Closed AlexRuiz7 closed 5 months ago
Related issue: #128
During the testing of #217, I've found out that our mapping has to the Detection Finding class of OCSF has some small problems that we need to fix, as it does not comply with the OCSF class schema.
Here's an example:
(.venv) @alex-GL66 ➜ amazon-security-lake-ocsf-validation git:(main) ✗ python validate.py -i parquet/ ATTEMPTING TO VALIDATE FILE: ext_wazuh_region=us-east-1_accountId=111111111111_eventDay=20240426_16c8c6c68f4845949f41ea1d6098913f.parquet INVALID OCSF. INVALID OCSF. INVALID OCSF. INVALID OCSF. INVALID OCSF. Sending verbose output to: /home/alex/wazuh/amazon-security-lake-ocsf-validation/output.txt
Check the output file for details. For example, ['finding_info']['attacks'] is an object, while it should be an array of objects.
['finding_info']['attacks']
output.txt
time
AttackInfo
Description
Related issue: #128
During the testing of #217, I've found out that our mapping has to the Detection Finding class of OCSF has some small problems that we need to fix, as it does not comply with the OCSF class schema.
Here's an example:
Check the output file for details. For example,
['finding_info']['attacks']is an object, while it should be an array of objects.output.txt
Tasks
timefrom string to integer (epoch)['finding_info']['attacks']to a list ofAttackInfoobjects