├── .github
└── workflows
│ └── ci.yml
├── .gitignore
├── LICENSE
├── README.md
├── clients
├── gcp
│ └── client.go
├── snyk
│ ├── client.go
│ └── types.go
└── tenable
│ ├── client.go
│ └── types.go
├── datastore
├── arrowhelpers.go
├── base.go
├── localjson.go
├── localparquet.go
├── parquethelpers.go
├── s3json.go
├── s3parquet.go
├── s3tables.go
└── types.go
├── go.mod
├── go.sum
├── main.go
├── ocsf
├── account.go
├── actor.go
├── affectedcode.go
├── affectedsoftwarepackage.go
├── agent.go
├── analytic.go
├── api.go
├── api_activity.go
├── auth_factor.go
├── authorization.go
├── autonomous_system.go
├── certificate.go
├── container.go
├── cve.go
├── cvss.go
├── cwe.go
├── device.go
├── devicehwinfo.go
├── display.go
├── dto.go
├── enrichment.go
├── environment_var.go
├── epss.go
├── feature.go
├── file.go
├── findinginfo.go
├── fingerprint.go
├── geolocation.go
├── group.go
├── http.go
├── identity_provider.go
├── image.go
├── kbarticle.go
├── key_value_object.go
├── keyboardinfo.go
├── killchainphase.go
├── ldapperson.go
├── logger.go
├── metadata.go
├── metric.go
├── mitreattck.go
├── network_endpoint.go
├── network_proxy.go
├── networkinterface.go
├── observable.go
├── organization.go
├── os.go
├── policy.go
├── process.go
├── process_entity.go
├── product.go
├── relatedevent.go
├── remediation.go
├── reputation.go
├── request.go
├── resourcedetails.go
├── response.go
├── san.go
├── schemaextention.go
├── scim.go
├── service.go
├── session.go
├── sso.go
├── subtechnique.go
├── tactic.go
├── technique.go
├── url.go
├── user.go
├── v1_4_0
│ ├── account.go
│ ├── account_change.go
│ ├── actor.go
│ ├── admin_group_query.go
│ ├── advisory.go
│ ├── affected_code.go
│ ├── affected_package.go
│ ├── agent.go
│ ├── airborne_broadcast_activity.go
│ ├── aircraft.go
│ ├── analytic.go
│ ├── api.go
│ ├── api_activity.go
│ ├── application_error.go
│ ├── application_lifecycle.go
│ ├── attack.go
│ ├── auth_factor.go
│ ├── authentication.go
│ ├── authorization.go
│ ├── authorize_session.go
│ ├── autonomous_system.go
│ ├── base_event.go
│ ├── certificate.go
│ ├── cis_benchmark.go
│ ├── cis_benchmark_result.go
│ ├── cis_control.go
│ ├── cis_csc.go
│ ├── classifier_details.go
│ ├── cloud.go
│ ├── cloud_resources_inventory_info.go
│ ├── compliance.go
│ ├── compliance_finding.go
│ ├── config_state.go
│ ├── container.go
│ ├── cve.go
│ ├── cvss.go
│ ├── cwe.go
│ ├── d3f_tactic.go
│ ├── d3f_technique.go
│ ├── d3fend.go
│ ├── data_classification.go
│ ├── data_security.go
│ ├── data_security_finding.go
│ ├── database.go
│ ├── databucket.go
│ ├── datastore_activity.go
│ ├── dce_rpc.go
│ ├── detection_finding.go
│ ├── device.go
│ ├── device_config_state_change.go
│ ├── device_hw_info.go
│ ├── dhcp_activity.go
│ ├── digital_signature.go
│ ├── discovery_details.go
│ ├── display.go
│ ├── dns_activity.go
│ ├── dns_answer.go
│ ├── dns_query.go
│ ├── domain_contact.go
│ ├── drone_flights_activity.go
│ ├── email.go
│ ├── email_activity.go
│ ├── email_auth.go
│ ├── email_file_activity.go
│ ├── email_url_activity.go
│ ├── encryption_details.go
│ ├── endpoint.go
│ ├── endpoint_connection.go
│ ├── enrichment.go
│ ├── entity_management.go
│ ├── environment_variable.go
│ ├── epss.go
│ ├── event_log_actvity.go
│ ├── evidences.go
│ ├── extension.go
│ ├── feature.go
│ ├── file.go
│ ├── file_activity.go
│ ├── file_hosting.go
│ ├── file_query.go
│ ├── file_remediation_activity.go
│ ├── finding.go
│ ├── finding_info.go
│ ├── fingerprint.go
│ ├── firewall_rule.go
│ ├── folder_query.go
│ ├── ftp_activity.go
│ ├── group.go
│ ├── group_management.go
│ ├── hassh.go
│ ├── http_activity.go
│ ├── http_cookie.go
│ ├── http_header.go
│ ├── http_request.go
│ ├── http_response.go
│ ├── idp.go
│ ├── image.go
│ ├── incident_finding.go
│ ├── inventory_info.go
│ ├── ja4_fingerprint.go
│ ├── job.go
│ ├── job_query.go
│ ├── kb_article.go
│ ├── kernel.go
│ ├── kernel_activity.go
│ ├── kernel_driver.go
│ ├── kernel_extension_activity.go
│ ├── kernel_object_query.go
│ ├── key_value_object.go
│ ├── keyboard_info.go
│ ├── kill_chain_phase.go
│ ├── ldap_person.go
│ ├── load_balancer.go
│ ├── location.go
│ ├── logger.go
│ ├── long_string.go
│ ├── malware.go
│ ├── managed_entity.go
│ ├── memory_activity.go
│ ├── metadata.go
│ ├── metric.go
│ ├── module.go
│ ├── module_activity.go
│ ├── module_query.go
│ ├── network_activity.go
│ ├── network_connection_info.go
│ ├── network_connection_query.go
│ ├── network_endpoint.go
│ ├── network_file_activity.go
│ ├── network_interface.go
│ ├── network_proxy.go
│ ├── network_remediation_activity.go
│ ├── network_traffic.go
│ ├── networks_query.go
│ ├── ntp_activity.go
│ ├── object.go
│ ├── observable.go
│ ├── occurrence_details.go
│ ├── organization.go
│ ├── os.go
│ ├── osint.go
│ ├── osint_inventory_info.go
│ ├── package.go
│ ├── patch_state.go
│ ├── peripheral_device.go
│ ├── peripheral_device_query.go
│ ├── policy.go
│ ├── prefetch_query.go
│ ├── process.go
│ ├── process_activity.go
│ ├── process_entity.go
│ ├── process_query.go
│ ├── process_remediation_activity.go
│ ├── product.go
│ ├── query_info.go
│ ├── rdp_activity.go
│ ├── reg_key.go
│ ├── reg_value.go
│ ├── registry_key_activity.go
│ ├── registry_key_query.go
│ ├── registry_value_activity.go
│ ├── registry_value_query.go
│ ├── related_event.go
│ ├── remediation.go
│ ├── remediation_activity.go
│ ├── reputation.go
│ ├── request.go
│ ├── resource_details.go
│ ├── response.go
│ ├── rpc_interface.go
│ ├── rule.go
│ ├── san.go
│ ├── sbom.go
│ ├── scan.go
│ ├── scan_activity.go
│ ├── scheduled_job_activity.go
│ ├── scim.go
│ ├── script.go
│ ├── script_activity.go
│ ├── security_finding.go
│ ├── security_state.go
│ ├── service.go
│ ├── service_query.go
│ ├── session.go
│ ├── session_query.go
│ ├── smb_activity.go
│ ├── software_component.go
│ ├── software_info.go
│ ├── span.go
│ ├── ssh_activity.go
│ ├── sso.go
│ ├── startup_item.go
│ ├── startup_item_query.go
│ ├── sub_technique.go
│ ├── table.go
│ ├── tactic.go
│ ├── technique.go
│ ├── ticket.go
│ ├── timespan.go
│ ├── tls.go
│ ├── tls_extension.go
│ ├── trace.go
│ ├── tunnel_activity.go
│ ├── unmanned_aerial_system.go
│ ├── unmanned_system_operating_area.go
│ ├── url.go
│ ├── user.go
│ ├── user_access.go
│ ├── user_inventory.go
│ ├── user_query.go
│ ├── vendor_attributes.go
│ ├── vulnerability.go
│ ├── vulnerability_finding.go
│ ├── web_resource.go
│ ├── web_resource_access_activity.go
│ ├── web_resources_activity.go
│ ├── whois.go
│ ├── win_resource.go
│ ├── win_service.go
│ ├── windows_resource_activity.go
│ └── windows_service_activity.go
├── vulnerabilitydetails.go
└── vulnerabilityfinding.go
├── scripts
├── 1.4.0.json
└── model_gen.go
└── syncers
├── gcpauditlog
└── gcpauditlog.go
├── inspector.go
├── securityhub.go
├── snyk.go
└── tenable.go
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
1 | name: CI Pipeline
2 |
3 | on:
4 | push:
5 | branches: [ main ]
6 | pull_request:
7 | schedule:
8 | - cron: '0 0 * * *'
9 |
10 | jobs:
11 | build:
12 | runs-on: ubuntu-latest
13 |
14 | steps:
15 | - uses: actions/checkout@v4
16 |
17 | - name: Set up Go
18 | uses: actions/setup-go@v5
19 | with:
20 | go-version: '1.22'
21 |
22 | - name: Install dependencies
23 | run: go mod download
24 |
25 | - name: Run build
26 | run: go build ./...
