You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are working on exchanging telemetry findings from different security scanners (e.g., GitHub Advanced Security and other vulnerability sources) between multiple posture management systems.
As a unified interchange format, we find OCSF very promising and are currently in the process of mapping different types of telemetry findings into OCSF event classes (particularly Class 2002 – Vulnerability Finding).
While doing this, we encountered a modeling question regarding repository context in GitHub Advanced Security findings:
In resource_details, there is no explicit url attribute for resources such as repositories. At the same time, GitHub findings naturally include a repository URL as a key reference point.
We are trying to understand the recommended OCSF-compliant approach for representing this relationship:
Should the repository URL be modeled as an observable (type url)?
Or should it be included via enrichment or extensions?
Or is there another preferred pattern for linking vulnerability findings to their originating repository in OCSF?
Any guidance on the intended modeling approach for this type of cross-system telemetry exchange would be greatly appreciated.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Open Cybersecurity Schema Framework
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We are working on exchanging telemetry findings from different security scanners (e.g., GitHub Advanced Security and other vulnerability sources) between multiple posture management systems.
As a unified interchange format, we find OCSF very promising and are currently in the process of mapping different types of telemetry findings into OCSF event classes (particularly Class 2002 – Vulnerability Finding).
While doing this, we encountered a modeling question regarding repository context in GitHub Advanced Security findings:
In resource_details, there is no explicit url attribute for resources such as repositories. At the same time, GitHub findings naturally include a repository URL as a key reference point.
We are trying to understand the recommended OCSF-compliant approach for representing this relationship:
Any guidance on the intended modeling approach for this type of cross-system telemetry exchange would be greatly appreciated.
Beta Was this translation helpful? Give feedback.
All reactions