From f0ea6bff0f00c87d5b01b7d8166c778bac95f95b Mon Sep 17 00:00:00 2001
From: eliraz-levi <100218904+eliraz-levi@users.noreply.github.com>
Date: Tue, 23 Jul 2024 19:16:57 +0300
Subject: [PATCH] Adjust Entity Management class (3004) to be aligned with
 Windows event 4662 (#1114)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adjust Entity Management class (3004) to be aligned with fields exist in
Windows event 4662 - “An operation was performed on an object”.

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4662

#### Related Issue:
https://github.com/ocsf/ocsf-schema/issues/1090

#### Description of changes:
We add the attributes access_list, access_mask.
![Screenshot 2024-06-04 at 15 50
27](https://github.com/ocsf/ocsf-schema/assets/100218904/5417d9a9-5956-441c-b173-437183875f49)


Signed-off-by: Eliraz Levi
[eliraz.levi@hunters.ai](mailto:eliraz.levi@hunters.ai)

Co-authored-by: Rajas <89877409+floydtree@users.noreply.github.com>
---
 CHANGELOG.md                      | 2 ++
 events/iam/entity_management.json | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c89e49b5..3f64d1d69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -160,6 +160,8 @@ Thankyou! -->
     7. Added a `Preauth` `activity_id` to the `Authentication` class. #1018
     8. Added the `Security Control` profile to the `Datastore Activity` class. #1030
     9. Added `risk_details` to Detection Finding. #1032
+   10. Added `access_mask` to Entity Management class. #1090
+   11. Added `access_list` to Entity Management class. #1090
 
 * #### Profiles
     n/a
diff --git a/events/iam/entity_management.json b/events/iam/entity_management.json
index 77e9550a0..c33d0cfff 100644
--- a/events/iam/entity_management.json
+++ b/events/iam/entity_management.json
@@ -77,6 +77,14 @@
     "entity_result": {
       "group": "primary",
       "requirement": "recommended"
+    },
+    "access_mask": {
+      "group": "context",
+      "requirement": "optional"
+    },
+    "access_list": {
+      "group": "context",
+      "requirement": "optional"
     }
   }
 }