qdm-1.3.0 Release Notes
Query's schema release process involves an automated process that compares proposed changes to the last stable version of the schema and preserves or deprecates key elements of older schemata. This allows Query to safely accept most changes from upstream OCSF without breaking customer configurations.
Here are the possible types of changes:
- Add
- An element was added in the new version.
- Remove
- An element was removed in the new version.
- Update
- Schema was updated in the new version.
- Preserve
- The schema changed, but the old version was preserved.
- Deprecate
- The schema changed, but the old version was deprecated rather than removed.
- Ignore
- A schema change was ignored because it is irrelevant to Query.
Below is a list of all changes in qdm-1.3.0. You may also jump straight to the summary.
| Action | Path | New Value | Cause |
|---|---|---|---|
| ADD | objects.whois | {'caption': 'WHOIS', 'description': 'The resources of a... | ADD |
| ADD | objects.ja4_fingerprint | {'caption': 'JA4+ Fingerprint', 'description': 'The JA4+... | ADD |
| ADD | objects.d3f_technique | {'caption': 'MITRE DEFEND™ Technique', 'description':... | ADD |
| ADD | objects.ticket | {'caption': 'Ticket', 'name': 'ticket', 'description':... | ADD |
| ADD | objects.d3f_tactic | {'caption': 'MITRE D3FEND™ Tactic', 'description': "The... | ADD |
| ADD | objects.d3fend | {'caption': 'MITRE D3FEND™', 'name': 'd3fend',... | ADD |
| ADD | objects.timespan | {'caption': 'Time Span', 'name': 'timespan',... | ADD |
| ADD | objects.osint | {'caption': 'OSINT', 'name': 'osint', 'description':... | ADD |
| ADD | objects.domain_contact | {'caption': 'Domain Contact', 'description': 'The... | ADD |
| ADD | objects.win_service | {'caption': 'Windows Service', 'description': 'The... | ADD |
| ADD | events.win_service_activity | {'caption': 'Windows Service Activity', 'description':... | ADD |
| ADD | events.software_info | {'caption': 'Software Inventory Info', 'description':... | ADD |
| ADD | events.osint_inventory_info | {'caption': 'OSINT Inventory Info', 'description':... | ADD |
| ADD | events.event_log | {'caption': 'Event Log Activity', 'description': "Event... | ADD |
| ADD | events.process_remediation_activity | {'caption': 'Process Remediation Activity',... | ADD |
| ADD | events.remediation_activity | {'caption': 'Remediation Activity', 'description':... | ADD |
| ADD | events.network_remediation_activity | {'caption': 'Network Remediation Activity',... | ADD |
| ADD | events.file_remediation_activity | {'caption': 'File Remediation Activity', 'description':... | ADD |
| REMOVE | objects.registry_key | REMOVE | |
| REMOVE | objects.registry_value | REMOVE | |
| UPDATE | objects.web_resource.attributes.name.requirement | recommended | UPDATE |
| UPDATE | objects.web_resource.attributes.uid.requirement | recommended | UPDATE |
| ADD | objects.policy.attributes.is_applied.requirement | recommended | ADD |
| ADD | objects.data_security.attributes.data_lifecycle_state_id.enum.99 | {'caption': 'Other', 'description': 'The data lifecycle... | ADD |
| DEPRECATE | objects.data_security.attributes.data_lifecycle_state_id.enum.0.description | The type is not mapped. See the... | UPDATE |
| UPDATE | objects.tactic.attributes.uid.description | The tactic ID that is associated with the attack... | UPDATE |
| UPDATE | objects.tactic.description | The MITRE ATT&CK® Tactic object describes the tactic ID... | UPDATE |
| UPDATE | objects.tactic.attributes.name.description | The tactic name that is associated with the attack... | UPDATE |
| UPDATE | objects.tactic.attributes.src_url.description | The versioned permalink of the attack tactic, as defined... | UPDATE |
| UPDATE | objects.tactic.caption | MITRE ATT&CK® Tactic | UPDATE |
| ADD | objects.session.attributes.credential_uid.observable | 19 | ADD |
| ADD | objects.managed_entity.attributes.policy | {'requirement': 'recommended', 'description': 'Describes... | ADD |
| ADD | objects.managed_entity.attributes.group | {'requirement': 'recommended', 'caption': 'Group',... | ADD |
| ADD | objects.managed_entity.attributes.device | {'requirement': 'recommended', 'caption': 'Device',... | ADD |
| ADD | objects.managed_entity.attributes.email | {'requirement': 'recommended', 'caption': 'Email',... | ADD |
| ADD | objects.managed_entity.attributes.user | {'requirement': 'recommended', 'caption': 'User',... | ADD |
| ADD | objects.managed_entity.attributes.type_id | {'requirement': 'recommended', 'description': 'The type... | ADD |
| ADD | objects.managed_entity.attributes.org | {'requirement': 'recommended', 'caption':... | ADD |
| UPDATE | objects.managed_entity.description | The Managed Entity object describes the type and version... | UPDATE |
| UPDATE | objects.managed_entity.constraints.at_least_one | ['name', 'uid', 'device', 'group', 'org', 'policy', 'user'] | UPDATE |
| UPDATE | objects.resource_details.attributes.name.requirement | recommended | UPDATE |
| UPDATE | objects.resource_details.attributes.uid.requirement | recommended | UPDATE |
| ADD | objects.malware.attributes.classification_ids.enum.0.description | The classification is unknown. | ADD |
| ADD | objects.malware.attributes.classification_ids.enum.99.description | The classification is not mapped. See the... | ADD |
| UPDATE | objects.malware.attributes.classifications.description | The list of malware classifications, normalized to the... | UPDATE |
| ADD | objects.device.attributes.type_id.enum.12 | {'caption': 'Router', 'description': "A <a... | ADD |
| ADD | objects.device.attributes.type_id.enum.13 | {'caption': 'IDS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.device.attributes.type_id.enum.15 | {'caption': 'Load Balancer', 'description': "A <a... | ADD |
| ADD | objects.device.attributes.boot_time | {'description': 'The time the system was booted.',... | ADD |
| ADD | objects.device.attributes.uid_alt.requirement | optional | ADD |
| ADD | objects.device.attributes.risk_level_id.enum.99 | {'caption': 'Other', 'description': 'The risk level is... | ADD |
| ADD | objects.device.attributes.type_id.enum.14 | {'caption': 'IPS', 'description': "An <a target='_blank'... | ADD |
| UPDATE | objects.device.attributes.risk_level.description | The risk level, normalized to the caption of the... | UPDATE |
| UPDATE | objects.device.attributes.name.requirement | optional | UPDATE |
| DEPRECATE | objects.device.attributes.type_id.enum.7.description | A <a target='_blank'... | UPDATE |
| UPDATE | objects.device.attributes.type.requirement | recommended | UPDATE |
| UPDATE | objects.device.attributes.ip.requirement | optional | UPDATE |
| ADD | objects.endpoint.attributes.type_id.enum.13 | {'caption': 'IDS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.endpoint.attributes.type_id.enum.15 | {'caption': 'Load Balancer', 'description': "A <a... | ADD |
| ADD | objects.endpoint.attributes.type_id.enum.14 | {'caption': 'IPS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.endpoint.attributes.type_id.enum.12 | {'caption': 'Router', 'description': "A <a... | ADD |
| DEPRECATE | objects.endpoint.attributes.type_id.enum.7.description | A <a target='_blank'... | UPDATE |
| ADD | objects.cloud.attributes.project_uid.@deprecated | {'message': 'Use the <code> account.uid </code>... | ADD |
| UPDATE | objects.cloud.description | The Cloud object contains information about a cloud or... | UPDATE |
| ADD | objects.file.attributes.ext | {'caption': 'File Extension', 'description': 'The... | ADD |
| ADD | objects.service.attributes.run_state_id.enum.99 | {'caption': 'Other', 'description': 'The run state is... | ADD |
| ADD | objects.metadata.attributes.loggers.requirement | optional | ADD |
| UPDATE | objects.metadata.attributes.profiles.description | The list of profiles used to create the event. Profiles... | UPDATE |
| ADD | objects.network_connection_info.attributes.uid.requirement | recommended | ADD |
| ADD | objects.network_connection_info.attributes.protocol_ver_id.requirement | recommended | ADD |
| ADD | objects.network_connection_info.attributes.boundary_id.requirement | recommended | ADD |
| ADD | objects.network_connection_info.attributes.protocol_ver.requirement | optional | ADD |
| ADD | objects.network_connection_info.attributes.boundary.requirement | optional | ADD |
| ADD | objects.network_connection_info.attributes.protocol_ver_id.enum.99.description | The protocol version is not mapped. See the... | ADD |
| ADD | objects.network_connection_info.attributes.tcp_flags.requirement | optional | ADD |
| ADD | objects.network_connection_info.attributes.protocol_name.requirement | recommended | ADD |
| ADD | objects.network_connection_info.attributes.protocol_ver_id.enum.0.description | The protocol version is unknown. | ADD |
| ADD | objects.authorization.attributes.policy.requirement | optional | ADD |
| ADD | objects.authorization.attributes.decision.requirement | recommended | ADD |
| ADD | objects.network_proxy.attributes.type_id.enum.15 | {'caption': 'Load Balancer', 'description': "A <a... | ADD |
| ADD | objects.network_proxy.attributes.type_id.enum.14 | {'caption': 'IPS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.network_proxy.attributes.type_id.enum.13 | {'caption': 'IDS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.network_proxy.attributes.type_id.enum.12 | {'caption': 'Router', 'description': "A <a... | ADD |
| DEPRECATE | objects.network_proxy.attributes.type_id.enum.7.description | A <a target='_blank'... | UPDATE |
| ADD | objects.account.attributes.type_id.enum.12 | {'caption': 'OCI Compartment'} | ADD |
| ADD | objects.account.attributes.type_id.enum.13 | {'caption': 'Azure Subscription'} | ADD |
| ADD | objects.account.attributes.type_id.enum.16 | {'caption': 'Servicenow Instance'} | ADD |
| ADD | objects.account.attributes.type_id.enum.15 | {'caption': 'Google Workspace'} | ADD |
| ADD | objects.account.attributes.type_id.enum.17 | {'caption': 'M365 Tenant'} | ADD |
| ADD | objects.account.attributes.type_id.enum.14 | {'caption': 'Salesforce Account'} | ADD |
| ADD | objects.account.attributes.type_id.enum.11 | {'caption': 'GCP Project'} | ADD |
| ADD | objects.account.attributes.name.observable | 34 | ADD |
| ADD | objects.account.attributes.uid.observable | 35 | ADD |
| UPDATE | objects.account.attributes.name.description | The name of the account (e.g. <code> GCP Project name... | UPDATE |
| UPDATE | objects.account.description | The Account object contains details about the account... | UPDATE |
| UPDATE | objects.account.attributes.uid.description | The unique identifier of the account (e.g. <code> AWS... | UPDATE |
| ADD | objects.ldap_person.attributes.phone_number | {'caption': 'Telephone Number', 'description': 'The... | ADD |
| UPDATE | objects.technique.caption | MITRE ATT&CK® Technique | UPDATE |
| UPDATE | objects.technique.description | The MITRE ATT&CK® Technique object describes the... | UPDATE |
| UPDATE | objects.technique.attributes.uid.description | The unique identifier of the attack technique, as... | UPDATE |
| UPDATE | objects.technique.attributes.name.description | The name of the attack technique, as defined by <a... | UPDATE |
| UPDATE | objects.technique.attributes.src_url.description | The versioned permalink of the attack technique, as... | UPDATE |
| ADD | objects.dns_query.attributes.opcode_id.enum.99 | {'caption': 'Other', 'description': 'The DNS Opcode is... | ADD |
| UPDATE | objects.dns_query.attributes.opcode_id.description | The DNS opcode ID specifies the normalized query message... | UPDATE |
| ADD | objects.certificate.attributes.is_self_signed | {'requirement': 'recommended', 'caption': 'Certificate... | ADD |
| ADD | objects.evidences.attributes.email | {'description': 'The email object associated to the... | ADD |
| ADD | objects.evidences.attributes.user | {'description': 'Describes details about the user that... | ADD |
| ADD | objects.evidences.attributes.device | {'description': 'An addressable device, computer system... | ADD |
| ADD | objects.evidences.attributes.job | {'description': 'Describes details about the scheduled... | ADD |
| ADD | objects.evidences.attributes.url | {'description': 'The URL object that pertains to the... | ADD |
| ADD | objects.evidences.attributes.win_service | {'description': 'Describes details about the Windows... | ADD |
| ADD | objects.evidences.attributes.reg_value | {'description': 'Describes details about the registry... | ADD |
| ADD | objects.evidences.attributes.reg_key | {'description': 'Describes details about the registry... | ADD |
| UPDATE | objects.evidences.caption | Windows Evidence Artifacts | UPDATE |
| IGNORE | objects.evidences.extends | UPDATE | |
| UPDATE | objects.evidences.description | Extends the evidences object to add Windows specific fields | UPDATE |
| UPDATE | objects.evidences.constraints.at_least_one | ['actor', 'api', 'connection_info', 'data', 'database',... | UPDATE |
| ADD | objects.user.attributes.has_mfa | {'requirement': 'recommended', 'caption': 'MFA... | ADD |
| ADD | objects.user.attributes.credential_uid.observable | 19 | ADD |
| ADD | objects.user.attributes.phone_number | {'caption': 'Telephone Number', 'description': 'The... | ADD |
| ADD | objects.user.attributes.risk_level_id.enum.99 | {'caption': 'Other', 'description': 'The risk level is... | ADD |
| ADD | objects.user.attributes.uid.observable | 31 | ADD |
| UPDATE | objects.user.attributes.risk_level.description | The risk level, normalized to the caption of the... | UPDATE |
| ADD | objects.url.attributes.domain | {'description': 'The domain portion of the URL. For... | ADD |
| ADD | objects.url.attributes.categories.requirement | optional | ADD |
| ADD | objects.url.attributes.resource_type.requirement | optional | ADD |
| ADD | objects.package.attributes.cpe_name | {'requirement': 'optional', 'caption': 'The product CPE... | ADD |
| ADD | objects.package.attributes.hash | {'description': 'Cryptographic hash to identify the... | ADD |
| ADD | objects.package.attributes.vendor_name | {'description': 'The name of the vendor who published... | ADD |
| ADD | objects.package.attributes.type_id | {'description': 'The type of software package.', 'enum':... | ADD |
| ADD | objects.package.attributes.type | {'description': "The type of software package,... | ADD |
| UPDATE | objects.attack.attributes.tactic.description | The Tactic object describes the tactic ID and/or name... | UPDATE |
| UPDATE | objects.attack.attributes.sub_technique.description | The Sub Technique object describes the sub technique ID... | UPDATE |
| UPDATE | objects.attack.attributes.tactics.description | The Tactic object describes the tactic ID and/or tactic... | UPDATE |
| UPDATE | objects.attack.attributes.technique.description | The Technique object describes the technique ID and/or... | UPDATE |
| UPDATE | objects.attack.attributes.version.description | The <a target='_blank'... | UPDATE |
| UPDATE | objects.attack.description | The <a target='_blank'... | UPDATE |
| ADD | objects.security_state.attributes.state_id.requirement | recommended | ADD |
| ADD | objects.security_state.attributes.state.requirement | optional | ADD |
| ADD | objects.load_balancer.attributes.ip | {'description': 'The IP address of the load balancer... | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.3 | {'caption': 'Medium'} | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.99 | {'caption': 'Other', 'description': 'The integrity level... | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.4 | {'caption': 'High'} | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.0.description | The integrity level is unknown. | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.6 | {'caption': 'Protected'} | ADD |
| ADD | objects.cvss.attributes.integrity_id.enum.5 | {'caption': 'System'} | ADD |
| ADD | objects.job.attributes.run_state_id.enum.0.description | The run state is unknown. | ADD |
| ADD | objects.job.attributes.run_state_id.enum.99.description | The run state is not mapped. See the... | ADD |
| ADD | objects.analytic.attributes.type_id.enum.4 | {'caption': 'Learning (ML/DL)', 'description': 'Learning... | ADD |
| ADD | objects.digital_signature.attributes.state_id | {'description': 'The normalized identifier of the... | ADD |
| ADD | objects.digital_signature.attributes.state | {'description': "The digital signature state defines the... | ADD |
| ADD | objects.logger.attributes.logged_time.requirement | recommended | ADD |
| UPDATE | objects.organization.description | The Organization object describes characteristics of an... | UPDATE |
| UPDATE | objects.organization.attributes.ou_name.description | The name of an organizational unit, Google Cloud Folder,... | UPDATE |
| UPDATE | objects.organization.attributes.ou_uid.description | The unique identifier of an organizational unit, Google... | UPDATE |
| UPDATE | objects.organization.attributes.name.description | The name of the organization, Oracle Cloud Tenancy,... | UPDATE |
| UPDATE | objects.organization.attributes.uid.description | The unique identifier of the organization, Oracle Cloud... | UPDATE |
