search

OTRF / OSSEM-DM

OSSEM Detection Model
MIT License
167 stars 43 forks source link

fixing missing characters in yml #54

Closed Kyrasuum closed 2 years ago

Kyrasuum commented 2 years ago

Added a missing '-' character to a .yml file. Added a missing ' ' character to a .yml file. Problem came from attempting to parse the .yml using any common schema batch loader for relationships. Was using a golang parser which first converts it to json and then a struct definition.

The missing '-' character created a conflict where 'security_events' was both an array of maps and a map. Map version only occurs in one file so preferred the array of maps.

Missing ' ' character resulted in the field being named as '-ActionType' instead of 'ActionType'. Also prevented it from falling under 'filter_in'

Automatic generation of schema should be as follows:

ossem-dm/relationships:
{
    "attack": {
        "data_component": "",
        "data_source": ""
    },
    "behavior": {
        "relationship": "",
        "source": "",
        "target": ""
    },
    "contributors": [
        ""
    ],
    "name": "",
    "note": null,
    "notes": [
        ""
    ],
    "references": [
        ""
    ],
    "relationship_id": "",
    "security_events": [
        {
            "audit_category": "",
            "audit_sub_category": "",
            "event_id": "",
            "event_version": [
                ""
            ],
            "filter_in": [
                {
                    "ActionType": "",
                    "EventType": "",
                    "ObjectType": "",
                    "OperationType": "",
                    "eventName": "",
                    "eventType": ""
                }
            ],
            "log_channel": "",
            "log_provider": "",
            "log_source": "",
            "name": "",
            "platform": ""
        }
    ]
}
Cyb3rPandaH commented 2 years ago

Thank you @Kyrasuum 🍻