Open eliraz-levi opened 3 weeks ago
Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662
https://github.com/ocsf/ocsf-schema/issues/1090
We add the attributes access_list, access_mask.
Signed-off-by: Eliraz Levi eliraz.levi@hunters.ai
@eliraz-levi can we validate that access list and access mask exist outside of windows? And if they don't can we put this in the windows profile ?
Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662
Related Issue:
https://github.com/ocsf/ocsf-schema/issues/1090
Description of changes:
We add the attributes access_list, access_mask.![Screenshot 2024-06-04 at 15 50 27](https://github.com/ocsf/ocsf-schema/assets/100218904/5417d9a9-5956-441c-b173-437183875f49)
Signed-off-by: Eliraz Levi eliraz.levi@hunters.ai