zschmerber
commented
2 weeks ago @eliraz-levi can we validate that access list and access mask exist outside of windows? And if they don't can we put this in the windows profile ?
Open eliraz-levi opened 3 weeks ago
zschmerber
commented
2 weeks ago @eliraz-levi can we validate that access list and access mask exist outside of windows? And if they don't can we put this in the windows profile ?
Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662
Related Issue:
https://github.com/ocsf/ocsf-schema/issues/1090
Description of changes:
We add the attributes access_list, access_mask.
Signed-off-by: Eliraz Levi eliraz.levi@hunters.ai