Added drive_type and drive_type_id for file object

Signed-off-by: [email protected] <[email protected]>

CHANGELOG.md

@@ -92,6 +92,7 @@ Thankyou! -->
     1. Added `vendor_attributes` object. #1257
     1. Added `aircraft` object. #1253
     1. Added `software_component` and `sbom` objects. #1262
+    1. Added `drive_type` and `drive_type_id` objects. #1286
 
 ### Improved
 * #### Event Classes
@@ -156,6 +157,7 @@ Thankyou! -->
     1. Added `cloud_partition` to the `cloud` object. #1271
     1. Added `product`, `related_events_count`, `uid_alt`, `tags` to `finding_info` object. #1271
     1. Added `count`, `created_time`, `desc`, `first_seen_time`, `last_seen_time`, `modified_time`, `product`, `severity`, `severity_id`, `tags` & `title` to `related_event` object. #1271
+    1. Added `drive_type` and `drive_type_id` to the `file` object. #1286
 
 ### Bugfixes
 1. Added sibling definition to `confidence_id` in dictionary, accurately associating `confidence` as its sibling. #1180

dictionary.json

@@ -1818,6 +1818,47 @@
       "type": "string_t",
       "is_array": true
     },
+    "drive_type": {
+      "caption": "Drive Type",
+      "description": "The type of drive where the file is located. For example: <code>unknown</code>, <code>removable</code>, <code>fixed</code>, <code>remote</code>, or <code>other</code>.",
+      "type": "string_t"
+    },
+    "drive_type_id" : {
+      "caption": "Drive Type ID",
+      "description": "The drive type id where the file is located.",
+      "sibling": "drive_type",
+      "type": "integer_t",
+      "enum": {
+        "0": {
+          "caption": "Unknown",
+          "description": "The drive type is unknown."
+        },
+        "1": {
+          "caption": "Removable",
+          "description": "File is located on removable media like a USB stick."
+        },
+        "2": {
+          "caption": "Fixed",
+          "description": "File is located on a fixed drive, such as a hard disk."
+        },
+        "3": {
+          "caption": "Remote",
+          "description": "File is located on a remote drive, such as a network share."
+        },
+        "4": {
+          "caption": "CD-ROM",
+          "description": "File is located on a CD-ROM drive."
+        },
+        "5": {
+          "caption": "Ram Disk",
+          "description": "File resides on a RAM disk."
+        },
+        "99": {
+          "caption": "Other",
+          "description": "The drive type is not mapped. See the <code>drive_type</code> attribute, which contains a data source specific value."
+        }
+      }
+    },
     "driver": {
       "caption": "Kernel Driver",
       "description": "The driver that was loaded/unloaded into the kernel",

objects/file.json

@@ -42,6 +42,12 @@
       "description": "The description of the file, as returned by file system. For example: the description as returned by the Unix file command or the Windows file type.",
       "requirement": "optional"
     },
+    "drive_type": {
+      "requirement": "optional"
+    },
+    "drive_type_id" : {
+      "requirement": "optional"
+    },
     "encryption_details": {
       "description": "The encryption details of the file. Should be populated if the file is encrypted.",
       "requirement": "optional"