-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjust Windows Resource Activity class (201003) to be aligned with Windows event 4662 #1090
Comments
@mikeradka - thank you for your comments here. |
An updated PR was created |
…t 4662 (#1114) Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662 #### Related Issue: #1090 #### Description of changes: We add the attributes access_list, access_mask. ![Screenshot 2024-06-04 at 15 50 27](https://github.com/ocsf/ocsf-schema/assets/100218904/5417d9a9-5956-441c-b173-437183875f49) Signed-off-by: Eliraz Levi [[email protected]](mailto:[email protected]) Co-authored-by: Rajas <[email protected]>
@eliraz-levi Just wanted to check in on this one - since #1114 was merged, could this Issue be closed out? |
Windows Resource Activity class (201003) is not aligned with fields exist in Windows event 4662 - “An operation was performed on an object”.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662
Windows event 4662 is an essential security event to detect and investigate DCSync attack which is a very common attack in active directory environment https://attack.mitre.org/techniques/T1003/006/ .
Current gaps:
win_resource.uid
.The text was updated successfully, but these errors were encountered: