Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USER, LDAP Person extension by useful fields + cloud profile added to support Azure AD #1122

Open
PavelJurka opened this issue Jun 26, 2024 · 1 comment
Open

USER, LDAP Person extension by useful fields + cloud profile added to support Azure AD #1122

PavelJurka opened this issue Jun 26, 2024 · 1 comment
Labels
v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF

Comments

@PavelJurka
Copy link
Contributor

PavelJurka commented Jun 26, 2024
edited
Loading

This issue is about adding a few useful fields to LDAP user, User object and adding a way how to map Azure ID to it.

USER:

  • bad_password_attempts
  • bad_password_time
  • created_time
  • expiration_time
  • last_login_time
  • lock_out_time
  • logon_count
  • logon_hours
  • modified_time,
  • password_last_set_time
  • password_never_expire
  • is_privileged,
  • status
  • status_id

LDAP Person:

  • allowed_to_act_on_behalf_of_other_identity
  • allowed_to_delegate_to
  • department
  • display_name
  • domain
  • employee_type
  • employee_type_id
  • expiration_time
  • force_change_password_next_sign_in
  • force_change_password_next_sign_in_with_mfa
  • parent_dn
  • proxy_addresses
  • last_known_parent
  • member_of"
  • member_of_guid"
  • member_of_transitive"
  • object_category
  • object_class
  • object_guid
  • primary_group_id
  • resultant_pso
  • is_service_account
  • unique_name
  • usn_changed
  • usn_created
  • user_principal_name
  • user_account_control
  • user_password_expiry_computed_time
  • visibility

Active directory profile:

  • is_privileged
  • classification
  • consistency_guid
  • creator_sid
  • email_addr"
  • forest
  • is_deleted
  • object_sid
  • on_premises_distinguished_name
  • on_premises_domain_name
  • on_premises_immutable_id
  • on_premises_last_sync_time
  • on_premises_sam_account_name
  • on_premises_sync_enabled
  • on_premises_user_principal_name
  • is_recycled
  • nt_security_descriptor
  • is_security_group
  • sam_account_type
  • service_principal_name
  • sam_account_name
  • sid_history
  • token_groups
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 26, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
f68aac2 
…port added

- wip - status: User extended
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 27, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
db3d456 
…port added

- wip - status: Ldap person in progress
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 27, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
7b67f41 
…port added

- wip - status: LDAP person added + AD profile
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
f8d9965 
…port added

- wip - status: LDAP person added + AD profile

missing on_premises_distinguished_name
        on_premises_domain_name
        on_premises_immutable_id
        on_premises_last_sync_time
        on_premises_sam_account_name
        on_premises_sync_enabled
        on_premises_user_principal_name
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
b6728f5 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
502c8dc 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jun 28, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
da5bea1 
…port added

- wip - status: LDAP person added + AD profile

initial shape
PavelJurka added a commit to PavelJurka/ocsf-schema that referenced this issue Jul 1, 2024
@PavelJurka
Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…
670dec1 
…port added

- wip - status: LDAP person added + AD profile

initial shape

PR - expiration_time instead of account_expiry_time
@PavelJurka PavelJurka mentioned this issue Jul 2, 2024
Draft
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
7746948 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
dda87a8 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
437fb84 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
a122a7f 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
05d55d7 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
8eb30c6 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 3, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
c920dea
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
792f673
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - PR
11b83a9
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 10, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
7de32c8 
…h AD api
@mikeradka
Copy link
Contributor

Could you add some samples of raw data that you are seeking to normalize to OCSF so we can better understand your use case?

PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
ff3336a
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
de95d11
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
a0b1861
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
bc354a3
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
e2b07c6 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
b501629 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
b82c00c 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
1295dac 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
058ec74 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Jul 26, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
20478f1
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
0fe58d9 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
bf0dc5e 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
8e15535 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
4a06f36 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
0bf2686 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
efab87d
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
583aee4
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - PR
1ca918f
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
a9dc187 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
094b337 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
91cbeb5
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
4a50434
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
e87c472
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
92ecc6f
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 16, 2024
@PavelJurka
feat: [ocsf#1122] - pw_expiry_time to be consistent
3a9f241
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
930248a 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
e9cc985 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
2d89251 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
6f5c27e 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - ldap - moved active directory sid objects to ad p…
1f3a99b 
…rofile
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - PR ready
bb6e83b
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - added ldap group
6f3cfe4
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - PR
c6344f6
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
aa58992 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pushed back admin_count to be more consistent wit…
0f6f32c 
…h AD api
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
e660baa
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
58ec283
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - visibility enum update by the convention
cedd200
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - code review - shortening fields name.
0527052
PavelJurka added a commit to Sentinel-One/ocsf-schema that referenced this issue Oct 22, 2024
@PavelJurka
feat: [ocsf#1122] - pw_expiry_time to be consistent
3f131d4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v1.4.0 or later Changes marked for versions beyond v1.3.0 of OCSF
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PavelJurka @mikeradka