27 |
28 | - name: Run tests
29 | run: go test ./...
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # If you prefer the allow list template instead of the deny list, see community template:
2 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
3 | #
4 | # Binaries for programs and plugins
5 | *.exe
6 | *.exe~
7 | *.dll
8 | *.so
9 | *.dylib
10 |
11 | # Test binary, built with `go test -c`
12 | *.test
13 |
14 | # Output of the go coverage tool, specifically when used with LiteIDE
15 | *.out
16 |
17 | # Dependency directories (remove the comment below to include it)
18 | # vendor/
19 |
20 | # Go workspace file
21 | go.work
22 | go.work.sum
23 |
24 | # env file
25 | .env
26 |
27 | *.parquet
28 |
29 | data/
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2025 Santiago Labs, Inc.
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/datastore/localjson.go:
--------------------------------------------------------------------------------
1 | package datastore
2 |
3 | import (
4 | "context"
5 | "encoding/json"
6 | "fmt"
7 | "log/slog"
8 | "os"
9 | "path/filepath"
10 | "reflect"
11 | "time"
12 |
13 | "github.com/samsarahq/go/oops"
14 | )
15 |
16 | type localJsonDatastore[T any] struct {
17 | BaseDatastore[T]
18 |
19 | currentPath string
20 | basepath string
21 | }
22 |
23 | // localJsonDatastore implements the Datastore interface using local JSON files for storage.
24 | // It provides methods to retrieve, save, and manage ocsf data in JSON format.
25 | func NewLocalJsonDatastore[T any](ctx context.Context) (Datastore[T], error) {
26 |
27 | typeName := reflect.TypeOf((*T)(nil)).Elem().Name()
28 | if err := os.MkdirAll(basepaths[typeName], 0755); err != nil {
29 | return nil, oops.Wrapf(err, "failed to create directory")
30 | }
31 |
32 | s := &localJsonDatastore[T]{
33 | basepath: basepaths[typeName],
34 | }
35 |
36 | s.BaseDatastore = BaseDatastore[T]{
37 | store: s,
38 | }
39 |
40 | return s, nil
41 | }
42 |
43 | // GetItemsFromFile retrieves all ocsf data from a specific file path.
44 | // It reads the gzipped JSON file and parses it into a slice of ocsf data.
45 | func (s *localJsonDatastore[T]) GetItemsFromFile(ctx context.Context, path string) ([]T, error) {
46 | data, err := os.ReadFile(path)
47 | if err != nil {
48 | return nil, oops.Wrapf(err, "failed to read JSON file from disk")
49 | }
50 |
51 | var items []T
52 | if err := json.Unmarshal(data, &items); err != nil {
53 | return nil, oops.Wrapf(err, "failed to parse JSON file")
54 | }
55 |
56 | return items, nil
57 | }
58 |
59 | // WriteBatch creates a new JSON file for storing ocsf data.
60 | // It marshals the data into a JSON object and writes it to the specified file path.
61 | func (s *localJsonDatastore[T]) WriteBatch(ctx context.Context, items []T) error {
62 | allItems := items
63 |
64 | if s.currentPath == "" {
65 | s.currentPath = filepath.Join(s.basepath, fmt.Sprintf("%s.json", time.Now().Format("20060102T150405Z")))
66 | } else {
67 | fileItems, err := s.GetItemsFromFile(ctx, s.currentPath)
68 | if err != nil {
69 | return oops.Wrapf(err, "failed to get existing items from disk")
70 | }
71 |
72 | allItems = append(allItems, fileItems...)
73 | }
74 |
75 | jsonData, err := json.Marshal(allItems)
76 | if err != nil {
77 | return oops.Wrapf(err, "failed to marshal items to JSON")
78 | }
79 |
80 | if err := os.WriteFile(s.currentPath, jsonData, 0644); err != nil {
81 | return oops.Wrapf(err, "failed to write JSON to disk")
82 | }
83 |
84 | slog.Info("Wrote JSON file to disk", "path", s.currentPath, "items", len(allItems))
85 |
86 | return nil
87 | }
88 |
--------------------------------------------------------------------------------
/datastore/localparquet.go:
--------------------------------------------------------------------------------
1 | package datastore
2 |
3 | import (
4 | "context"
5 | "fmt"
6 | "log/slog"
7 | "os"
8 | "path/filepath"
9 | "reflect"
10 | "time"
11 |
12 | goParquet "github.com/parquet-go/parquet-go"
13 | "github.com/samsarahq/go/oops"
14 | )
15 |
16 | type localParquetDatastore[T any] struct {
17 | BaseDatastore[T]
18 |
19 | currentPath string
20 | basepath string
21 | }
22 |
23 | // NewLocalParquetDatastore creates a new local Parquet datastore.
24 | func NewLocalParquetDatastore[T any](ctx context.Context) (Datastore[T], error) {
25 |
26 | typeName := reflect.TypeOf((*T)(nil)).Elem().Name()
27 | if err := os.MkdirAll(basepaths[typeName], 0755); err != nil {
28 | return nil, oops.Wrapf(err, "failed to create directory")
29 | }
30 |
31 | s := &localParquetDatastore[T]{
32 | basepath: basepaths[typeName],
33 | }
34 |
35 | s.BaseDatastore = BaseDatastore[T]{
36 | store: s,
37 | }
38 |
39 | return s, nil
40 | }
41 |
42 | // GetItemsFromFile retrieves all ocsf data from a specific file path.
43 | // It reads the Parquet file and parses it into a slice of ocsf data.
44 | func (s *localParquetDatastore[T]) GetItemsFromFile(ctx context.Context, path string) ([]T, error) {
45 | items, err := goParquet.ReadFile[T](path)
46 | if err != nil {
47 | return nil, oops.Wrapf(err, "failed to read parquet file")
48 | }
49 |
50 | return items, nil
51 | }
52 |
53 | // createFile creates a new Parquet file for storing ocsf data.
54 | // It writes the data to the specified file path.
55 | func (s *localParquetDatastore[T]) WriteBatch(ctx context.Context, items []T) error {
56 | allItems := items
57 |
58 | if s.currentPath == "" {
59 | s.currentPath = filepath.Join(s.basepath, fmt.Sprintf("%s.parquet.gz", time.Now().Format("20060102T150405Z")))
60 | } else {
61 | fileItems, err := s.GetItemsFromFile(ctx, s.currentPath)
62 | if err != nil {
63 | return oops.Wrapf(err, "failed to get existing items from disk")
64 | }
65 | allItems = append(allItems, fileItems...)
66 | }
67 |
68 | err := goParquet.WriteFile(s.currentPath, allItems, goParquet.Compression(&goParquet.Gzip))
69 | if err != nil {
70 | return oops.Wrapf(err, "failed to write to parquet")
71 | }
72 |
73 | slog.Info("Wrote parquet file to disk",
74 | "path", s.currentPath,
75 | "items", len(allItems),
76 | )
77 |
78 | return nil
79 | }
80 |
--------------------------------------------------------------------------------
/datastore/types.go:
--------------------------------------------------------------------------------
1 | package datastore
2 |
3 | import (
4 | "context"
5 | "errors"
6 | "path/filepath"
7 | )
8 |
9 | var Basepath = "data"
10 |
11 | var (
12 | basepaths = map[string]string{
13 | "VulnerabilityFinding": filepath.Join(Basepath, "vulnerability_finding"),
14 | "APIActivity": filepath.Join(Basepath, "api_activity"),
15 | }
16 | )
17 |
18 | var ErrNotFound = errors.New("not found")
19 |
20 | const maxFileSize = 128 * 1024 * 1024 // 128 MB
21 | const avgFindingSize = 5 * 1024 // 5 KB, rough estimate
22 |
23 | // Datastore defines the interface for vulnerability finding storage.
24 | // It provides methods to retrieve, save, and manage vulnerability findings.
25 | // Each implementation of Datastore is responsible for reading and writing to a file, and building the in-memory index of finding IDs to file paths.
26 | type Datastore[T any] interface {
27 | // Save saves a list to the datastore.
28 | Save(ctx context.Context, items []T) error
29 |
30 | // WriteBatch writes a batch of items to a specific file in a specific format.
31 | WriteBatch(ctx context.Context, items []T) error
32 | }
33 |
--------------------------------------------------------------------------------
/ocsf/account.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AccountFields defines the Arrow fields for Account.
8 | var AccountFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
12 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
13 | }
14 |
15 | var AccountStruct = arrow.StructOf(AccountFields...)
16 | var AccountClassname = "account"
17 |
18 | type Account struct {
19 | Name *string `json:"name,omitempty" parquet:"name,optional"`
20 | Type *string `json:"type,omitempty" parquet:"type,optional"`
21 | // TypeID enum: [3,6,99,0,1,2,10,4,5,7,8,9]
22 | TypeID *int `json:"type_id,omitempty" parquet:"type_id,optional"`
23 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
24 | }
25 |
--------------------------------------------------------------------------------
/ocsf/actor.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ActorFields defines the Arrow fields for Actor.
8 | var ActorFields = []arrow.Field{
9 | {Name: "app_name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "app_uid", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "authorizations", Type: arrow.ListOf(AuthorizationStruct), Nullable: true},
12 | {Name: "idp", Type: IdentityProviderStruct, Nullable: true},
13 | {Name: "invoked_by", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "process", Type: ProcessStruct, Nullable: true},
15 | {Name: "session", Type: SessionStruct, Nullable: true},
16 | {Name: "user", Type: UserStruct, Nullable: true},
17 | }
18 |
19 | var ActorStruct = arrow.StructOf(ActorFields...)
20 | var ActorClassname = "actor"
21 |
22 | type Actor struct {
23 | AppName *string `json:"app_name,omitempty" parquet:"app_name,optional"`
24 | AppUID *string `json:"app_uid,omitempty" parquet:"app_uid,optional"`
25 | Authorizations []*Authorization `json:"authorizations,omitempty" parquet:"authorizations,list,optional"`
26 | IDP *IdentityProvider `json:"idp,omitempty" parquet:"idp,optional"`
27 | InvokedBy *string `json:"invoked_by,omitempty" parquet:"invoked_by,optional"`
28 | Process *Process `json:"process,omitempty" parquet:"process,optional"`
29 | Session *Session `json:"session,omitempty" parquet:"session,optional"`
30 | User *User `json:"user,omitempty" parquet:"user,optional"`
31 | }
32 |
--------------------------------------------------------------------------------
/ocsf/affectedcode.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AffectedCodeFields defines the Arrow fields for AffectedCode.
8 | var AffectedCodeFields = []arrow.Field{
9 | {Name: "end_line", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
10 | {Name: "start_line", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
11 | {Name: "file", Type: FileStruct, Nullable: false},
12 | {Name: "owner", Type: UserStruct, Nullable: true},
13 | {Name: "remediation", Type: RemediationStruct, Nullable: true},
14 | }
15 |
16 | var AffectedCodeStruct = arrow.StructOf(AffectedCodeFields...)
17 | var AffectedCodeClassname = "affected_code"
18 |
19 | type AffectedCode struct {
20 | EndLine int32 `json:"end_line" parquet:"end_line"`
21 | StartLine int32 `json:"start_line" parquet:"start_line"`
22 | File File `json:"file" parquet:"file"`
23 | Owner *User `json:"owner" parquet:"owner,optional"`
24 | Remediation *Remediation `json:"remediation" parquet:"remediation,optional"`
25 | }
26 |
--------------------------------------------------------------------------------
/ocsf/affectedsoftwarepackage.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AffectedSoftwarePackageFields defines the Arrow fields for AffectedSoftwarePackage.
8 | var AffectedSoftwarePackageFields = []arrow.Field{
9 | {Name: "architecture", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "epoch", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
11 | {Name: "fixed_in_version", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "license", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
14 | {Name: "package_manager", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "purl", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "release", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "remediation", Type: RemediationStruct, Nullable: true},
19 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
20 | }
21 |
22 | var AffectedSoftwarePackageStruct = arrow.StructOf(AffectedSoftwarePackageFields...)
23 | var AffectedSoftwarePackageClassname = "affected_software_package"
24 |
25 | type AffectedSoftwarePackage struct {
26 | Architecture *string `json:"architecture,omitempty" parquet:"architecture,optional"`
27 | Epoch *int32 `json:"epoch,omitempty" parquet:"epoch,optional"`
28 | FixedInVersion *string `json:"fixed_in_version,omitempty" parquet:"fixed_in_version,optional"`
29 | License *string `json:"license,omitempty" parquet:"license,optional"`
30 | Name string `json:"name" parquet:"name"`
31 | PackageManager *string `json:"package_manager,omitempty" parquet:"package_manager,optional"`
32 | Path *string `json:"path,omitempty" parquet:"path,optional"`
33 | Purl *string `json:"purl,omitempty" parquet:"purl,optional"`
34 | Release *string `json:"release,omitempty" parquet:"release,optional"`
35 | Remediation *Remediation `json:"remediation,omitempty" parquet:"remediation,optional"`
36 | Version string `json:"version" parquet:"version"`
37 | }
38 |
--------------------------------------------------------------------------------
/ocsf/agent.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AgentFields defines the Arrow fields for Agent.
8 | var AgentFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
12 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "uid_alt", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "vendor_name", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "policies", Type: arrow.ListOf(PolicyStruct), Nullable: true},
17 | }
18 |
19 | var AgentStruct = arrow.StructOf(AgentFields...)
20 | var AgentClassname = "agent"
21 |
22 | type Agent struct {
23 | Name *string `json:"name,omitempty" parquet:"name,optional"`
24 | Type *string `json:"type,omitempty" parquet:"type,optional"`
25 | TypeID *int `json:"type_id,omitempty" parquet:"type_id,optional"`
26 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | UIDAlt *string `json:"uid_alt,omitempty" parquet:"uid_alt,optional"`
28 | VendorName *string `json:"vendor_name,omitempty" parquet:"vendor_name,optional"`
29 | Version *string `json:"version,omitempty" parquet:"version,optional"`
30 | Policies []*Policy `json:"policies,omitempty" parquet:"policies,list,optional"`
31 | }
32 |
--------------------------------------------------------------------------------
/ocsf/api.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // APIFields defines the Arrow fields for API.
8 | var APIFields = []arrow.Field{
9 | {Name: "group", Type: GroupStruct, Nullable: true},
10 | {Name: "operation", Type: arrow.BinaryTypes.String, Nullable: false},
11 | {Name: "request", Type: RequestStruct, Nullable: true},
12 | {Name: "response", Type: ResponseStruct, Nullable: true},
13 | {Name: "service", Type: ServiceStruct, Nullable: true},
14 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
15 | }
16 |
17 | var APIStruct = arrow.StructOf(APIFields...)
18 | var APIClassname = "api"
19 |
20 | type API struct {
21 | Group *Group `json:"group,omitempty" parquet:"group,optional"`
22 | Operation string `json:"operation" parquet:"operation"`
23 | Request *Request `json:"request,omitempty" parquet:"request,optional"`
24 | Response *Response `json:"response,omitempty" parquet:"response,optional"`
25 | Service *Service `json:"service,omitempty" parquet:"service,optional"`
26 | Version *string `json:"version,omitempty" parquet:"version,optional"`
27 | }
28 |
--------------------------------------------------------------------------------
/ocsf/auth_factor.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AuthFactorFields defines the Arrow fields for AuthFactor.
8 | var AuthFactorFields = []arrow.Field{
9 | {Name: "device", Type: DeviceStruct, Nullable: true},
10 | {Name: "email", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "factor_type", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "factor_type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
13 | {Name: "is_hotp", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
14 | {Name: "is_totp", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
15 | {Name: "phone_number", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "security_questions", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
18 | }
19 |
20 | var AuthFactorStruct = arrow.StructOf(AuthFactorFields...)
