Merge branch 'main' into mobile_device

Signed-off-by: Jonathan Rau <139361268+jonrau-at-queryai@users.noreply.github.com>

CHANGELOG.md

@@ -47,28 +47,37 @@ Thankyou! -->
   1. Added `raw_data_size` as a `long_t`. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
   1. Added `assessments` as an array of `assessment` objects. #1343
   1. Added `meets_criteria` as a `boolean_t`. #1343
+  1. Added `display_name` attribute as a `string_t`. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
+  1. Added `is_directed` as a `boolean_t`, `relation` as a `string_t`, `query_language` & `query_language_id` a sibling pair. #1343
+  1. Added `resource_relationship` of type `graph`, `nodes` of type `node`, `edges` of type `edge`. #1343
+  1. Added `meets_criteria` as a `boolean_t`. #1343
   1. Added `eid`, `iccid`, and `meid` as `string_t`. #1346
   1. Added `is_backed_up`, `is_mobile_account_active`, and `is_shared` as `boolean_t`. #1346
-
-* #### Objects
-  1. Added `assessment` object to capture evaluations/assessments of configurations/signals. #1343
 
+* #### Objects
+    1. Added `assessment` object to capture evaluations/assessments of configurations/signals. #1343
+    1. Added `node`, `edge`, `graph` objects. #1343
+
 ### Improved
 * #### Event Classes
-  1. Added `assessments` to `config_state`. #1343
+    1. Added `assessments` to `config_state`. #1343
+    1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
 * #### Objects
+  1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+  1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
   1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
   1. Added `meets_criteria` and `policy` to `assessment` object. #1343
   1. Added `assessments` to `compliance` object. #1343
   1. Added `data` to `policy` object. #1343
+  1. Added `display_name` attribute to the `user` and `ldap_person` objects. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
+  1. Added `resource_relationship` to `resource_details` object. #1343
   1. Added `eid`, `iccid`, `is_backed_up`, `is_mobile_account_active`, `is_shared`, and `meid` to `device`. #1346
   1. Added `is_backed_up` to `resource_details`. #1346
 
 ### Misc
-  1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
-  1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
   1. Updated description of `config_state` to reflect the addition of the `assessments` object. #1343
 
+
 ## [v1.4.0] - January 31st, 2025
 
 ### Added

dictionary.json

@@ -1703,6 +1703,11 @@
       "description": "The dispersion in the NTP protocol is the estimated time error or uncertainty relative to the reference clock in milliseconds.",
       "type": "integer_t"
     },
+    "display_name": {
+      "caption": "Display Name",
+      "description": "The display name. See specific usage.",
+      "type": "string_t"
+    },
     "disposition": {
       "caption": "Disposition",
       "description": "The disposition name, normalized to the caption of the disposition_id value. In the case of 'Other', it is defined by the event source.",
@@ -1998,6 +2003,12 @@
       "description": "Represents the duration of the activity in years. See specific usage.",
       "type": "integer_t"
     },
+    "edges": {
+      "caption": "Edges",
+      "description": "The list of edge objects that are part of the graph.",
+      "type": "edge",
+      "is_array": true
+    },
     "edition": {
       "caption": "OS Edition",
       "description": "The operating system edition. For example: <code>Professional</code>.",
@@ -2389,7 +2400,7 @@
     },
     "full_name": {
       "caption": "Full Name",
-      "description": "The full name of the person, as per the LDAP Common Name attribute (cn).",
+      "description": "The full name. See specific usage.",
       "type": "string_t"
     },
     "function_keys": {
@@ -2422,6 +2433,11 @@
       "description": "The given or first name of the user.",
       "type": "string_t"
     },
+    "graph": {
+      "caption": "Graph",
+      "description": "A graph data structure representation with nodes and edges.",
+      "type": "graph"
+    },
     "group": {
       "caption": "Group",
       "description": "The group object associated with an entity such as user, policy, or rule.",
@@ -2804,6 +2820,11 @@
       "description": "Indicates if the entity was deleted. See specific usage.",
       "type": "boolean_t"
     },
+    "is_directed": {
+      "caption": "Directed",
+      "description": "Indicates if the entity has directionality. See specific usage.",
+      "type": "boolean_t"
+    },
     "is_encrypted": {
       "caption": "Encrypted",
       "description": "Indicates if the entity was encrypted. See specific usage.",
@@ -3465,6 +3486,12 @@
       "type": "string_t",
       "is_array": true
     },
+    "nodes": {
+      "caption": "Nodes",
+      "description": "The list of node objects that are part of the graph.",
+      "type": "node",
+      "is_array": true
+    },
     "num_detections": {
       "caption": "Detections",
       "description": "The number of detections.",
@@ -4081,6 +4108,27 @@
       "description": "The query info object holds information related to data access within a datastore. To access, manipulate, delete, or retrieve data from a datastore, a database query must be written using a specific syntax.",
       "type": "query_info"
     },
+    "query_language": {
+      "caption": "Query Language",
+      "description": "The query language, normalized to the caption of the <code>query_language_id</code> value. See specific usage.",
+      "type": "string_t"
+    },
+    "query_language_id": {
+      "caption": "Query Language ID",
+      "description": "The normalized identifier of the query language. See specific usage.",
+      "sibling": "query_language",
+      "type": "integer_t",
+      "enum": {
+        "0": {
+          "caption": "Unknown",
+          "description": "The Query Language is unknown."
+        },
+        "99": {
+          "caption": "Other",
+          "description": "The Query Language is not mapped. See the <code>query_language</code> attribute, which contains a data source specific value."
+        }
+      }
+    },
     "query_result": {
       "caption": "Query Result",
       "description": "The result of the query.",
@@ -4254,6 +4302,11 @@
       "type": "string_t",
       "is_array": true
     },
+    "relation": {
+      "caption": "Relation",
+      "description": "The relationship between two entities. See specific usage.",
+      "type": "string_t"
+    },
     "relationship": {
       "caption": "Relationship",
       "description": "The relationship between two software components, normalized to the caption of the <code>relationship_id</code> value. In the case of 'Other', it is defined by the source.",
@@ -4352,6 +4405,11 @@
       "description": "The target resource.",
       "type": "resource_details"
     },
+    "resource_relationship": {
+      "caption": "Resource Relationship",
+      "description": "Describes entities related to the resource, using a graph structure. See specific usage.",
+      "type": "graph"
+    },
     "resource_type": {
       "caption": "Resource Type",
       "description": "The resource type as defined by the event source.",
@@ -4897,6 +4955,11 @@
       "type": "software_component",
       "is_array": true
     },
+    "source": {
+      "caption": "Source",
+      "description": "The source of the event or object. See specific usage.",
+      "type": "string_t"
+    },
     "sp_name": {
       "caption": "OS Service Pack",
       "description": "The name of the latest Service Pack.",
@@ -5217,6 +5280,11 @@
       "type": "key_value_object",
       "is_array": true
     },
+    "target": {
+      "caption": "Target",
+      "description": "The target of the event or object. See specific usage.",
+      "type": "string_t"
+    },
     "tcp_flags": {
       "caption": "TCP Flags",
       "description": "The network connection TCP header flags (i.e., control bits).",

objects/edge.json

@@ -0,0 +1,42 @@
+{
+  "caption": "Edge",
+  "description": "Represents a connection or relationship between two nodes in a graph.",
+  "extends": "_entity",
+  "name": "edge",
+  "attributes": {
+    "data": {
+      "description": "Additional data about the edge such as weight, distance, or custom properties.",
+      "requirement": "optional"
+    },
+    "is_directed": {
+      "description": "Indicates whether the edge is (<code>true</code>) or undirected (<code>false</code>).",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "The human-readable name or label for the edge.",
+      "requirement": "recommended"
+    },
+    "relation": {
+      "description": "The type of relationship between nodes (e.g. is-attached-to , depends-on, etc).",
+      "requirement": "recommended"
+    },
+    "source": {
+      "description": "The unique identifier of the node where the edge originates.",
+      "requirement": "required"
+    },
+    "target": {
+      "description": "The unique identifier of the node where the edge terminates.",
+      "requirement": "required"
+    },
+    "uid": {
+      "description": "Unique identifier of the edge.",
+      "requirement": "recommended"
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/graph.json

@@ -0,0 +1,78 @@
+{
+  "caption": "Graph",
+  "description": "A graph data structure representation with nodes and edges.",
+  "extends": "_entity",
+  "name": "graph",
+  "attributes": {
+    "desc": {
+      "description": "The graph description - provides additional details about the graph's purpose and contents.",
+      "requirement": "optional"
+    },
+    "edges": {
+      "description": "The edges/connections between nodes in the graph - contains the collection of <code>edge</code> objects defining relationships between nodes.",
+      "requirement": "optional"
+    },
+    "is_directed": {
+      "description": "Indicates if the graph is directed (<code>true</code>) or undirected (<code>false</code>).",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "The graph name - a human readable identifier for the graph."
+    },
+    "nodes": {
+      "description": "The nodes/vertices of the graph - contains the collection of <code>node</code> objects that make up the graph.",
+      "requirement": "required"
+    },
+    "query_language": {
+      "description": "The graph query language, normalized to the caption of the <code>query_language_id</code> value.",
+      "requirement": "optional"
+    },
+    "query_language_id": {
+      "description": "The normalized identifier of a graph query language that can be used to interact with the graph.",
+      "requirement": "recommended",
+      "enum": {
+        "1": {
+          "caption": "Cypher",
+          "description": "A declarative graph query language developed by Neo4j that allows for expressive and efficient querying of graph databases."
+        },
+        "2": {
+          "caption": "GraphQL",
+          "description": "A query language for APIs that enables declarative data fetching and provides a complete description of the data in the API."
+        },
+        "3": {
+          "caption": "Gremlin",
+          "description": "A graph traversal language and virtual machine developed by Apache TinkerPop that enables graph computing across different graph databases."
+        },
+        "4": {
+          "caption": "GQL",
+          "description": "An ISO standard graph query language designed to provide a unified way to query graph databases."
+        },
+        "5": {
+          "caption": "G-CORE",
+          "description": "A graph query language that combines features from existing languages while adding support for paths as first-class citizens."
+        },
+        "6": {
+          "caption": "PGQL",
+          "description": "Property Graph Query Language developed by Oracle that provides SQL-like syntax for querying property graphs."
+        },
+        "7": {
+          "caption": "SPARQL",
+          "description": "A semantic query language for databases that enables querying and manipulating data stored in RDF format."
+        }
+      }
+    },
+    "type": {
+      "description": "The graph type. Typically useful to represent the specifc type of graph that is used.",
+      "requirement": "optional"
+    },
+    "uid": {
+      "description": "Unique identifier of the graph - a unique ID to reference this specific graph."
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/ldap_person.json

@@ -14,6 +14,20 @@
     "deleted_time": {
       "requirement": "optional"
     },
+    "display_name": {
+      "description": "The display name of the LDAP person. According to RFC 2798, this is the preferred name of a person to be used when displaying entries.",
+      "references": [
+        {
+          "description": "RFC 2798",
+          "url": "https://www.rfc-editor.org/rfc/rfc2798.html#section-2.3"
+        },
+        {
+          "description": "Microsoft AD Schema",
+          "url": "https://learn.microsoft.com/en-us/windows/win32/adschema/a-displayname"
+        }
+      ],
+      "requirement": "optional"
+    },
     "email_addrs": {
       "requirement": "optional"
     },

objects/node.json

@@ -0,0 +1,34 @@
+{
+  "caption": "Node",
+  "description": "Represents a node or a vertex in a graph structure.",
+  "extends": "object",
+  "name": "node",
+  "attributes": {
+    "data": {
+      "description": "Additional data about the node stored as key-value pairs. Can include custom properties specific to the node.",
+      "requirement": "optional"
+    },
+    "desc": {
+      "description": "A human-readable description of the node's purpose or meaning in the graph.",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "A human-readable name or label for the node. Should be descriptive and unique within the graph context.",
+      "requirement": "recommended"
+    },
+    "type": {
+      "description": "Categorizes the node into a specific class or type. Useful for grouping and filtering nodes.",
+      "requirement": "optional"
+    },
+    "uid": {
+      "description": "A unique string or numeric identifier that distinguishes this node from all others in the graph. Must be unique across all nodes.",
+      "requirement": "required"
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/resource_details.json

@@ -47,6 +47,10 @@
       "profile": "cloud",
       "requirement": "optional"
     },
+    "resource_relationship": {
+      "description": "A graph representation showing how this resource relates to and interacts with other entities in the environment. This can include parent/child relationships, dependencies, or other connections.",
+      "requirement": "optional"
+    },
     "version": {
       "description": "The version of the resource. For example <code>1.2.3</code>.",
       "requirement": "optional"