Add Zone to managed entity object #1181
Conversation
Signed-off-by: Martin McCloskey <[email protected]>
Signed-off-by: Martin McCloskey <[email protected]>
Signed-off-by: Martin McCloskey <[email protected]>
max-power15
changed the title
Signed-off-by: Martin McCloskey <[email protected]>
|
After looking at a zone.update log in Okta, i seems like the structure of the data my need to be carried by an array, also I see a zone https://schema.ocsf.io/1.3.0/objects/device?extensions= field in the schema so we would have a collision with adding a new object with the same name. |
|
Nice draft, @max-power15. I believe adding a
|
|
Great feedback, I wasn't aware of the zone attribute. Happy to adjust the object name and the additional attribute for CIDR Is there a PR for the network profile I could check out, or is it being discussed in slack? |
Hello @max-power15 , this one slipped through the cracks for me for some reason. This has been more of a discussion topic rather than any sort of PR. Perhaps this is a topic we could discuss in one of the upcoming Network syncs on Wednesdays? It may be worthwhile to send us over a ping about it in the #network slack channel. |
pagbabian-splunk
added
enhancement
| "caption": "Zone", | ||
| "description": "The Zone object describes characteristics of a network zone, a logical boundary to allow or deny access to devices based on IP addresses or geolocation for example.", | ||
| "extends": "_entity", | ||
| "name": "zone", |
There was a problem hiding this comment.
The description says that this is specifically a network zone. So I'm thinking that the object should be named network_zone. Otherwise we risk running into a name collision when some other part of the OCSF schema has the concept of a zone but with a very different meaning.
There was a problem hiding this comment.
Ditto!
If we are planning to get these changes in v1.4.0, the PR will need to updated with what @mikeradka recommended above with a slight change - zone_info can be the object name, and we can define an attribute called network_zone of type zone_info, to keep it clear and facilitate potential object reuse down the road.
@max-power15 Note that, these changes will need to be made by Jan 24th, considering that we are releasing 1.4.0 on Jan 31st. If you are unable to, we can always get the changes in the next minor release.
Let us know if you need help with this one. #schema on slack would be a good forum to discuss it.
There was a problem hiding this comment.
@floydtree I agree with this approach. It aligns with our discussion yesterday about up-leveling the dictionary attribute. If need be, we could discuss in either of the workgroup calls today. Also happy to help if need be so that we can get this into 1.4. Just let me know!
There was a problem hiding this comment.
+1. I assume the original zone was in reference to Availability Zone or other zonal boundaries within the CSPs (OCI, GCP, Azure, et al)
I like @floydtree suggestion to adapt
There was a problem hiding this comment.
@jonrau-at-queryai @jonrau-at-queryai @davemcatcisco @pagbabian-splunk @max-power15 Rajas and I discussed this offline and agreed to target this for 1.5.0. I'm tagging it accordingly, and implementation can begin after the 1.4.0 release, scheduled for Jan 31. This approach allows us to review the PR thoroughly, avoiding rushed changes or potential corrections in 1.5.
pagbabian-splunk
requested review from
pagbabian-splunk,
Aniak5,
zschmerber and
jonrau-at-queryai
as code owners
mikeradka
added
v1.5.0 or later
and removed
v1.4.0
Related Issue:
Managed Entity object was did not stand out as an obvious choice when reviewing Okta Network zones.
Description of changes:
type_idenum.