21 | var AuthFactorClassname = "auth_factor"
22 |
23 | type AuthFactor struct {
24 | Device *Device `json:"device,omitempty" parquet:"device,optional"`
25 | Email *string `json:"email,omitempty" parquet:"email,optional"`
26 | FactorType *string `json:"factor_type,omitempty" parquet:"factor_type,optional"`
27 | FactorTypeID int32 `json:"factor_type_id" parquet:"factor_type_id"`
28 | IsHOTP *bool `json:"is_hotp,omitempty" parquet:"is_hotp,optional"`
29 | IsTOTP *bool `json:"is_totp,omitempty" parquet:"is_totp,optional"`
30 | PhoneNumber *string `json:"phone_number,omitempty" parquet:"phone_number,optional"`
31 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
32 | SecurityQuestions []string `json:"security_questions,omitempty" parquet:"security_questions,list,optional"`
33 | }
34 |
--------------------------------------------------------------------------------
/ocsf/authorization.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AuthorizationFields defines the Arrow fields for Authorization.
8 | var AuthorizationFields = []arrow.Field{
9 | {Name: "decision", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "policy", Type: PolicyStruct, Nullable: true},
11 | }
12 |
13 | var AuthorizationStruct = arrow.StructOf(AuthorizationFields...)
14 | var AuthorizationClassname = "authorization"
15 |
16 | type Authorization struct {
17 | Decision *string `json:"decision,omitempty" parquet:"decision,optional"`
18 | Policy *Policy `json:"policy,omitempty" parquet:"policy,optional"`
19 | }
20 |
--------------------------------------------------------------------------------
/ocsf/autonomous_system.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // AutonomousSystemFields defines the Arrow fields for AutonomousSystem.
8 | var AutonomousSystemFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "number", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
11 | }
12 |
13 | var AutonomousSystemStruct = arrow.StructOf(AutonomousSystemFields...)
14 | var AutonomousSystemClassname = "autonomous_system"
15 |
16 | type AutonomousSystem struct {
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 | Number *int `json:"number,omitempty" parquet:"number,optional"`
19 | }
20 |
--------------------------------------------------------------------------------
/ocsf/certificate.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // DigitalCertificateFields defines the Arrow fields for Digital Certificate.
8 | var DigitalCertificateFields = []arrow.Field{
9 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
10 | {Name: "expiration_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
11 | {Name: "fingerprints", Type: arrow.ListOf(FingerprintStruct), Nullable: true},
12 | {Name: "is_self_signed", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
13 | {Name: "issuer", Type: arrow.BinaryTypes.String, Nullable: false},
14 | {Name: "sans", Type: arrow.ListOf(SubjectAlternativeNameStruct), Nullable: true},
15 | {Name: "serial_number", Type: arrow.BinaryTypes.String, Nullable: false},
16 | {Name: "subject", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
19 | }
20 |
21 | var DigitalCertificateStruct = arrow.StructOf(DigitalCertificateFields...)
22 | var DigitalCertificateClassname = "certificate"
23 |
24 | type DigitalCertificate struct {
25 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
26 | ExpirationTime *int64 `json:"expiration_time,omitempty" parquet:"expiration_time,optional"`
27 | Fingerprints []*Fingerprint `json:"fingerprints,omitempty" parquet:"fingerprints,list,optional"`
28 | IsSelfSigned *bool `json:"is_self_signed,omitempty" parquet:"is_self_signed,optional"`
29 | Issuer string `json:"issuer" parquet:"issuer"`
30 | SANs []*SubjectAlternativeName `json:"sans,omitempty" parquet:"sans,list,optional"`
31 | SerialNumber string `json:"serial_number" parquet:"serial_number"`
32 | Subject *string `json:"subject,omitempty" parquet:"subject,optional"`
33 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
34 | Version *string `json:"version,omitempty" parquet:"version,optional"`
35 | }
36 |
--------------------------------------------------------------------------------
/ocsf/container.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ContainerFields defines the Arrow fields for Container.
8 | var ContainerFields = []arrow.Field{
9 | {Name: "hash", Type: FingerprintStruct, Nullable: true},
10 | {Name: "image", Type: ImageStruct, Nullable: true},
11 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
12 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "network_driver", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "orchestrator", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "pod_uuid", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "runtime", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "size", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
18 | {Name: "tag", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "tags", Type: arrow.ListOf(KeyValueObjectStruct), Nullable: true},
20 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
21 | }
22 |
23 | var ContainerStruct = arrow.StructOf(ContainerFields...)
24 | var ContainerClassname = "container"
25 |
26 | type Container struct {
27 | Hash *Fingerprint `json:"hash,omitempty" parquet:"hash,optional"`
28 | Image *Image `json:"image,omitempty" parquet:"image,optional"`
29 | Labels []string `json:"labels,omitempty" parquet:"labels,list,optional"`
30 | Name *string `json:"name,omitempty" parquet:"name,optional"`
31 | NetworkDriver *string `json:"network_driver,omitempty" parquet:"network_driver,optional"`
32 | Orchestrator *string `json:"orchestrator,omitempty" parquet:"orchestrator,optional"`
33 | PodUUID *string `json:"pod_uuid,omitempty" parquet:"pod_uuid,optional"`
34 | Runtime *string `json:"runtime,omitempty" parquet:"runtime,optional"`
35 | Size *int64 `json:"size,omitempty" parquet:"size,optional"`
36 | Tag *string `json:"tag,omitempty" parquet:"tag,optional"`
37 | Tags []*KeyValueObject `json:"tags,omitempty" parquet:"tags,list,optional"`
38 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
39 | }
40 |
--------------------------------------------------------------------------------
/ocsf/cve.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var CVEFields = []arrow.Field{
8 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
9 | {Name: "cvss", Type: arrow.ListOf(CVSSStruct), Nullable: true},
10 | {Name: "cwe", Type: CWEStruct, Nullable: true},
11 | {Name: "cwe_uid", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "cwe_url", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "epss", Type: EPSSStruct, Nullable: true},
15 | {Name: "modified_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
16 | {Name: "product", Type: ProductStruct, Nullable: true},
17 | {Name: "references", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
18 | {Name: "title", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
20 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
21 | }
22 |
23 | var CVEStruct = arrow.StructOf(CVEFields...)
24 | var CVEClassname = "cve"
25 |
26 | type CVE struct {
27 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
28 | CVSS []*CVSS `json:"cvss,omitempty" parquet:"cvss,list,optional"`
29 | CWE *CWE `json:"cwe,omitempty" parquet:"cwe,optional"`
30 | CWEUID *string `json:"cwe_uid,omitempty" parquet:"cwe_uid,optional"`
31 | CWEURL *string `json:"cwe_url,omitempty" parquet:"cwe_url,optional"`
32 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
33 | EPSS *EPSS `json:"epss,omitempty" parquet:"epss,optional"`
34 | ModifiedTime *int64 `json:"modified_time,omitempty" parquet:"modified_time,optional"`
35 | Product *Product `json:"product,omitempty" parquet:"product,optional"`
36 | References []string `json:"references,omitempty" parquet:"references,list,optional"`
37 | Title *string `json:"title,omitempty" parquet:"title,optional"`
38 | Type *string `json:"type,omitempty" parquet:"type,optional"`
39 | UID string `json:"uid" parquet:"uid"`
40 | }
41 |
--------------------------------------------------------------------------------
/ocsf/cvss.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // CVSSFields defines the Arrow fields for the CVSS type.
8 | var CVSSFields = []arrow.Field{
9 | {Name: "base_score", Type: arrow.PrimitiveTypes.Float64, Nullable: false},
10 | {Name: "depth", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "metrics", Type: arrow.ListOf(MetricStruct), Nullable: true},
12 | {Name: "overall_score", Type: arrow.PrimitiveTypes.Float64, Nullable: true},
13 | {Name: "severity", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "vector_string", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
16 | }
17 |
18 | var CVSSStruct = arrow.StructOf(CVSSFields...)
19 | var CVSSClassname = "cvss"
20 |
21 | type CVSS struct {
22 | BaseScore float64 `json:"base_score" parquet:"base_score"`
23 | Depth *string `json:"depth,omitempty" parquet:"depth,optional"`
24 | Metrics []*Metric `json:"metrics,omitempty" parquet:"metrics,list,optional"`
25 | OverallScore *float64 `json:"overall_score,omitempty" parquet:"overall_score,optional"`
26 | Severity *string `json:"severity,omitempty" parquet:"severity,optional"`
27 | VectorString *string `json:"vector_string,omitempty" parquet:"vector_string,optional"`
28 | Version string `json:"version" parquet:"version"`
29 | }
30 |
--------------------------------------------------------------------------------
/ocsf/cwe.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var CWEFields = []arrow.Field{
8 | {Name: "caption", Type: arrow.BinaryTypes.String, Nullable: true},
9 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var CWEStruct = arrow.StructOf(CWEFields...)
14 | var CWEClassname = "cwe"
15 |
16 | type CWE struct {
17 | Caption *string `json:"caption" parquet:"caption,optional"`
18 | SourceURL *string `json:"src_url" parquet:"src_url,optional"`
19 | UID string `json:"uid" parquet:"uid"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/devicehwinfo.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var DeviceHWInfoFields = []arrow.Field{
8 | {Name: "bios_date", Type: arrow.BinaryTypes.String, Nullable: true},
9 | {Name: "bios_manufacturer", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "bios_ver", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "chassis", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "cpu_bits", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
13 | {Name: "cpu_cores", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
14 | {Name: "cpu_count", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
15 | {Name: "cpu_speed", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
16 | {Name: "cpu_type", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "desktop_display", Type: DisplayStruct, Nullable: true},
18 | {Name: "keyboard_info", Type: KeyboardInfoStruct, Nullable: true},
19 | {Name: "ram_size", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | {Name: "serial_number", Type: arrow.BinaryTypes.String, Nullable: true},
21 | }
22 |
23 | var DeviceHWInfoStruct = arrow.StructOf(DeviceHWInfoFields...)
24 | var DeviceHWInfoClassname = "device_hw_info"
25 |
26 | // DeviceHWInfo contains hardware information.
27 | type DeviceHWInfo struct {
28 | BiosDate *string `json:"bios_date,omitempty" parquet:"bios_date,optional"`
29 | BiosManufacturer *string `json:"bios_manufacturer,omitempty" parquet:"bios_manufacturer,optional"`
30 | BiosVer *string `json:"bios_ver,omitempty" parquet:"bios_ver,optional"`
31 | Chassis *string `json:"chassis,omitempty" parquet:"chassis,optional"`
32 | CPUBits *int `json:"cpu_bits,omitempty" parquet:"cpu_bits,optional"`
33 | CPUCores *int `json:"cpu_cores,omitempty" parquet:"cpu_cores,optional"`
34 | CPUCount *int `json:"cpu_count,omitempty" parquet:"cpu_count,optional"`
35 | CPUSpeed *int `json:"cpu_speed,omitempty" parquet:"cpu_speed,optional"`
36 | CPUType *string `json:"cpu_type,omitempty" parquet:"cpu_type,optional"`
37 | DesktopDisplay *Display `json:"desktop_display,omitempty" parquet:"desktop_display,optional"`
38 | KeyboardInfo *KeyboardInfo `json:"keyboard_info,omitempty" parquet:"keyboard_info,optional"`
39 | RamSize *int `json:"ram_size,omitempty" parquet:"ram_size,optional"`
40 | SerialNumber *string `json:"serial_number,omitempty" parquet:"serial_number,optional"`
41 | }
42 |
--------------------------------------------------------------------------------
/ocsf/display.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var DisplayFields = []arrow.Field{
8 | {Name: "color_depth", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
9 | {Name: "physical_height", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
10 | {Name: "physical_orientation", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
11 | {Name: "physical_width", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
12 | {Name: "scale_factor", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
13 | }
14 |
15 | var DisplayStruct = arrow.StructOf(DisplayFields...)
16 | var DisplayClassname = "display"
17 |
18 | // Display represents display specifications.
19 | type Display struct {
20 | ColorDepth *int `json:"color_depth,omitempty" parquet:"color_depth,optional"`
21 | PhysicalHeight *int `json:"physical_height,omitempty" parquet:"physical_height,optional"`
22 | PhysicalOrientation *int `json:"physical_orientation,omitempty" parquet:"physical_orientation,optional"`
23 | PhysicalWidth *int `json:"physical_width,omitempty" parquet:"physical_width,optional"`
24 | ScaleFactor *int `json:"scale_factor,omitempty" parquet:"scale_factor,optional"`
25 | }
26 |
--------------------------------------------------------------------------------
/ocsf/dto.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "database/sql/driver"
5 | "encoding/json"
6 | "fmt"
7 | "time"
8 | )
9 |
10 | type DBTime struct {
11 | time.Time
12 | }
13 |
14 | func (t *DBTime) Scan(value interface{}) error {
15 | if value == nil {
16 | *t = DBTime{Time: time.Time{}}
17 | return nil
18 | }
19 |
20 | str, ok := value.(string)
21 | if !ok {
22 | return nil
23 | }
24 |
25 | parsed, err := time.Parse(time.RFC3339, str)
26 | if err != nil {
27 | return err
28 | }
29 |
30 | *t = DBTime{parsed}
31 | return nil
32 | }
33 |
34 | func (t DBTime) Value() (driver.Value, error) {
35 | return t.Time.Format(time.RFC3339), nil
36 | }
37 |
38 | type JSONB json.RawMessage
39 |
40 | func (j *JSONB) Scan(src interface{}) error {
41 | if src == nil {
42 | *j = JSONB("null")
43 | return nil
44 | }
45 |
46 | switch data := src.(type) {
47 | case []byte:
48 | if len(data) == 0 {
49 | *j = JSONB("null")
50 | } else {
51 | *j = JSONB(data)
52 | }
53 | case string:
54 | if data == "" {
55 | *j = JSONB("null")
56 | } else {
57 | *j = JSONB(data)
58 | }
59 | case map[string]interface{}:
60 | if len(data) == 0 {
61 | *j = JSONB("null")
62 | } else {
63 | bytes, err := json.Marshal(data)
64 | if err != nil {
65 | return fmt.Errorf("failed to marshal map[string]interface{}: %w", err)
66 | }
67 | *j = JSONB(bytes)
68 | }
69 | case []interface{}:
70 | if len(data) == 0 {
71 | *j = JSONB("null")
72 | } else {
73 | bytes, err := json.Marshal(data)
74 | if err != nil {
75 | return fmt.Errorf("failed to marshal []interface{}: %w", err)
76 | }
77 | *j = JSONB(bytes)
78 | }
79 | default:
80 | return fmt.Errorf("unsupported type: %T", src)
81 | }
82 |
83 | return nil
84 | }
85 |
86 | func (j JSONB) MarshalJSON() ([]byte, error) {
87 | if len(j) == 0 {
88 | return []byte("null"), nil
89 | }
90 | return j, nil
91 | }
92 |
93 | func (j *JSONB) UnmarshalJSON(data []byte) error {
94 | if j == nil {
95 | return fmt.Errorf("JSONB: UnmarshalJSON on nil pointer")
96 | }
97 | *j = append((*j)[0:0], data...)
98 | return nil
99 | }
100 |
--------------------------------------------------------------------------------
/ocsf/enrichment.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var EnrichmentFields = []arrow.Field{
8 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: false},
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
13 | }
14 |
15 | var EnrichmentStruct = arrow.StructOf(EnrichmentFields...)
16 | var EnrichmentClassname = "enrichment"
17 |
18 | // Enrichment represents an enrichment element.
19 | type Enrichment struct {
20 | Data string `json:"data" parquet:"data"` // JSON string
21 | Name string `json:"name" parquet:"name"` // JSON string
22 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 | Value string `json:"value" parquet:"value"`
25 | }
26 |
--------------------------------------------------------------------------------
/ocsf/environment_var.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // EnvironmentVarFields defines the Arrow fields for EnvironmentVar.
8 | var EnvironmentVarFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var EnvironmentVarStruct = arrow.StructOf(EnvironmentVarFields...)
14 | var EnvironmentVarClassname = "environment_variable"
15 |
16 | type EnvironmentVar struct {
17 | Name string `json:"name" parquet:"name"`
18 | Value string `json:"value" parquet:"value"`
19 | }
20 |
--------------------------------------------------------------------------------
/ocsf/epss.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var EPSSFields = []arrow.Field{
8 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
9 | {Name: "created_time_dt", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "percentile", Type: arrow.PrimitiveTypes.Float64, Nullable: true},
11 | {Name: "score", Type: arrow.BinaryTypes.String, Nullable: false},
12 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
13 | }
14 |
15 | var EPSSStruct = arrow.StructOf(EPSSFields...)
