Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a new attributes, objects to represent resource relationships as a graph. #1345

Merged
merged 19 commits into from
Feb 19, 2025
Merged

Adding a new attributes, objects to represent resource relationships as a graph. #1345

merged 19 commits into from
Feb 19, 2025

Conversation

floydtree
Copy link
Contributor

@floydtree floydtree commented Feb 10, 2025
edited
Loading

Description of changes:

  1. Adding a graph object. Adding constituent node, edge objects. This object is designed using existing JSON graph representation, with a few modifications to maintain consistency with OCSF.
  2. Creating a new attribute relationship_graph of type graph. Adding it as an optional attribute of resource_details object.

A simple exemplification of the proposed graph structure. -
The following represents relationships of an EC2 instance, which is a target resource of a particular finding. The information added via these relationships, can be considered as supplementary information about the resource itself. Note that, it's not establishing relationships amongst intra-event resources/entities. Although that's another potential use-case of this object.

{
    "resource_relationship": {
        "desc": "Relationships for SampleEC2Instance",
        "name": "SampleEC2Instance Relationships",
        "type": "Resource Relationship Graph",
        "uid": "UID of the relationship graph",
        "edges": [
            {
                "name": "InstanceToSG",
                "relation": "IsAssociatedWith",
                "source": "Instance ARN",
                "target": "SG ARN",
                "uid": "UID of the edge"
            },
            {
                "name": "InstanceInVPC",
                "relation": "IsContainedIn",
                "source": "Instance ARN",
                "target": "VPC ARN",
                "uid": "UID of the edge"
            },
            {
                "name": "InstanceToVolume",
                "relation": "IsAttachedTo",
                "source": "Instance ARN",
                "target": "EBS ARN",
                "uid": "UID of the edge"
            },
            {
                "name": "InstanceToInstanceProfile",
                "relation": "IsAssociatedWith",
                "source": "Instance ARN",
                "target": "Instance Profile ARN",
                "uid": "UID of the edge"
            },
            {
                "name": "InstanceProfiletoIAMRole",
                "relation": "IsAssociatedWith",
                "source": "Instance Profile ARN",
                "target": "IAM Role ARN",
                "uid": "UID of the edge"
            },
            {
                "name": "IAMRoletoIAMPolicy",
                "relation": "IsAttachedTo",
                "source": "IAM Policy ARN",
                "target": "IAM Role ARN",
                "uid": "UID of the edge"
            }
        ],
        "nodes": [
            {
                "name": "SampleEC2Instance",
                "type": "EC2Instance",
                "uid": "Instance ARN"
            },
            {
                "name": "WebServer SG",
                "type": "SecurityGroup",
                "uid": "SG ARN"
            },
            {
                "name": "Production VPC",
                "type": "VPC",
                "uid": "VPC ARN"
            },
            {
                "name": "EBS Volume",
                "type": "EBS",
                "uid": "EBS ARN"
            },
            {
                "name": "My Instance Profile",
                "type": "EC2 Instance Profile",
                "uid": "Instance Profile ARN"
            },
            {
                "name": "My Role",
                "type": "IAM Role",
                "uid": "IAM Role ARN"
            },
            {
                "name": "My Policy",
                "type": "IAM Policy",
                "uid": "IAM Policy ARN"
            }
        ]
    }
}

The above can be simply rendered as ->
image

floydtree and others added 8 commits December 26, 2024 11:48
@floydtree
adding new objects to support relationship graph representation
38ebb20 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
relevant dictionary changes
a24aabf 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
Merge branch 'ocsf:main' into graph
aa08d23
@floydtree
Merge branch 'ocsf:main' into graph
d5ee5e1
@floydtree
Merge branch 'ocsf:main' into graph
023e830
@floydtree
updating descriptions
4d9693e 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
description cleanup
51a1112 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
updating definition of the node object
8159f9a 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree floydtree added the v1.5.0 Items to be considered for OCSF v1.5.0 label Feb 10, 2025
jonrau-at-queryai
jonrau-at-queryai requested changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@jonrau-at-queryai jonrau-at-queryai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really love this. Some suggestions, clarifications.

floydtree and others added 3 commits February 11, 2025 10:53
@floydtree
adding directionality boolean to graph and edge objects
c1455b1 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
Merge branch 'main' into graph
0490ff4
@floydtree
adding query language enum to the graph object
ba2aa2f 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree floydtree self-assigned this Feb 11, 2025
floydtree and others added 2 commits February 11, 2025 14:42
@floydtree
adding relevant changelog entries
c15d239 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
Merge branch 'main' into graph
b80210a 
Signed-off-by: Rajas <89877409+floydtree@users.noreply.github.com>
Aniak5
Aniak5 reviewed Feb 18, 2025
View reviewed changes
mikeradka
mikeradka previously approved these changes Feb 18, 2025
View reviewed changes
@mikeradka mikeradka self-requested a review February 18, 2025 22:52
@floydtree
fixing caption of the edge object
18f377f 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree floydtree requested a review from Aniak5 February 18, 2025 23:04
zschmerber
zschmerber previously approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@zschmerber zschmerber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@floydtree
Merge branch 'main' into graph
f6c0df4 
Signed-off-by: Rajas <89877409+floydtree@users.noreply.github.com>
@floydtree
grammatical fixes for enum desc
ea6981b 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
updating attribute name and descriptions
12a9f8e 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
@floydtree
minor correction in the changelog
738d270 
Signed-off-by: Rajas Panat <rajaspa@amazon.com>
Aniak5
Aniak5 approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@Aniak5 Aniak5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Awesome work @floydtree , this is such a great idea!

jonrau-at-queryai
jonrau-at-queryai approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@jonrau-at-queryai jonrau-at-queryai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LFG! 🔥

zschmerber
zschmerber approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@zschmerber zschmerber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New OCSF graph visuals going to get some frontend dev promoted..

@zschmerber zschmerber merged commit 57095be into ocsf:main Feb 19, 2025
3 checks passed
@floydtree floydtree deleted the graph branch February 19, 2025 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Aniak5 Aniak5 Aniak5 approved these changes

@zschmerber zschmerber zschmerber approved these changes

@jonrau-at-queryai jonrau-at-queryai jonrau-at-queryai approved these changes

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@davemcatcisco davemcatcisco Awaiting requested review from davemcatcisco davemcatcisco is a code owner

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

Assignees

@floydtree floydtree

Labels
v1.5.0 Items to be considered for OCSF v1.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@floydtree @Aniak5 @zschmerber @mikeradka @jonrau-at-queryai