.is_array | True | ADD |
| ADD | events.authentication.attributes.auth_factors | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.authentication.attributes.activity_id.enum.6 | {'caption': 'Preauth', 'description': 'A... | ADD |
| ADD | events.authentication.attributes.logon_type_id.enum.1 | {'caption': 'System', 'description': 'Used only by the... | ADD |
| ADD | events.authentication.attributes.type_uid.enum.300206 | {'caption': 'Authentication: Preauth'} | ADD |
| UPDATE | events.authentication.attributes.src_endpoint.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.session.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.certificate.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.is_mfa.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.src_endpoint.description | Details about the source of the IAM activity. | UPDATE |
| UPDATE | events.authentication.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.auth_protocol.requirement | recommended | UPDATE |
| UPDATE | events.authentication.attributes.http_request.description | Details about the underlying HTTP request. | UPDATE |
| UPDATE | events.authentication.attributes.observables.requirement | recommended | UPDATE |
| REMOVE | events.authentication.attributes.logon_type_id.enum.0.caption | UPDATE | |
| IGNORE | events.authentication.attributes.class_uid.description | UPDATE | |
| UPDATE | events.authentication.attributes.logon_type.requirement | recommended | UPDATE |
| ADD | events.dhcp_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.dhcp_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.lease_dur.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.relay.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.dhcp_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.transaction_uid.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.is_renewal.requirement | recommended | UPDATE |
| UPDATE | events.dhcp_activity.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.dhcp_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.file_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.file_activity.attributes.file_result.requirement | recommended | UPDATE |
| IGNORE | events.file_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.file_activity.attributes.component.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.file_diff.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.create_mask.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.file_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.email_delivery_activity.attributes.unmapped.is_array | True | ADD |
| ADD | events.web_resources_activity.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.web_resources_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.web_resources_activity.attributes.web_resources_result.requirement | recommended | UPDATE |
| UPDATE | events.web_resources_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.web_resources_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.web_resources_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.web_resources_activity.attributes.observables.requirement | recommended | UPDATE |
| ADD | events.application_lifecycle.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.application_lifecycle.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.application_lifecycle.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.application_lifecycle.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.application_lifecycle.attributes.class_uid.description | UPDATE | |
| UPDATE | events.application_lifecycle.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.incident_finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.incident_finding.attributes.impact_score.requirement | recommended | UPDATE |
| UPDATE | events.incident_finding.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.incident_finding.attributes.verdict.requirement | recommended | UPDATE |
| UPDATE | events.incident_finding.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.incident_finding.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.incident_finding.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.incident_finding.attributes.class_uid.description | UPDATE | |
| UPDATE | events.incident_finding.attributes.impact.requirement | recommended | UPDATE |
| ADD | events.network_file_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.network_file_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.network_file_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.network_file_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.network_file_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.network_file_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.network_file_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.network_file_activity.attributes.proxy.requirement | recommended | UPDATE |
| IGNORE | events.network_file_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.entity_management.attributes.unmapped.is_array | True | ADD |
| ADD | events.entity_management.attributes.http_request | {'description': 'Details about the underlying HTTP... | ADD |
| ADD | events.entity_management.attributes.src_endpoint | {'description': 'Details about the source of the IAM... | ADD |
| UPDATE | events.entity_management.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.entity_management.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.entity_management.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.entity_management.attributes.entity_result.requirement | recommended | UPDATE |
| IGNORE | events.entity_management.attributes.class_uid.description | UPDATE | |
| UPDATE | events.entity_management.attributes.comment.requirement | recommended | UPDATE |
| UPDATE | events.entity_management.attributes.status.requirement | recommended | UPDATE |
| ADD | events.module_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.module_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.module_activity.attributes.status.requirement | recommended | UPDATE |
| IGNORE | events.module_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.module_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.module_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.process_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.process_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.exit_code.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.injection_type.requirement | recommended | UPDATE |
| IGNORE | events.process_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.process_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.injection_type_id.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.module.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.requested_permissions.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.process_activity.attributes.actual_permissions.requirement | recommended | UPDATE |
| ADD | events.group_management.attributes.http_request | {'description': 'Details about the underlying HTTP... | ADD |
| ADD | events.group_management.attributes.src_endpoint | {'description': 'Details about the source of the IAM... | ADD |
| ADD | events.group_management.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.group_management.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.group_management.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.group_management.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.group_management.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.group_management.attributes.resource.requirement | recommended | UPDATE |
| IGNORE | events.group_management.attributes.class_uid.description | UPDATE | |
| ADD | events.rdp_activity.attributes.unmapped.is_array | True | ADD |
| ADD | events.rdp_activity.attributes.file | {'description': 'The file that is the target of the RDP... | ADD |
| IGNORE | events.rdp_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.rdp_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.certificate_chain.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.rdp_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.rdp_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.network.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.network.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.network.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.network.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.network.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.network.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.network.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.network.attributes.class_uid.description | UPDATE | |
| UPDATE | events.network.attributes.traffic.requirement | recommended | UPDATE |
| ADD | events.kernel_extension.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.kernel_extension.attributes.class_uid.description | UPDATE | |
| UPDATE | events.kernel_extension.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.kernel_extension.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.kernel_extension.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.kernel_extension.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.user_inventory.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.user_inventory.attributes.class_uid.description | UPDATE | |
| UPDATE | events.user_inventory.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.user_inventory.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.user_inventory.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.user_inventory.attributes.observables.requirement | recommended | UPDATE |
| ADD | events.device_config_state_change.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.device_config_state_change.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.device_config_state_change.attributes.class_uid.description | UPDATE | |
| UPDATE | events.device_config_state_change.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.device_config_state_change.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.device_config_state_change.attributes.observables.requirement | recommended | UPDATE |
| ADD | events.api_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.api_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.api_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.api_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.api_activity.attributes.dst_endpoint.requirement | recommended | UPDATE |
| UPDATE | events.api_activity.attributes.http_request.requirement | recommended | UPDATE |
| UPDATE | events.api_activity.attributes.status.requirement | recommended | UPDATE |
| IGNORE | events.api_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.finding.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.finding.attributes.class_uid.description | UPDATE | |
| UPDATE | events.finding.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.finding.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.email_url_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.email_url_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.email_url_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.email_url_activity.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.email_url_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.email_url_activity.attributes.status_code.requirement | recommended | UPDATE |
| ADD | events.application.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.application.attributes.class_uid.description | UPDATE | |
| UPDATE | events.application.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.application.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.application.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.application.attributes.status.requirement | recommended | UPDATE |
| ADD | events.scan_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.scan_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.scan_activity.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.scan_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.scan_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.scan_activity.attributes.status.requirement | recommended | UPDATE |
| ADD | events.smb_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.smb_activity.attributes.share_type.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.app_name.description | The name of the application associated with the event or object. | UPDATE |
| UPDATE | events.smb_activity.attributes.share.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.traffic.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.proxy.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.smb_activity.attributes.class_uid.description | UPDATE | |
| UPDATE | events.smb_activity.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.tree_uid.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.smb_activity.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.config_state.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.config_state.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.config_state.attributes.class_uid.description | UPDATE | |
| UPDATE | events.config_state.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.config_state.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.config_state.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.vulnerability_finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.vulnerability_finding.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.vulnerability_finding.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.vulnerability_finding.attributes.observables.requirement | recommended | UPDATE |
| IGNORE | events.vulnerability_finding.attributes.class_uid.description | UPDATE | |
| ADD | events.base_event.attributes.unmapped.is_array | True | ADD |
| IGNORE | events.base_event.attributes.class_uid.description | UPDATE | |
| UPDATE | events.base_event.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.base_event.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.base_event.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.base_event.attributes.observables.requirement | recommended | UPDATE |
| ADD | events.kernel_activity.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.kernel_activity.attributes.status.requirement | recommended | UPDATE |
| UPDATE | events.kernel_activity.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.kernel_activity.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.kernel_activity.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.kernel_activity.attributes.class_uid.description | UPDATE | |
| ADD | events.system.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.system.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.system.attributes.status.requirement | recommended | UPDATE |
| IGNORE | events.system.attributes.class_uid.description | UPDATE | |
| UPDATE | events.system.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.system.attributes.status_detail.requirement | recommended | UPDATE |
| ADD | events.data_security_finding.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.data_security_finding.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.data_security_finding.attributes.status_code.requirement | recommended | UPDATE |
| UPDATE | events.data_security_finding.attributes.status_detail.requirement | recommended | UPDATE |
| IGNORE | events.data_security_finding.attributes.class_uid.description | UPDATE | |
| ADD | events.authorize_session.attributes.src_endpoint | {'description': 'Details about the source of the IAM... | ADD |
| ADD | events.authorize_session.attributes.http_request | {'description': 'Details about the underlying HTTP... | ADD |
| ADD | events.authorize_session.attributes.unmapped.is_array | True | ADD |
| UPDATE | events.authorize_session.attributes.status_detail.requirement | recommended | UPDATE |
| UPDATE | events.authorize_session.attributes.status_code.requirement | recommended | UPDATE |
| IGNORE | events.authorize_session.attributes.class_uid.description | UPDATE | |
| UPDATE | events.authorize_session.attributes.observables.requirement | recommended | UPDATE |
| UPDATE | events.authorize_session.attributes.status.requirement | recommended | UPDATE |
| ADD | dictionary.types.attributes.subnet_t.observable | 12 | ADD |
| ADD | dictionary.types.attributes.port_t.observable | 11 | ADD |
| ADD | dictionary.types.attributes.email_t.@deprecated | {'since': '1.2.0', 'message': 'Deprecated in upgrade... | ADD |
Change Summary
Back to top.
| Action | Total | Records | Record Properties | Attributes | Attribute Properties | Enum Members | Enum Member Properties |
|---|---|---|---|---|---|---|---|
| ADD | 297 | 11 | 184 | 184 | 264 | 0 | 17 |
| REMOVE | 6 | 3 | 6 | 0 | 3 | 3 | 3 |
| IGNORE | 57 | 0 | 56 | 0 | 55 | 0 | 0 |
| UPDATE | 336 | 0 | 70 | 0 | 328 | 0 | 0 |