16 | var EPSSClassname = "epss"
17 |
18 | type EPSS struct {
19 | CreatedTime *int `json:"created_time,omitempty" parquet:"created_time,optional"`
20 | CreatedTimeDt *string `json:"created_time_dt,omitempty" parquet:"created_time_dt,optional"`
21 | Percentile *float64 `json:"percentile,omitempty" parquet:"percentile,optional"`
22 | Score string `json:"score" parquet:"score"`
23 | Version *string `json:"version,omitempty" parquet:"version,optional"`
24 | }
25 |
--------------------------------------------------------------------------------
/ocsf/feature.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var FeatureFields = []arrow.Field{
8 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
9 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
11 | }
12 |
13 | var FeatureStruct = arrow.StructOf(FeatureFields...)
14 | var FeatureClassname = "feature"
15 |
16 | type Feature struct {
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
19 | Version *string `json:"version,omitempty" parquet:"version,optional"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/file.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var FileFields = []arrow.Field{
8 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: false},
9 | {Name: "owner", Type: arrow.BinaryTypes.String, Nullable: false},
10 | }
11 |
12 | var FileStruct = arrow.StructOf(FileFields...)
13 | var FileClassname = "file"
14 |
15 | type File struct {
16 | Path string `json:"path" parquet:"path"`
17 | Owner string `json:"owner" parquet:"owner"`
18 | }
19 |
--------------------------------------------------------------------------------
/ocsf/fingerprint.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // FingerprintFields defines the Arrow fields for Fingerprint.
8 | var FingerprintFields = []arrow.Field{
9 | {Name: "algorithm", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "algorithm_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
11 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
12 | }
13 |
14 | var FingerprintStruct = arrow.StructOf(FingerprintFields...)
15 | var FingerprintClassname = "fingerprint"
16 |
17 | type Fingerprint struct {
18 | Algorithm *string `json:"algorithm,omitempty" parquet:"algorithm,optional"`
19 | AlgorithmID int32 `json:"algorithm_id" parquet:"algorithm_id"`
20 | Value string `json:"value" parquet:"value"`
21 | }
22 |
--------------------------------------------------------------------------------
/ocsf/geolocation.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var GeoLocationFields = []arrow.Field{
8 | {Name: "city", Type: arrow.BinaryTypes.String, Nullable: true},
9 | {Name: "continent", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "coordinates", Type: arrow.ListOf(arrow.PrimitiveTypes.Float64), Nullable: true},
11 | {Name: "country", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "is_on_premises", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
14 | {Name: "isp", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "postal_code", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "region", Type: arrow.BinaryTypes.String, Nullable: true},
18 | }
19 |
20 | var GeoLocationStruct = arrow.StructOf(GeoLocationFields...)
21 | var GeoLocationClassname = "location"
22 |
23 | type GeoLocation struct {
24 | City *string `json:"city,omitempty" parquet:"city,optional"`
25 | Continent *string `json:"continent,omitempty" parquet:"continent,optional"`
26 | Coordinates []*float64 `json:"coordinates,omitempty" parquet:"coordinates,list,optional"`
27 | Country *string `json:"country,omitempty" parquet:"country,optional"`
28 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
29 | IsOnPremises *bool `json:"is_on_premises,omitempty" parquet:"is_on_premises,optional"`
30 | ISP *string `json:"isp,omitempty" parquet:"isp,optional"`
31 | PostalCode *string `json:"postal_code,omitempty" parquet:"postal_code,optional"`
32 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
33 | Region *string `json:"region,omitempty" parquet:"region,optional"`
34 | }
35 |
--------------------------------------------------------------------------------
/ocsf/group.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var GroupClassname = "group"
8 |
9 | type Group struct {
10 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
11 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
12 | Name *string `json:"name,omitempty" parquet:"name,optional"`
13 | Privileges []string `json:"privileges,omitempty" parquet:"privileges,list,optional"`
14 | Type *string `json:"type,omitempty" parquet:"type,optional"`
15 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
16 | }
17 |
18 | // GroupFields defines the fields for the Group Arrow schema.
19 | var GroupFields = []arrow.Field{
20 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
21 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "privileges", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
24 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
25 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
26 | }
27 |
28 | var GroupStruct = arrow.StructOf(GroupFields...)
29 |
--------------------------------------------------------------------------------
/ocsf/identity_provider.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // IdentityProviderFields defines the Arrow fields for IdentityProvider.
8 | var IdentityProviderFields = []arrow.Field{
9 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "fingerprint", Type: FingerprintStruct, Nullable: true},
11 | {Name: "has_mfa", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
12 | {Name: "issuer", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "protocol_name", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "auth_factors", Type: arrow.ListOf(AuthFactorStruct), Nullable: true},
16 | {Name: "scim", Type: SCIMStruct, Nullable: true},
17 | {Name: "sso", Type: SSOStruct, Nullable: true},
18 | {Name: "state", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "state_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | {Name: "tenant_uid", Type: arrow.BinaryTypes.String, Nullable: true},
21 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "url_string", Type: arrow.BinaryTypes.String, Nullable: true},
23 | }
24 |
25 | var IdentityProviderStruct = arrow.StructOf(IdentityProviderFields...)
26 | var IdentityProviderClassname = "idp"
27 |
28 | type IdentityProvider struct {
29 | AuthFactors []*AuthFactor `json:"auth_factors,omitempty" parquet:"auth_factors,list,optional"`
30 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
31 | Fingerprint *Fingerprint `json:"fingerprint,omitempty" parquet:"fingerprint,optional"`
32 | HasMFA *bool `json:"has_mfa,omitempty" parquet:"has_mfa,optional"`
33 | Issuer *string `json:"issuer,omitempty" parquet:"issuer,optional"`
34 | Name *string `json:"name,omitempty" parquet:"name,optional"`
35 | ProtocolName *string `json:"protocol_name,omitempty" parquet:"protocol_name,optional"`
36 | SCIM *SCIM `json:"scim,omitempty" parquet:"scim,optional"`
37 | SSO *SSO `json:"sso,omitempty" parquet:"sso,optional"`
38 | State *string `json:"state,omitempty" parquet:"state,optional"`
39 | StateID *int `json:"state_id,omitempty" parquet:"state_id,optional"`
40 | TenantUID *string `json:"tenant_uid,omitempty" parquet:"tenant_uid,optional"`
41 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
42 | URLString *string `json:"url_string,omitempty" parquet:"url_string,optional"`
43 | }
44 |
--------------------------------------------------------------------------------
/ocsf/image.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ImageFields defines the fields for the Image Arrow schema.
8 | var ImageFields = []arrow.Field{
9 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
10 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "tag", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
14 | }
15 |
16 | var ImageStruct = arrow.StructOf(ImageFields...)
17 | var ImageClassname = "image"
18 |
19 | // Image represents image details.
20 | type Image struct {
21 | Labels []string `json:"labels,omitempty" parquet:"labels,list,optional"`
22 | Name *string `json:"name,omitempty" parquet:"name,optional"`
23 | Path *string `json:"path,omitempty" parquet:"path,optional"`
24 | Tag *string `json:"tag,omitempty" parquet:"tag,optional"`
25 | UID string `json:"uid" parquet:"uid"`
26 | }
27 |
--------------------------------------------------------------------------------
/ocsf/kbarticle.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // KBArticleFields defines the Arrow fields for KBArticle.
8 | var KBArticleFields = []arrow.Field{
9 | {Name: "bulletin", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "classification", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
12 | {Name: "created_time_dt", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "is_superseded", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
14 | {Name: "os", Type: OSStruct, Nullable: true},
15 | {Name: "product", Type: ProductStruct, Nullable: true},
16 | {Name: "severity", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "size", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
18 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "title", Type: arrow.BinaryTypes.String, Nullable: true},
20 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
21 | }
22 |
23 | var KBArticleStruct = arrow.StructOf(KBArticleFields...)
24 | var KBArticleClassname = "kb_article"
25 |
26 | type KBArticle struct {
27 | Bulletin *string `json:"bulletin,omitempty" parquet:"bulletin,optional"`
28 | Classification *string `json:"classification,omitempty" parquet:"classification,optional"`
29 | CreatedTime *int `json:"created_time,omitempty" parquet:"created_time,optional"`
30 | CreatedTimeDt *string `json:"created_time_dt,omitempty" parquet:"created_time_dt,optional"`
31 | IsSuperseded *bool `json:"is_superseded,omitempty" parquet:"is_superseded,optional"`
32 | OS *OS `json:"os,omitempty" parquet:"os,optional"`
33 | Product *Product `json:"product,omitempty" parquet:"product,optional"`
34 | Severity *string `json:"severity,omitempty" parquet:"severity,optional"`
35 | Size *int `json:"size,omitempty" parquet:"size,optional"`
36 | SrcURL *string `json:"src_url,omitempty" parquet:"src_url,optional"`
37 | Title *string `json:"title,omitempty" parquet:"title,optional"`
38 | UID string `json:"uid" parquet:"uid"` // required field
39 | }
40 |
--------------------------------------------------------------------------------
/ocsf/key_value_object.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // KeyValueObjectFields defines the Arrow fields for KeyValueObject.
