Adjust Entity Management class (3004) to be aligned with Windows even…

…t 4662 (ocsf#1114) Adjust Entity Management class (3004) to be aligned with fields exist in Windows event 4662 - “An operation was performed on an object”. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662 #### Related Issue: ocsf#1090 #### Description of changes: We add the attributes access_list, access_mask. ![Screenshot 2024-06-04 at 15 50 27](https://github.com/ocsf/ocsf-schema/assets/100218904/5417d9a9-5956-441c-b173-437183875f49) Signed-off-by: Eliraz Levi [[email protected]](mailto:[email protected]) Co-authored-by: Rajas <[email protected]>
maxhotta · Jul 23, 2024 · f0ea6bf · f0ea6bf
1 parent d7d5665
commit f0ea6bf
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -160,6 +160,8 @@ Thankyou! -->
     7. Added a `Preauth` `activity_id` to the `Authentication` class. #1018
     8. Added the `Security Control` profile to the `Datastore Activity` class. #1030
     9. Added `risk_details` to Detection Finding. #1032
+   10. Added `access_mask` to Entity Management class. #1090
+   11. Added `access_list` to Entity Management class. #1090
 
 * #### Profiles
     n/a

diff --git a/events/iam/entity_management.json b/events/iam/entity_management.json
@@ -77,6 +77,14 @@
     "entity_result": {
       "group": "primary",
       "requirement": "recommended"
+    },
+    "access_mask": {
+      "group": "context",
+      "requirement": "optional"
+    },
+    "access_list": {
+      "group": "context",
+      "requirement": "optional"
     }
   }
 }