Addition of AI Systems Activity Category, Classes, Profiles and Objects #1431
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
irakledibm
requested review from
Aniak5,
davemcatcisco,
floydtree,
jonrau-at-queryai,
mikeradka,
pagbabian-splunk and
zschmerber
as code owners
irakledibm
changed the title
We need to convey the information that a [Service Account](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-service-accounts) was used. As there already is a `System` account type in the `user`, it seems fitting to add the Service account to the same enum. Signed-off-by: Lukáš Křečan <[email protected]>
irakledibm
force-pushed
the
main
branch
2 times, most recently
from
b730789 to
efa0824
Compare
The newly added linter action, was causing workflow failures for spelling errors, (which weren't really incorrect spellings, but more so, generally accepted terms that were simply not in the dictionary.) That is besides the point though, there was common desire in the community to not error out, but throw warnings. Which makes sense, considering the fairly common usage of "non-standard" English words in our industry. This PR updates the workflow to warn, instead of erroring out on spelling errors. All the warning should be visible inline. The PR creator and reviewers can then make discretionary call about the applicability of warnings. For example, the inline warnings look like the following -  Additionally, I am cleaning up & optimizing this workflow along with removing unused workflows from the repo. --------- Signed-off-by: Rajas Panat <[email protected]>
This reverts commit 810229d.
We have a few cases when we need to delete findings. For example: 1. The finding was created by misconfigured or buggy producer. When the issues is discovered, the producer needs to inform all services consuming the data that the finding is not valid anymore and should be discarded. 2. A customer was evaluating the product, created some test findings and now wants to start using the product in production. We need to delete the data from POC. Signed-off-by: Lukáš Křečan <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
As artificial intelligence (AI) systems become increasingly integral to enterprise infrastructure, security teams require standardized, interoperable telemetry for detecting threats, ensuring compliance, and analyzing the behavior of complex AI workflows. This proposal introduces a structured extension of OCSF to support AI system observability and security telemetry through the addition of a new category, event classes, reusable objects, and specialized profiles.
Proposed Additions to OCSF
Category:
Profiles:
Events:
Objects: