Merge branch 'main' into iam-account_change-unlock

ocsf · Dec 13, 2024 · 0214336 · 0214336
2 parents 7b179aa + 203d70c
commit 0214336
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -92,6 +92,7 @@ Thankyou! -->
     1. Added `vendor_attributes` object. #1257
     1. Added `aircraft` object. #1253
     1. Added `software_component` and `sbom` objects. #1262
+    1. Added `drive_type` and `drive_type_id` objects. #1287
 
 ### Improved
 * #### Event Classes
@@ -157,6 +158,7 @@ Thankyou! -->
     1. Added `cloud_partition` to the `cloud` object. #1271
     1. Added `product`, `related_events_count`, `uid_alt`, `tags` to `finding_info` object. #1271
     1. Added `count`, `created_time`, `desc`, `first_seen_time`, `last_seen_time`, `modified_time`, `product`, `severity`, `severity_id`, `tags` & `title` to `related_event` object. #1271
+    1. Added `drive_type` and `drive_type_id` to the `file` object. #1287
 
 ### Bugfixes
 1. Added sibling definition to `confidence_id` in dictionary, accurately associating `confidence` as its sibling. #1180

diff --git a/dictionary.json b/dictionary.json
@@ -1818,6 +1818,47 @@
       "type": "string_t",
       "is_array": true
     },
+    "drive_type": {
+      "caption": "Drive Type",
+      "description": "The drive type, normalized to the caption of the <code>drive_type_id</code> value. In the case of <code>Other</code>, it is defined by the source.",
+      "type": "string_t"
+    },
+    "drive_type_id" : {
+      "caption": "Drive Type ID",
+      "description": "Identifies the type of a disk drive, i.e. fixed, removable, etc.",
+      "sibling": "drive_type",
+      "type": "integer_t",
+      "enum": {
+        "0": {
+          "caption": "Unknown",
+          "description": "The drive type is unknown."
+        },
+        "1": {
+          "caption": "Removable",
+          "description": "The drive has removable media; for example, a floppy drive, thumb drive, or flash card reader."
+        },
+        "2": {
+          "caption": "Fixed",
+          "description": "The drive has fixed media; for example, a hard disk drive or flash drive."
+        },
+        "3": {
+          "caption": "Remote",
+          "description": "The drive is a remote (network) drive."
+        },
+        "4": {
+          "caption": "CD-ROM",
+          "description": "The drive is a CD-ROM drive."
+        },
+        "5": {
+          "caption": "RAM Disk",
+          "description": "The drive is a RAM disk."
+        },
+        "99": {
+          "caption": "Other",
+          "description": "The drive type is not mapped. See the <code>drive_type</code> attribute, which contains a data source specific value."
+        }
+      }
+    },
     "driver": {
       "caption": "Kernel Driver",
       "description": "The driver that was loaded/unloaded into the kernel",

diff --git a/objects/file.json b/objects/file.json
@@ -42,6 +42,12 @@
       "description": "The description of the file, as returned by file system. For example: the description as returned by the Unix file command or the Windows file type.",
       "requirement": "optional"
     },
+    "drive_type": {
+      "requirement": "optional"
+    },
+    "drive_type_id" : {
+      "requirement": "optional"
+    },
     "encryption_details": {
       "description": "The encryption details of the file. Should be populated if the file is encrypted.",
       "requirement": "optional"