8 | var KeyValueObjectFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "values", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
12 | }
13 |
14 | var KeyValueObjectStruct = arrow.StructOf(KeyValueObjectFields...)
15 | var KeyValueObjectClassname = "key_value_object"
16 |
17 | type KeyValueObject struct {
18 | Name string `json:"name" parquet:"name"`
19 | Value *string `json:"value,omitempty" parquet:"value,optional"`
20 | Values []string `json:"values,omitempty" parquet:"values,list,optional"`
21 | }
22 |
--------------------------------------------------------------------------------
/ocsf/keyboardinfo.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // KeyboardInfoFields defines the Arrow fields for KeyboardInfo.
8 | var KeyboardInfoFields = []arrow.Field{
9 | {Name: "function_keys", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
10 | {Name: "ime", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "keyboard_layout", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "keyboard_subtype", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
13 | {Name: "keyboard_type", Type: arrow.BinaryTypes.String, Nullable: true},
14 | }
15 |
16 | var KeyboardInfoStruct = arrow.StructOf(KeyboardInfoFields...)
17 | var KeyboardInfoClassname = "keyboard_info"
18 |
19 | type KeyboardInfo struct {
20 | FunctionKeys *int `json:"function_keys,omitempty" parquet:"function_keys,optional"`
21 | IME *string `json:"ime,omitempty" parquet:"ime,optional"`
22 | KeyboardLayout *string `json:"keyboard_layout,omitempty" parquet:"keyboard_layout,optional"`
23 | KeyboardSubtype *int `json:"keyboard_subtype,omitempty" parquet:"keyboard_subtype,optional"`
24 | KeyboardType *string `json:"keyboard_type,omitempty" parquet:"keyboard_type,optional"`
25 | }
26 |
--------------------------------------------------------------------------------
/ocsf/killchainphase.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // KillChainPhaseFields defines the Arrow fields for KillChainPhase.
8 | var KillChainPhaseFields = []arrow.Field{
9 | {Name: "phase", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "phase_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
11 | }
12 |
13 | var KillChainPhaseStruct = arrow.StructOf(KillChainPhaseFields...)
14 | var KillChainPhaseClassname = "kill_chain_phase"
15 |
16 | // KillChainPhase represents a kill chain phase.
17 | type KillChainPhase struct {
18 | Phase *string `json:"phase,omitempty" parquet:"phase,optional"`
19 | PhaseID int `json:"phase_id" parquet:"phase_id"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/logger.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var LoggerFields = []arrow.Field{
8 | {Name: "device", Type: arrow.StructOf(DeviceFields...), Nullable: true},
9 | {Name: "log_level", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "log_name", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "log_provider", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "log_version", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "logged_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
14 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "product", Type: ProductStruct, Nullable: true},
16 | {Name: "transmit_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
17 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
19 | }
20 |
21 | var LoggerStruct = arrow.StructOf(LoggerFields...)
22 | var LoggerClassname = "logger"
23 |
24 | type Logger struct {
25 | Device *Device `json:"device,omitempty" parquet:"device,optional"`
26 | LogLevel *string `json:"log_level,omitempty" parquet:"log_level,optional"`
27 | LogName *string `json:"log_name,omitempty" parquet:"log_name,optional"`
28 | LogProvider *string `json:"log_provider,omitempty" parquet:"log_provider,optional"`
29 | LogVersion *string `json:"log_version,omitempty" parquet:"log_version,optional"`
30 | LoggedTime *int64 `json:"logged_time,omitempty" parquet:"logged_time,optional"`
31 | Name *string `json:"name,omitempty" parquet:"name,optional"`
32 | Product *Product `json:"product,omitempty" parquet:"product,optional"`
33 | TransmitTime *int64 `json:"transmit_time,omitempty" parquet:"transmit_time,optional"`
34 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
35 | Version *string `json:"version,omitempty" parquet:"version,optional"`
36 | }
37 |
--------------------------------------------------------------------------------
/ocsf/metric.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // MetricFields defines the Arrow fields for Metric.
8 | var MetricFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
11 | }
12 |
13 | var MetricStruct = arrow.StructOf(MetricFields...)
14 | var MetricClassname = "metric"
15 |
16 | type Metric struct {
17 | Name string `json:"name" parquet:"name"`
18 | Value *string `json:"value" parquet:"value,optional"`
19 | }
20 |
--------------------------------------------------------------------------------
/ocsf/mitreattck.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // MITREATTCKFields defines the Arrow fields for MITREATTCK.
8 | var MITREATTCKFields = []arrow.Field{
9 | {Name: "sub_technique", Type: SubTechniqueStruct, Nullable: true},
10 | {Name: "tactic", Type: TacticStruct, Nullable: true},
11 | {Name: "tactics", Type: arrow.ListOf(TacticStruct), Nullable: true},
12 | {Name: "technique", Type: TechniqueStruct, Nullable: true},
13 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
14 | }
15 |
16 | var MITREATTCKStruct = arrow.StructOf(MITREATTCKFields...)
17 | var MITREATTCKClassname = "attack"
18 |
19 | // MITREATTCK represents MITRE ATT&CK® details.
20 | type MITREATTCK struct {
21 | SubTechnique *SubTechnique `json:"sub_technique,omitempty" parquet:"sub_technique,optional"`
22 | Tactic *Tactic `json:"tactic,omitempty" parquet:"tactic,optional"`
23 | Tactics []*Tactic `json:"tactics,omitempty" parquet:"tactics,list,optional"`
24 | Technique *Technique `json:"technique,omitempty" parquet:"technique,optional"`
25 | Version string `json:"version" parquet:"version"`
26 | }
27 |
--------------------------------------------------------------------------------
/ocsf/networkinterface.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // NetworkInterfaceFields defines the Arrow fields for NetworkInterface.
8 | var NetworkInterfaceFields = []arrow.Field{
9 | {Name: "hostname", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "ip", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "mac", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "namespace", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "subnet_prefix", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
15 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
17 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
18 | }
19 |
20 | var NetworkInterfaceStruct = arrow.StructOf(NetworkInterfaceFields...)
21 | var NetworkInterfaceClassname = "network_interface"
22 |
23 | type NetworkInterface struct {
24 | Hostname *string `json:"hostname,omitempty" parquet:"hostname,optional"`
25 | IP *string `json:"ip,omitempty" parquet:"ip,optional"`
26 | MAC *string `json:"mac,omitempty" parquet:"mac,optional"`
27 | Name *string `json:"name,omitempty" parquet:"name,optional"`
28 | Namespace *string `json:"namespace,omitempty" parquet:"namespace,optional"`
29 | SubnetPrefix *int `json:"subnet_prefix,omitempty" parquet:"subnet_prefix,optional"`
30 | Type *string `json:"type,omitempty" parquet:"type,optional"`
31 | TypeID int `json:"type_id" parquet:"type_id"`
32 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
33 | }
34 |
--------------------------------------------------------------------------------
/ocsf/observable.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | type Observable struct {
8 | Name string `json:"name" parquet:"name"`
9 | Reputation *Reputation `json:"reputation,omitempty" parquet:"reputation,optional"`
10 | Type *string `json:"type,omitempty" parquet:"type,optional"`
11 | TypeID int `json:"type_id" parquet:"type_id"`
12 | Value *string `json:"value,omitempty" parquet:"value,optional"`
13 | }
14 |
15 | var ObservableFields = []arrow.Field{
16 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
17 | {Name: "reputation", Type: ReputationStruct, Nullable: true},
18 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
20 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
21 | }
22 |
23 | var ObservableStruct = arrow.StructOf(ObservableFields...)
24 | var ObservableClassname = "observable"
25 |
--------------------------------------------------------------------------------
/ocsf/organization.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // OrganizationFields defines the Arrow fields for Organization.
8 | var OrganizationFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "ou_name", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "ou_uid", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
13 | }
14 |
15 | var OrganizationStruct = arrow.StructOf(OrganizationFields...)
