Closed nicolasreich closed 3 years ago
Hello @nicolasreich ! There were some recent changes to make the project a little bit more modular and CDM will be the schema that should be considered from now on. We are reviewing the endpoint entities and attributes. Windows Security is a provider with over 400 events so we are reviewing several of them atm after those massive changes.We are also updating the format of the dictionaries and removing a few sections. That is coming soon. I appreciate the feedback.
Okay thanks for the clarification, we'll look at the CDM when in doubt, and follow the updates of the project.
Hello,
In some cases, there are mismatches between the CDM and Data Dictionaries, which is normal for such a young project. When such a case arises, what should be considered correct?
For example of such a mismatch, the full path of the executable file of a process is called
process_file_path
in the CDM, butprocess_path
in most of the data dictionaries where it appears.Cheers