| ADD | objects.module.attributes.load_type_id.enum.99.description | The load type is not mapped. See the... | ADD |
| ADD | objects.module.attributes.load_type_id.enum.0.description | The load type is unknown. | ADD |
| UPDATE | objects.module.attributes.load_type_id.description | The normalized identifier for how the module was loaded... | UPDATE |
| UPDATE | objects.module.attributes.load_type.description | The load type, normalized to the caption of the... | UPDATE |
| ADD | objects.observable.attributes.type_id.enum.32 | {'caption': '', 'description': 'The group name.'} | ADD |
| ADD | objects.observable.attributes.type_id.enum.33 | {'caption': '', 'description': 'The unique identifier of... | ADD |
| ADD | objects.observable.attributes.type_id.enum.34 | {'caption': '', 'description': 'The name of the account... | ADD |
| ADD | objects.observable.attributes.type_id.enum.35 | {'caption': '', 'description': 'The unique identifier of... | ADD |
| ADD | objects.observable.attributes.type_id.enum.19 | {'caption': 'User Credential ID', 'description': "The... | ADD |
| ADD | objects.observable.attributes.type_id.enum.31 | {'caption': '', 'description': 'The unique user... | ADD |
| UPDATE | objects._resource.attributes.uid.requirement | recommended | UPDATE |
| UPDATE | objects._resource.attributes.name.requirement | recommended | UPDATE |
| ADD | objects.process.attributes.integrity_id.enum.99.description | The integrity level is not mapped. See the... | ADD |
| ADD | objects.process.attributes.integrity_id.enum.0.description | The integrity level is unknown. | ADD |
| UPDATE | objects.process.attributes.integrity.description | The process integrity level, normalized to the caption... | UPDATE |
| ADD | objects.group.attributes.uid.observable | 33 | ADD |
| ADD | objects.group.attributes.name.observable | 32 | ADD |
| ADD | objects.product.attributes.url_string.requirement | optional | ADD |
| ADD | objects.product.attributes.path.requirement | optional | ADD |
| ADD | objects.product.attributes.feature.requirement | optional | ADD |
| ADD | objects.kb_article.attributes.install_state | {'description': 'The install state of the kb article.',... | ADD |
| ADD | objects.kb_article.attributes.avg_timespan | {'description': 'The average time to patch.',... | ADD |
| ADD | objects.kb_article.attributes.install_state_id | {'description': 'The normalized install state ID of the... | ADD |
| ADD | objects.enrichment.attributes.desc | {'description': 'A long description of the enrichment... | ADD |
| ADD | objects.enrichment.attributes.reputation | {'description': 'The reputation of the enrichment... | ADD |
| ADD | objects.enrichment.attributes.src_url | {'description': 'The URL of the source of the enrichment... | ADD |
| ADD | objects.enrichment.attributes.created_time | {'description': 'The time when the enrichment data was... | ADD |
| ADD | objects.enrichment.attributes.short_desc | {'description': 'A short description of the enrichment... | ADD |
| ADD | objects.compliance.attributes.compliance_references | {'requirement': 'optional', 'caption': 'Complaince... | ADD |
| ADD | objects.compliance.attributes.compliance_standards | {'requirement': 'optional', 'caption': 'Compliance... | ADD |
| PRESERVE | objects.compliance.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | objects.sub_technique.caption | MITRE ATT&CK® Sub Technique | UPDATE |
| UPDATE | objects.sub_technique.attributes.src_url.description | The versioned permalink of the attack sub technique, as... | UPDATE |
| UPDATE | objects.sub_technique.description | The MITRE ATT&CK® Sub Technique object describes the sub... | UPDATE |
| UPDATE | objects.sub_technique.attributes.name.description | The name of the attack sub technique, as defined by <a... | UPDATE |
| UPDATE | objects.sub_technique.attributes.uid.description | The unique identifier of the attack sub technique, as... | UPDATE |
| ADD | objects.dns_answer.attributes.flag_ids.requirement | recommended | ADD |
| ADD | objects.dns_answer.attributes.flags.requirement | optional | ADD |
| ADD | objects.dns_answer.attributes.flag_ids.enum.0.description | The flag is unknown. | ADD |
| DEPRECATE | objects.dns_answer.attributes.flag_ids.enum.99.description | The event DNS header flag is not mapped. | UPDATE |
| ADD | objects.network_endpoint.attributes.type_id.enum.13 | {'caption': 'IDS', 'description': "An <a target='_blank'... | ADD |
| ADD | objects.network_endpoint.attributes.type_id.enum.15 | {'caption': 'Load Balancer', 'description': "A <a... | ADD |
| ADD | objects.network_endpoint.attributes.type_id.enum.12 | {'caption': 'Router', 'description': "A <a... | ADD |
| ADD | objects.network_endpoint.attributes.type_id.enum.14 | {'caption': 'IPS', 'description': "An <a target='_blank'... | ADD |
| DEPRECATE | objects.network_endpoint.attributes.type_id.enum.7.description | A <a target='_blank'... | UPDATE |
| UPDATE | objects.firewall_rule.attributes.duration.type | long_t | UPDATE |
| PRESERVE | objects.firewall_rule.attributes.duration.caption | Duration | UPDATE |
| ADD | objects.affected_package.attributes.type | {'description': "The type of software package,... | ADD |
| ADD | objects.affected_package.attributes.hash | {'description': 'Cryptographic hash to identify the... | ADD |
| ADD | objects.affected_package.attributes.cpe_name | {'requirement': 'optional', 'caption': 'The product CPE... | ADD |
| ADD | objects.affected_package.attributes.vendor_name | {'description': 'The name of the vendor who published... | ADD |
| ADD | objects.affected_package.attributes.type_id | {'description': 'The type of software package.', 'enum':... | ADD |
| PRESERVE | objects.reg_key.@deprecated | {'since': '1.1.0', 'message': 'Deprecated in upgrade... | REMOVE |
| IGNORE | objects.reg_key.name | UPDATE | |
| UPDATE | objects.reg_key.description | The registry key object describes a Windows registry... | UPDATE |
| DEPRECATE | objects.reg_key.attributes.path.type | path_t | UPDATE |
| DEPRECATE | objects.reg_value.attributes.type_id.enum.-1 | {'caption': 'Other', 'description': 'The type is not... | REMOVE |
| PRESERVE | objects.reg_value.@deprecated | {'since': '1.1.0', 'message': 'Deprecated in upgrade... | REMOVE |
| DEPRECATE | objects.reg_value.attributes.type_id.default | REMOVE | |
| DEPRECATE | objects.reg_value.attributes.path.type | path_t | UPDATE |
| IGNORE | objects.reg_value.name | UPDATE | |
| ADD | objects.win_resource.attributes.details.requirement | optional | ADD |
| ADD | objects.win_resource.attributes.svc_name.requirement | optional | ADD |
| UPDATE | objects.win_resource.attributes.name.requirement | recommended | UPDATE |
| UPDATE | objects.win_resource.attributes.uid.requirement | recommended | UPDATE |
| ADD | events.iam.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.iam.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.iam.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.iam.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.iam.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.file_hosting.attributes.file_result | {'description': 'The resulting file object when the... | ADD |
| ADD | events.file_hosting.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.file_hosting.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.file_hosting.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.file_hosting.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.file_hosting.attributes.duration.caption | Duration | UPDATE |
| IGNORE | events.file_hosting.profiles | UPDATE | |
| ADD | events.resource_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.resource_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.resource_activity.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.resource_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.resource_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.resource_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.discovery_result.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.discovery_result.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.discovery_result.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.discovery_result.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.discovery_result.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.user_access.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.user_access.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.user_access.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.user_access.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.user_access.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.registry_key_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.registry_key_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.registry_key_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.registry_key_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.registry_key_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.registry_key_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.ssh_activity.attributes.type_uid.enum.400707 | {'caption': 'SSH Activity: Listen'} | ADD |
| ADD | events.ssh_activity.attributes.activity_id.enum.7 | {'caption': 'Listen', 'description': 'A network endpoint... | ADD |
| ADD | events.ssh_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.ssh_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.ssh_activity.attributes.tls.requirement | optional | ADD |
| UPDATE | events.ssh_activity.attributes.tls.group | context | UPDATE |
| UPDATE | events.ssh_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.ssh_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.ssh_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.ssh_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.ssh_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.ssh_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| PRESERVE | events.ssh_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.ssh_activity.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.email_file_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.email_file_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.email_file_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.email_file_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.email_file_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.email_file_activity.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.email_file_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.email_file_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| ADD | events.registry_value_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.registry_value_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.registry_value_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.registry_value_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.registry_value_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.registry_value_activity.attributes.duration.caption | Duration | UPDATE |
| ADD | events.email_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.email_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.email_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| DEPRECATE | events.email_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.email_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.email_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.email_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.email_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.detection_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.detection_finding.attributes.risk_level_id.enum.99 | {'caption': 'Other', 'description': 'The risk level is... | ADD |
| PRESERVE | events.detection_finding.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.detection_finding.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| DEPRECATE | events.detection_finding.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| DEPRECATE | events.detection_finding.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.detection_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.detection_finding.attributes.risk_level.description | The risk level, normalized to the caption of the... | UPDATE |
| UPDATE | events.detection_finding.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.detection_finding.attributes.duration.caption | Duration | UPDATE |
| ADD | events.dns_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.dns_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.dns_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.dns_activity.attributes.tls.group | context | UPDATE |
| UPDATE | events.dns_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| DEPRECATE | events.dns_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.dns_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.dns_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.dns_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.dns_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.dns_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.dns_activity.attributes.duration.caption | Duration | UPDATE |
| ADD | events.ntp_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.ntp_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.ntp_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.ntp_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| DEPRECATE | events.ntp_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.ntp_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.ntp_activity.attributes.tls.group | context | UPDATE |
| UPDATE | events.ntp_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.ntp_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.ntp_activity.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.ntp_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.ntp_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| ADD | events.memory_activity.attributes.activity_id.enum.9 | {'description': 'Map View (Example:... | ADD |
| ADD | events.memory_activity.attributes.type_uid.enum.100409 | {'caption': 'Memory Activity: Map View'} | ADD |
| ADD | events.memory_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.memory_activity.attributes.size.requirement | recommended | ADD |
| DEPRECATE | events.memory_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| PRESERVE | events.memory_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.memory_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.memory_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.memory_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.memory_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.memory_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.inventory_info.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.inventory_info.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.inventory_info.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.inventory_info.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.inventory_info.attributes.duration.type | long_t | UPDATE |
| ADD | events.network_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.network_activity.attributes.activity_id.enum.7 | {'caption': 'Listen', 'description': 'A network endpoint... | ADD |
| ADD | events.network_activity.attributes.type_uid.enum.400107 | {'caption': 'Network Activity: Listen'} | ADD |
| ADD | events.network_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.network_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.network_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.network_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| UPDATE | events.network_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.network_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.network_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| DEPRECATE | events.network_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.network_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.network_activity.attributes.tls.group | context | UPDATE |
| DEPRECATE | events.network_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| ADD | events.compliance_finding.attributes.resource.@deprecated | {'message': 'Use the <code>resources</code> attribute... | ADD |
| ADD | events.compliance_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.compliance_finding.attributes.resources | {'description': 'Describes details about the... | ADD |
| PRESERVE | events.compliance_finding.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.compliance_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.compliance_finding.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.compliance_finding.attributes.duration.type | long_t | UPDATE |
| ADD | events.scheduled_job_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.scheduled_job_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.scheduled_job_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.scheduled_job_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.scheduled_job_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.scheduled_job_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.scheduled_job_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.scheduled_job_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| ADD | events.patch_state.attributes.$include | ['profiles/host.json'] | ADD |
