-
Notifications
You must be signed in to change notification settings - Fork 140
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added drive_type and drive_type_id for file object (#1287)
#### Related Issue: 1286 - Add drive_type and drive_type_id under File Object #1286 #### Description of changes: The proposal is to extend the File Object by adding details about the type of drive where the file is located. This enrichment would offer greater security insight, assisting the SOC team in determining whether files are created off a network drive or say a USB thumb drive. The below list was inspired by a Win32 API : https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getdrivetypea I have added two optional fields called drive_type and drive_type_id under File Object to take care of this. drive_type_id can take one of the following values : ```0 = "Unknown", 1 = "Removable", 2 = "Fixed", 3 = "Remote", 4 = "CD-ROM", 5 = "RAM Disk", 99 = "Other" ``` and the drive_type would be string equivalent. <img width="1297" alt="Screenshot 2024-12-12 at 9 03 49 PM" src="https://github.com/user-attachments/assets/ff14b6b6-94f3-4efe-a635-c711180ba993" /> --------- Signed-off-by: [email protected] <[email protected]> Co-authored-by: [email protected] <[email protected]>
- Loading branch information
1 parent
f925c28
commit 203d70c
Showing
3 changed files
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters