diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f5070232..2469b2290 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,30 +42,36 @@ Thankyou! -->
## [Unreleased]
### Added
-* #### Dictionary Attributes
- 1. Added `boot_uid` as a `string_t`. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
- 1. Added `raw_data_size` as a `long_t`. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
- 1. Added `assessments` as an array of `assessment` objects. #1343
- 1. Added `meets_criteria` as a `boolean_t`. #1343
- 1. Added `display_name` attribute as a `string_t`. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
+* #### Dictionary Attributes
+ 1. Added `boot_uid` as a `string_t`. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+ 1. Added `raw_data_size` as a `long_t`. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
+ 1. Added `assessments` as an array of `assessment` objects. #1343
+ 1. Added `meets_criteria` as a `boolean_t`. #1343
+ 1. Added `display_name` attribute as a `string_t`. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
+ 1. Added `is_directed` as a `boolean_t`, `relation` as a `string_t`, `query_language` & `query_language_id` a sibling pair. #1343
+ 1. Added `resource_relationship` of type `graph`, `nodes` of type `node`, `edges` of type `edge`. #1343
* #### Objects
- 1. Added `assessment` object to capture evaluations/assessments of configurations/signals. #1343
-
+ 1. Added `assessment` object to capture evaluations/assessments of configurations/signals. #1343
+ 1. Added `node`, `edge`, `graph` objects. #1343
+
### Improved
* #### Event Classes
- 1. Added `assessments` to `config_state`. #1343
+ 1. Added `assessments` to `config_state`. #1343
+ 1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
* #### Objects
- 1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
- 1. Added `meets_criteria` and `policy` to `assessment` object. #1343
- 1. Added `assessments` to `compliance` object. #1343
- 1. Added `data` to `policy` object. #1343
- 1. Added `display_name` attribute to the `user` and `ldap_person` objects. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
-
+ 1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+ 1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
+ 1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+ 1. Added `meets_criteria` and `policy` to `assessment` object. #1343
+ 1. Added `assessments` to `compliance` object. #1343
+ 1. Added `data` to `policy` object. #1343
+ 1. Added `display_name` attribute to the `user` and `ldap_person` objects. [#1341](https://github.com/ocsf/ocsf-schema/pull/1341)
+ 1. Added `resource_relationship` to `resource_details` object. #1343
+
### Misc
- 1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
- 1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
1. Updated description of `config_state` to reflect the addition of the `assessments` object. #1343
+
## [v1.4.0] - January 31st, 2025
### Added
diff --git a/dictionary.json b/dictionary.json
index 11c7c9965..71a046abb 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -2003,6 +2003,12 @@
"description": "Represents the duration of the activity in years. See specific usage.",
"type": "integer_t"
},
+ "edges": {
+ "caption": "Edges",
+ "description": "The list of edge objects that are part of the graph.",
+ "type": "edge",
+ "is_array": true
+ },
"edition": {
"caption": "OS Edition",
"description": "The operating system edition. For example: Professional.",
@@ -2422,6 +2428,11 @@
"description": "The given or first name of the user.",
"type": "string_t"
},
+ "graph": {
+ "caption": "Graph",
+ "description": "A graph data structure representation with nodes and edges.",
+ "type": "graph"
+ },
"group": {
"caption": "Group",
"description": "The group object associated with an entity such as user, policy, or rule.",
@@ -2794,6 +2805,11 @@
"description": "Indicates if the entity was deleted. See specific usage.",
"type": "boolean_t"
},
+ "is_directed": {
+ "caption": "Directed",
+ "description": "Indicates if the entity has directionality. See specific usage.",
+ "type": "boolean_t"
+ },
"is_encrypted": {
"caption": "Encrypted",
"description": "Indicates if the entity was encrypted. See specific usage.",
@@ -3435,6 +3451,12 @@
"type": "string_t",
"is_array": true
},
+ "nodes": {
+ "caption": "Nodes",
+ "description": "The list of node objects that are part of the graph.",
+ "type": "node",
+ "is_array": true
+ },
"num_detections": {
"caption": "Detections",
"description": "The number of detections.",
@@ -4051,6 +4073,27 @@
"description": "The query info object holds information related to data access within a datastore. To access, manipulate, delete, or retrieve data from a datastore, a database query must be written using a specific syntax.",
"type": "query_info"
},
+ "query_language": {
+ "caption": "Query Language",
+ "description": "The query language, normalized to the caption of the query_language_id value. See specific usage.",
+ "type": "string_t"
+ },
+ "query_language_id": {
+ "caption": "Query Language ID",
+ "description": "The normalized identifier of the query language. See specific usage.",
+ "sibling": "query_language",
+ "type": "integer_t",
+ "enum": {
+ "0": {
+ "caption": "Unknown",
+ "description": "The Query Language is unknown."
+ },
+ "99": {
+ "caption": "Other",
+ "description": "The Query Language is not mapped. See the query_language attribute, which contains a data source specific value."
+ }
+ }
+ },
"query_result": {
"caption": "Query Result",
"description": "The result of the query.",
@@ -4224,6 +4267,11 @@
"type": "string_t",
"is_array": true
},
+ "relation": {
+ "caption": "Relation",
+ "description": "The relationship between two entities. See specific usage.",
+ "type": "string_t"
+ },
"relationship": {
"caption": "Relationship",
"description": "The relationship between two software components, normalized to the caption of the relationship_id value. In the case of 'Other', it is defined by the source.",
@@ -4322,6 +4370,11 @@
"description": "The target resource.",
"type": "resource_details"
},
+ "resource_relationship": {
+ "caption": "Resource Relationship",
+ "description": "Describes entities related to the resource, using a graph structure. See specific usage.",
+ "type": "graph"
+ },
"resource_type": {
"caption": "Resource Type",
"description": "The resource type as defined by the event source.",
@@ -4867,6 +4920,11 @@
"type": "software_component",
"is_array": true
},
+ "source": {
+ "caption": "Source",
+ "description": "The source of the event or object. See specific usage.",
+ "type": "string_t"
+ },
"sp_name": {
"caption": "OS Service Pack",
"description": "The name of the latest Service Pack.",
@@ -5187,6 +5245,11 @@
"type": "key_value_object",
"is_array": true
},
+ "target": {
+ "caption": "Target",
+ "description": "The target of the event or object. See specific usage.",
+ "type": "string_t"
+ },
"tcp_flags": {
"caption": "TCP Flags",
"description": "The network connection TCP header flags (i.e., control bits).",
diff --git a/objects/edge.json b/objects/edge.json
new file mode 100644
index 000000000..d1965ff11
--- /dev/null
+++ b/objects/edge.json
@@ -0,0 +1,42 @@
+{
+ "caption": "Edge",
+ "description": "Represents a connection or relationship between two nodes in a graph.",
+ "extends": "_entity",
+ "name": "edge",
+ "attributes": {
+ "data": {
+ "description": "Additional data about the edge such as weight, distance, or custom properties.",
+ "requirement": "optional"
+ },
+ "is_directed": {
+ "description": "Indicates whether the edge is (true) or undirected (false).",
+ "requirement": "optional"
+ },
+ "name": {
+ "description": "The human-readable name or label for the edge.",
+ "requirement": "recommended"
+ },
+ "relation": {
+ "description": "The type of relationship between nodes (e.g. is-attached-to , depends-on, etc).",
+ "requirement": "recommended"
+ },
+ "source": {
+ "description": "The unique identifier of the node where the edge originates.",
+ "requirement": "required"
+ },
+ "target": {
+ "description": "The unique identifier of the node where the edge terminates.",
+ "requirement": "required"
+ },
+ "uid": {
+ "description": "Unique identifier of the edge.",
+ "requirement": "recommended"
+ }
+ },
+ "references": [
+ {
+ "description": "JSON graph specification.",
+ "url": "https://github.com/jsongraph/json-graph-specification/"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/graph.json b/objects/graph.json
new file mode 100644
index 000000000..88d000d24
--- /dev/null
+++ b/objects/graph.json
@@ -0,0 +1,78 @@
+{
+ "caption": "Graph",
+ "description": "A graph data structure representation with nodes and edges.",
+ "extends": "_entity",
+ "name": "graph",
+ "attributes": {
+ "desc": {
+ "description": "The graph description - provides additional details about the graph's purpose and contents.",
+ "requirement": "optional"
+ },
+ "edges": {
+ "description": "The edges/connections between nodes in the graph - contains the collection of edge objects defining relationships between nodes.",
+ "requirement": "optional"
+ },
+ "is_directed": {
+ "description": "Indicates if the graph is directed (true) or undirected (false).",
+ "requirement": "optional"
+ },
+ "name": {
+ "description": "The graph name - a human readable identifier for the graph."
+ },
+ "nodes": {
+ "description": "The nodes/vertices of the graph - contains the collection of node objects that make up the graph.",
+ "requirement": "required"
+ },
+ "query_language": {
+ "description": "The graph query language, normalized to the caption of the query_language_id value.",
+ "requirement": "optional"
+ },
+ "query_language_id": {
+ "description": "The normalized identifier of a graph query language that can be used to interact with the graph.",
+ "requirement": "recommended",
+ "enum": {
+ "1": {
+ "caption": "Cypher",
+ "description": "A declarative graph query language developed by Neo4j that allows for expressive and efficient querying of graph databases."
+ },
+ "2": {
+ "caption": "GraphQL",
+ "description": "A query language for APIs that enables declarative data fetching and provides a complete description of the data in the API."
+ },
+ "3": {
+ "caption": "Gremlin",
+ "description": "A graph traversal language and virtual machine developed by Apache TinkerPop that enables graph computing across different graph databases."
+ },
+ "4": {
+ "caption": "GQL",
+ "description": "An ISO standard graph query language designed to provide a unified way to query graph databases."
+ },
+ "5": {
+ "caption": "G-CORE",
+ "description": "A graph query language that combines features from existing languages while adding support for paths as first-class citizens."
+ },
+ "6": {
+ "caption": "PGQL",
+ "description": "Property Graph Query Language developed by Oracle that provides SQL-like syntax for querying property graphs."
+ },
+ "7": {
+ "caption": "SPARQL",
+ "description": "A semantic query language for databases that enables querying and manipulating data stored in RDF format."
+ }
+ }
+ },
+ "type": {
+ "description": "The graph type. Typically useful to represent the specifc type of graph that is used.",
+ "requirement": "optional"
+ },
+ "uid": {
+ "description": "Unique identifier of the graph - a unique ID to reference this specific graph."
+ }
+ },
+ "references": [
+ {
+ "description": "JSON graph specification.",
+ "url": "https://github.com/jsongraph/json-graph-specification/"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/node.json b/objects/node.json
new file mode 100644
index 000000000..904be36b8
--- /dev/null
+++ b/objects/node.json
@@ -0,0 +1,34 @@
+{
+ "caption": "Node",
+ "description": "Represents a node or a vertex in a graph structure.",
+ "extends": "object",
+ "name": "node",
+ "attributes": {
+ "data": {
+ "description": "Additional data about the node stored as key-value pairs. Can include custom properties specific to the node.",
+ "requirement": "optional"
+ },
+ "desc": {
+ "description": "A human-readable description of the node's purpose or meaning in the graph.",
+ "requirement": "optional"
+ },
+ "name": {
+ "description": "A human-readable name or label for the node. Should be descriptive and unique within the graph context.",
+ "requirement": "recommended"
+ },
+ "type": {
+ "description": "Categorizes the node into a specific class or type. Useful for grouping and filtering nodes.",
+ "requirement": "optional"
+ },
+ "uid": {
+ "description": "A unique string or numeric identifier that distinguishes this node from all others in the graph. Must be unique across all nodes.",
+ "requirement": "required"
+ }
+ },
+ "references": [
+ {
+ "description": "JSON graph specification.",
+ "url": "https://github.com/jsongraph/json-graph-specification/"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/resource_details.json b/objects/resource_details.json
index f3b1c8ac8..2b672bca6 100644
--- a/objects/resource_details.json
+++ b/objects/resource_details.json
@@ -44,6 +44,10 @@
"profile": "cloud",
"requirement": "optional"
},
+ "resource_relationship": {
+ "description": "A graph representation showing how this resource relates to and interacts with other entities in the environment. This can include parent/child relationships, dependencies, or other connections.",
+ "requirement": "optional"
+ },
"version": {
"description": "The version of the resource. For example 1.2.3.",
"requirement": "optional"