| ADD | events.patch_state.attributes.device.profile | ADD | |
| ADD | events.patch_state.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.patch_state.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.patch_state.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.patch_state.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.patch_state.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.web_resource_access_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.web_resource_access_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.web_resource_access_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.web_resource_access_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.web_resource_access_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.security_finding.attributes.disposition_id.enum.11.description | A corrupt file or configuration was corrected. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.12.description | A corrupt file or configuration was partially corrected. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.22 | {'caption': 'Captcha', 'description': 'Required the end... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.1.description | Granted access or allowed the action to the protected resource. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.2.description | Denied access or blocked the action to the protected resource. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.26 | {'caption': 'Unauthorized', 'description': "An attempt... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.7.description | A custom action was executed such as running of a... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.25 | {'caption': 'Rejected', 'description': "A request or... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.13.description | A corrupt file or configuration was not corrected. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.16 | {'caption': 'No Action', 'description': 'The outcome of... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.21 | {'caption': 'Reset', 'description': 'The request was... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.3.description | A suspicious file or other content was moved to a benign... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.9 | {'caption': 'Restored', 'description': 'A quarantined... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.18 | {'caption': 'Tagged', 'description': 'A file or other... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.19 | {'caption': 'Alert', 'description': 'The request or... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.23 | {'caption': 'Challenge', 'description': "Ran a silent... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.24 | {'caption': 'Access Revoked', 'description': "The... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.4.description | A session was isolated on the network or within a browser. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.17 | {'caption': 'Logged', 'description': 'The operation or... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.27 | {'caption': 'Error', 'description': 'An error occurred... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.5.description | A file or other content was deleted. | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.20 | {'caption': 'Count', 'description': 'Counted the request... | ADD |
| ADD | events.security_finding.attributes.risk_level_id.enum.99 | {'caption': 'Other', 'description': 'The risk level is... | ADD |
| ADD | events.security_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.security_finding.attributes.disposition_id.enum.6.description | The request was detected as a threat and resulted in the... | ADD |
| PRESERVE | events.security_finding.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.security_finding.attributes.risk_level.description | The risk level, normalized to the caption of the... | UPDATE |
| PRESERVE | events.security_finding.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.security_finding.attributes.duration.type | long_t | UPDATE |
| IGNORE | events.security_finding.profiles | UPDATE | |
| UPDATE | events.security_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.account_change.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.account_change.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.account_change.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.account_change.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.account_change.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.ftp_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.ftp_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.ftp_activity.attributes.tls.requirement | optional | ADD |
| DEPRECATE | events.ftp_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.ftp_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| DEPRECATE | events.ftp_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.ftp_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.ftp_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.ftp_activity.attributes.tls.group | context | UPDATE |
| DEPRECATE | events.ftp_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.ftp_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.ftp_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.discovery.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.discovery.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| IGNORE | events.discovery.profiles | UPDATE | |
| UPDATE | events.discovery.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.discovery.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.discovery.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.http_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.http_activity.attributes.http_status.requirement | recommended | ADD |
| ADD | events.http_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.http_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| UPDATE | events.http_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.http_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.http_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.http_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.http_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.http_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| DEPRECATE | events.http_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.http_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.http_activity.attributes.tls.group | context | UPDATE |
| ADD | events.datastore_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.datastore_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.datastore_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.datastore_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.datastore_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.datastore_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.datastore_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.datastore_activity.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.authentication.attributes.logon_process.requirement | optional | ADD |
| ADD | events.authentication.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.authentication.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.authentication.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.authentication.attributes.duration.caption | Duration | UPDATE |
| ADD | events.dhcp_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.dhcp_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.dhcp_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| UPDATE | events.dhcp_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.dhcp_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.dhcp_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.dhcp_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.dhcp_activity.attributes.tls.group | context | UPDATE |
| PRESERVE | events.dhcp_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.dhcp_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.dhcp_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| ADD | events.file_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.file_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.file_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.file_activity.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.file_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.file_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.file_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.file_activity.attributes.duration.caption | Duration | UPDATE |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.1.description | Granted access or allowed the action to the protected resource. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.25 | {'caption': 'Rejected', 'description': "A request or... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.5.description | A file or other content was deleted. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.27 | {'caption': 'Error', 'description': 'An error occurred... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.12.description | A corrupt file or configuration was partially corrected. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.18 | {'caption': 'Tagged', 'description': 'A file or other... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.23 | {'caption': 'Challenge', 'description': "Ran a silent... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.4.description | A session was isolated on the network or within a browser. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.21 | {'caption': 'Reset', 'description': 'The request was... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.22 | {'caption': 'Captcha', 'description': 'Required the end... | ADD |
| ADD | events.email_delivery_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.9 | {'caption': 'Restored', 'description': 'A quarantined... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.16 | {'caption': 'No Action', 'description': 'The outcome of... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.3.description | A suspicious file or other content was moved to a benign... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.19 | {'caption': 'Alert', 'description': 'The request or... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.11.description | A corrupt file or configuration was corrected. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.17 | {'caption': 'Logged', 'description': 'The operation or... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.24 | {'caption': 'Access Revoked', 'description': "The... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.2.description | Denied access or blocked the action to the protected resource. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.6.description | The request was detected as a threat and resulted in the... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.13.description | A corrupt file or configuration was not corrected. | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.7.description | A custom action was executed such as running of a... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.26 | {'caption': 'Unauthorized', 'description': "An attempt... | ADD |
| ADD | events.email_delivery_activity.attributes.disposition_id.enum.20 | {'caption': 'Count', 'description': 'Counted the request... | ADD |
| ADD | events.web_resources_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.web_resources_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.web_resources_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.web_resources_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.web_resources_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.web_resources_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.web_resources_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.web_resources_activity.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.incident_finding.attributes.ticket | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.incident_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| IGNORE | events.incident_finding.profiles | UPDATE | |
| PRESERVE | events.incident_finding.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.incident_finding.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.incident_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.incident_finding.attributes.duration.type | long_t | UPDATE |
| ADD | events.network_file_activity.attributes.tls.requirement | optional | ADD |
| ADD | events.network_file_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.network_file_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| DEPRECATE | events.network_file_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.network_file_activity.attributes.tls.group | context | UPDATE |
| UPDATE | events.network_file_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.network_file_activity.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.network_file_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| PRESERVE | events.network_file_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.network_file_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.network_file_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.entity_management.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300413 | {'caption': 'Entity Management: Resume'} | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.9 | {'caption': 'Disable', 'description': 'Disable an... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.6 | {'caption': 'Enroll', 'description': 'Enroll an existing... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.10 | {'caption': 'Activate', 'description': 'Activate an... | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300412 | {'caption': 'Entity Management: Suspend'} | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300405 | {'caption': 'Entity Management: Move'} | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300406 | {'caption': 'Entity Management: Enroll'} | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300409 | {'caption': 'Entity Management: Disable'} | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.7 | {'caption': 'Unenroll', 'description': 'Unenroll an... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.12 | {'caption': 'Suspend', 'description': 'Suspend an... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.1.description | Create a new managed entity. | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.3.description | Update an existing managed entity. | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.2.description | Read an existing managed entity. | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300411 | {'caption': 'Entity Management: Deactivate'} | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.11 | {'caption': 'Deactivate', 'description': 'Deactivate an... | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300408 | {'caption': 'Entity Management: Enable'} | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300410 | {'caption': 'Entity Management: Activate'} | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.4.description | Delete a managed entity. | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.5 | {'caption': 'Move', 'description': 'Move or rename an... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.13 | {'caption': 'Resume', 'description': 'Resume (unsuspend)... | ADD |
| ADD | events.entity_management.attributes.activity_id.enum.8 | {'caption': 'Enable', 'description': 'Enable an existing... | ADD |
| ADD | events.entity_management.attributes.type_uid.enum.300407 | {'caption': 'Entity Management: Unenroll'} | ADD |
| ADD | events.entity_management.attributes.access_mask | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.entity_management.attributes.access_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| UPDATE | events.entity_management.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.entity_management.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.entity_management.attributes.actor.description | Used for when the entity acting upon another entity is a... | UPDATE |
| PRESERVE | events.entity_management.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.entity_management.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.module_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.module_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| DEPRECATE | events.module_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.module_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.module_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.module_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.module_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.module_activity.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.process_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.process_activity.attributes.injection_type_id.enum.3 | {'caption': 'Queue APC'} | ADD |
| PRESERVE | events.process_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.process_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.process_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.process_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.process_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.process_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.process_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| ADD | events.group_management.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.group_management.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.group_management.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.group_management.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.group_management.attributes.duration.type | long_t | UPDATE |
| ADD | events.rdp_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.rdp_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.rdp_activity.attributes.tls.requirement | optional | ADD |
| DEPRECATE | events.rdp_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.rdp_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.rdp_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.rdp_activity.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.rdp_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.rdp_activity.attributes.tls.group | context | UPDATE |
| PRESERVE | events.rdp_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.rdp_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| DEPRECATE | events.rdp_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| ADD | events.network.attributes.tls.requirement | optional | ADD |
| ADD | events.network.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.network.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.network.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.network.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.network.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.network.attributes.tls.group | context | UPDATE |
| PRESERVE | events.network.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.network.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| PRESERVE | events.network.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.network.attributes.src_endpoint.requirement | recommended | UPDATE |
| DEPRECATE | events.network.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| ADD | events.kernel_extension.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.kernel_extension.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.kernel_extension.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.kernel_extension.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| PRESERVE | events.kernel_extension.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.kernel_extension.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.kernel_extension.attributes.status_detail.caption | Status Details | UPDATE |
| DEPRECATE | events.kernel_extension.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| ADD | events.user_inventory.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.user_inventory.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.user_inventory.attributes.status_detail.caption | Status Details | UPDATE |
| IGNORE | events.user_inventory.profiles | UPDATE | |
| PRESERVE | events.user_inventory.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.user_inventory.attributes.duration.type | long_t | UPDATE |
| ADD | events.device_config_state_change.attributes.state | {'caption': 'Config Change State', 'description': "The... | ADD |
| ADD | events.device_config_state_change.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.device_config_state_change.attributes.security_level.requirement | recommended | ADD |
| ADD | events.device_config_state_change.attributes.prev_security_level_id.requirement | recommended | ADD |
| ADD | events.device_config_state_change.attributes.state_id | {'caption': 'Config Change State ID', 'description':... | ADD |
| ADD | events.device_config_state_change.attributes.security_level_id.requirement | recommended | ADD |
| ADD | events.device_config_state_change.attributes.prev_security_level.requirement | recommended | ADD |
| ADD | events.device_config_state_change.attributes.prev_security_states.requirement | recommended | ADD |
| ADD | events.device_config_state_change.attributes.security_states.requirement | recommended | ADD |
| UPDATE | events.device_config_state_change.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.device_config_state_change.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.device_config_state_change.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.device_config_state_change.attributes.duration.caption | Duration | UPDATE |
| ADD | events.finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.finding.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.finding.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.finding.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.email_url_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.email_url_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.email_url_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.email_url_activity.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.email_url_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.email_url_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.email_url_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.email_url_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.application.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.application.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.application.attributes.status_detail.caption | Status Details | UPDATE |
| IGNORE | events.application.profiles | UPDATE | |
| UPDATE | events.application.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.application.attributes.duration.type | long_t | UPDATE |
| ADD | events.scan_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.scan_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.scan_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.scan_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.scan_activity.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.smb_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.smb_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.smb_activity.attributes.tls.requirement | optional | ADD |
| PRESERVE | events.smb_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.smb_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.smb_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| DEPRECATE | events.smb_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.smb_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.smb_activity.attributes.src_endpoint.requirement | recommended | UPDATE |
| PRESERVE | events.smb_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.smb_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| UPDATE | events.smb_activity.attributes.tls.group | context | UPDATE |
| ADD | events.config_state.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.config_state.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.config_state.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.config_state.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.config_state.attributes.duration.caption | Duration | UPDATE |
| ADD | events.vulnerability_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.vulnerability_finding.attributes.resources | {'caption': 'Affected Resources', 'description':... | ADD |
| ADD | events.vulnerability_finding.attributes.resource.@deprecated | {'message': 'Use the <code>resources</code> attribute... | ADD |
| UPDATE | events.vulnerability_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.vulnerability_finding.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.vulnerability_finding.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.vulnerability_finding.attributes.duration.caption | Duration | UPDATE |
| ADD | events.base_event.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.base_event.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| IGNORE | events.base_event.profiles | UPDATE | |
| UPDATE | events.base_event.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.base_event.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.base_event.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.kernel_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| DEPRECATE | events.kernel_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.kernel_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.kernel_activity.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.kernel_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.kernel_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.kernel_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.kernel_activity.attributes.duration.type | long_t | UPDATE |
| ADD | events.system.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.system.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| DEPRECATE | events.system.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.system.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.system.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| DEPRECATE | events.system.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.system.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.system.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.data_security_finding.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.data_security_finding.attributes.risk_level_id.enum.99 | {'caption': 'Other', 'description': 'The risk level is... | ADD |
| PRESERVE | events.data_security_finding.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.data_security_finding.attributes.resources.description | Describes details about resources where classified or... | UPDATE |
| DEPRECATE | events.data_security_finding.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| UPDATE | events.data_security_finding.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.data_security_finding.attributes.risk_level.description | The risk level, normalized to the caption of the... | UPDATE |
| DEPRECATE | events.data_security_finding.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| PRESERVE | events.data_security_finding.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.data_security_finding.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.data_security_finding.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| ADD | events.authorize_session.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.authorize_session.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.authorize_session.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.authorize_session.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.authorize_session.attributes.duration.type | long_t | UPDATE |
| ADD | events.prefetch_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.prefetch_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.prefetch_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.prefetch_query.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.prefetch_query.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.registry_value_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.registry_value_query.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.registry_value_query.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.registry_value_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.registry_value_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.registry_key_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.registry_key_query.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.registry_key_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.registry_key_query.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.registry_key_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.tunnel_activity.attributes.ja4_fingerprint_list | {'group': 'context', 'requirement': 'optional',... | ADD |
| ADD | events.tunnel_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.tunnel_activity.attributes.tls.requirement | optional | ADD |
| DEPRECATE | events.tunnel_activity.attributes.disposition_id.enum.0.description | The disposition was not known. | UPDATE |
| UPDATE | events.tunnel_activity.attributes.tls.group | context | UPDATE |
| UPDATE | events.tunnel_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.tunnel_activity.attributes.duration.caption | Duration | UPDATE |
| DEPRECATE | events.tunnel_activity.attributes.disposition_id.enum.8.description | A request or submission was approved. For example, when... | UPDATE |
| PRESERVE | events.tunnel_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.tunnel_activity.attributes.duration.type | long_t | UPDATE |
| DEPRECATE | events.tunnel_activity.attributes.disposition_id.enum.99.description | The disposition is not listed. The... | UPDATE |
| ADD | events.peripheral_device_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.peripheral_device_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.peripheral_device_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.peripheral_device_query.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.peripheral_device_query.attributes.duration.type | long_t | UPDATE |
| ADD | events.session_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| UPDATE | events.session_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| PRESERVE | events.session_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.session_query.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.session_query.attributes.status_detail.caption | Status Details | UPDATE |
| ADD | events.user_query.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| PRESERVE | events.user_query.attributes.status_detail.caption | Status Details | UPDATE |
| PRESERVE | events.user_query.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.user_query.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| UPDATE | events.user_query.attributes.duration.type | long_t | UPDATE |
| ADD | events.api_activity.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| IGNORE | events.api_activity.profiles | UPDATE | |
| PRESERVE | events.api_activity.attributes.duration.caption | Duration | UPDATE |
| PRESERVE | events.api_activity.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.api_activity.attributes.duration.type | long_t | UPDATE |
| UPDATE | events.api_activity.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
| ADD | events.application_lifecycle.attributes.activity_id.enum.5 | {'caption': 'Restart', 'description': 'Restart the application.'} | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.1.description | Install the application. | ADD |
| ADD | events.application_lifecycle.attributes.type_uid.enum.600206 | {'caption': 'Application Lifecycle: Enable'} | ADD |
| ADD | events.application_lifecycle.attributes.type_uid.enum.600207 | {'caption': 'Application Lifecycle: Disable'} | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.4.description | Stop the application. | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.3.description | Start the application. | ADD |
| ADD | events.application_lifecycle.attributes.type_uid.enum.600205 | {'caption': 'Application Lifecycle: Restart'} | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.8 | {'caption': 'Update', 'description': 'Update the application.'} | ADD |
| ADD | events.application_lifecycle.attributes.type_uid.enum.600208 | {'caption': 'Application Lifecycle: Update'} | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.2.description | Remove the application. | ADD |
| ADD | events.application_lifecycle.attributes.osint | {'requirement': 'required', 'group': 'primary',... | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.6 | {'caption': 'Enable', 'description': 'Enable the application.'} | ADD |
| ADD | events.application_lifecycle.attributes.activity_id.enum.7 | {'caption': 'Disable', 'description': 'Disable the application.'} | ADD |
| PRESERVE | events.application_lifecycle.attributes.status_detail.caption | Status Details | UPDATE |
| UPDATE | events.application_lifecycle.attributes.duration.type | long_t | UPDATE |
| PRESERVE | events.application_lifecycle.attributes.duration.caption | Duration | UPDATE |
| UPDATE | events.application_lifecycle.attributes.status_detail.description | The status detail contains additional information about... | UPDATE |
Change Summary
Back to top.
| Action | Total | Records | Record Properties | Attributes | Attribute Properties | Enum Members | Enum Member Properties |
|---|---|---|---|---|---|---|---|
| ADD | 347 | 18 | 122 | 129 | 218 | 42 | 144 |
| REMOVE | 2 | 2 | 2 | 0 | 0 | 0 | 0 |
| UPDATE | 205 | 0 | 84 | 0 | 189 | 0 | 0 |
| DEPRECATE | 94 | 0 | 38 | 0 | 39 | 90 | 91 |
| IGNORE | 11 | 0 | 11 | 0 | 0 | 0 | 0 |
| PRESERVE | 128 | 0 | 66 | 0 | 126 | 0 | 0 |