16 | var OrganizationClassname = "organization"
17 |
18 | type Organization struct {
19 | Name *string `json:"name,omitempty" parquet:"name,optional"`
20 | OUName *string `json:"ou_name,omitempty" parquet:"ou_name,optional"`
21 | OUID *string `json:"ou_uid,omitempty" parquet:"ou_uid,optional"`
22 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
23 | }
24 |
--------------------------------------------------------------------------------
/ocsf/os.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // OSFields defines the Arrow fields for OS.
8 | var OSFields = []arrow.Field{
9 | {Name: "build", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "country", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "cpe_name", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "cpu_bits", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
13 | {Name: "edition", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "kernel_release", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "lang", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
17 | {Name: "sp_name", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "sp_ver", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
19 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
20 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
21 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
22 | }
23 |
24 | var OSStruct = arrow.StructOf(OSFields...)
25 | var OSClassname = "os"
26 |
27 | type OS struct {
28 | Build *string `json:"build,omitempty" parquet:"build,optional"`
29 | Country *string `json:"country,omitempty" parquet:"country,optional"`
30 | CPEName *string `json:"cpe_name,omitempty" parquet:"cpe_name,optional"`
31 | CPUBits *int `json:"cpu_bits,omitempty" parquet:"cpu_bits,optional"`
32 | Edition *string `json:"edition,omitempty" parquet:"edition,optional"`
33 | KernelRelease *string `json:"kernel_release,omitempty" parquet:"kernel_release,optional"`
34 | Lang *string `json:"lang,omitempty" parquet:"lang,optional"`
35 | Name string `json:"name" parquet:"name"`
36 | SPName *string `json:"sp_name,omitempty" parquet:"sp_name,optional"`
37 | SPVer *int `json:"sp_ver,omitempty" parquet:"sp_ver,optional"`
38 | Type *string `json:"type,omitempty" parquet:"type,optional"`
39 | TypeID int `json:"type_id" parquet:"type_id"`
40 | Version *string `json:"version,omitempty" parquet:"version,optional"`
41 | }
42 |
--------------------------------------------------------------------------------
/ocsf/policy.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // PolicyFields defines the Arrow fields for Policy.
8 | var PolicyFields = []arrow.Field{
9 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "group", Type: GroupStruct, Nullable: true},
11 | {Name: "is_applied", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
12 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
15 | }
16 |
17 | var PolicyStruct = arrow.StructOf(PolicyFields...)
18 | var PolicyClassname = "policy"
19 |
20 | type Policy struct {
21 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
22 | Group *Group `json:"group,omitempty" parquet:"group,optional"`
23 | IsApplied *bool `json:"is_applied,omitempty" parquet:"is_applied,optional"`
24 | Name *string `json:"name,omitempty" parquet:"name,optional"`
25 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
26 | Version *string `json:"version,omitempty" parquet:"version,optional"`
27 | }
28 |
--------------------------------------------------------------------------------
/ocsf/process_entity.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ProcessEntityFields defines the Arrow fields for Process Entity.
8 | var ProcessEntityFields = []arrow.Field{
9 | {Name: "cmd_line", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
11 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "pid", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
14 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
15 | }
16 |
17 | var ProcessEntityStruct = arrow.StructOf(ProcessEntityFields...)
18 | var ProcessEntityClassname = "process_entity"
19 |
20 | type ProcessEntity struct {
21 | CmdLine *string `json:"cmd_line,omitempty" parquet:"cmd_line,optional"`
22 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
23 | Name *string `json:"name,omitempty" parquet:"name,optional"`
24 | Path *string `json:"path,omitempty" parquet:"path,optional"`
25 | PID *int64 `json:"pid,omitempty" parquet:"pid,optional"`
26 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | }
28 |
--------------------------------------------------------------------------------
/ocsf/product.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ProductFields defines the Arrow fields for Product.
8 | var ProductFields = []arrow.Field{
9 | {Name: "cpe_name", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "feature", Type: FeatureStruct, Nullable: true},
11 | {Name: "lang", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "url_string", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "vendor_name", Type: arrow.BinaryTypes.String, Nullable: false},
17 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
18 | }
19 |
20 | var ProductStruct = arrow.StructOf(ProductFields...)
21 | var ProductClassname = "product"
22 |
23 | type Product struct {
24 | CPEName *string `json:"cpe_name,omitempty" parquet:"cpe_name,optional"`
25 | Feature *Feature `json:"feature,omitempty" parquet:"feature,optional"`
26 | Lang *string `json:"lang,omitempty" parquet:"lang,optional"`
27 | Name *string `json:"name,omitempty" parquet:"name,optional"`
28 | Path *string `json:"path,omitempty" parquet:"path,optional"`
29 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
30 | URLString *string `json:"url_string,omitempty" parquet:"url_string,optional"`
31 | VendorName string `json:"vendor_name" parquet:"vendor_name"` // required field
32 | Version *string `json:"version,omitempty" parquet:"version,optional"`
33 | }
34 |
--------------------------------------------------------------------------------
/ocsf/relatedevent.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // RelatedEventFields defines the Arrow fields for RelatedEvent.
8 | var RelatedEventFields = []arrow.Field{
9 | {Name: "attacks", Type: arrow.ListOf(MITREATTCKStruct), Nullable: true},
10 | {Name: "kill_chain", Type: arrow.ListOf(KillChainPhaseStruct), Nullable: true},
11 | {Name: "observables", Type: arrow.ListOf(ObservableStruct), Nullable: true},
12 | {Name: "product_uid", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "type_uid", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
15 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
16 | }
17 |
18 | var RelatedEventStruct = arrow.StructOf(RelatedEventFields...)
19 | var RelatedEventClassname = "related_event"
20 |
21 | type RelatedEvent struct {
22 | Attacks []*MITREATTCK `json:"attacks,omitempty" parquet:"attacks,list,optional"`
23 | KillChain []*KillChainPhase `json:"kill_chain,omitempty" parquet:"kill_chain,list,optional"`
24 | Observables []*Observable `json:"observables,omitempty" parquet:"observables,list,optional"`
25 | ProductUID *string `json:"product_uid,omitempty" parquet:"product_uid,optional"`
26 | Type *string `json:"type,omitempty" parquet:"type,optional"`
27 | TypeUID *int64 `json:"type_uid,omitempty" parquet:"type_uid,optional"`
28 | UID string `json:"uid" parquet:"uid"` // required field
29 | }
30 |
--------------------------------------------------------------------------------
/ocsf/remediation.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // RemediationFields defines the Arrow fields for Remediation.
8 | var RemediationFields = []arrow.Field{
9 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "kb_article_list", Type: arrow.ListOf(KBArticleStruct), Nullable: true},
11 | {Name: "references", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
12 | }
13 |
14 | var RemediationStruct = arrow.StructOf(RemediationFields...)
15 | var RemediationClassname = "remediation"
16 |
17 | type Remediation struct {
18 | Description string `json:"desc" parquet:"desc"`
19 | KbArticleList []*KBArticle `json:"kb_article_list" parquet:"kb_article_list,list,optional"`
20 | References []string `json:"references,omitempty" parquet:"references,list,optional"`
21 | }
22 |
--------------------------------------------------------------------------------
/ocsf/reputation.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ReputationFields defines the Arrow fields for Reputation.
8 | var ReputationFields = []arrow.Field{
9 | {Name: "base_score", Type: arrow.PrimitiveTypes.Float64, Nullable: false},
10 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "score", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "score_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
13 | }
14 |
15 | var ReputationStruct = arrow.StructOf(ReputationFields...)
16 | var ReputationClassname = "reputation"
17 |
18 | type Reputation struct {
19 | BaseScore float64 `json:"base_score" parquet:"base_score"`
20 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
21 | Score *string `json:"score,omitempty" parquet:"score,optional"`
22 | ScoreID int `json:"score_id" parquet:"score_id"`
23 | }
24 |
--------------------------------------------------------------------------------
/ocsf/request.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // RequestFields defines the Arrow fields for Request.
8 | var RequestFields = []arrow.Field{
9 | {Name: "containers", Type: arrow.ListOf(ContainerStruct), Nullable: true},
10 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
12 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
13 | }
14 |
15 | var RequestStruct = arrow.StructOf(RequestFields...)
16 | var RequestClassname = "request"
17 |
18 | type Request struct {
19 | Containers []*Container `json:"containers,omitempty" parquet:"containers,list,optional"`
20 | Data *string `json:"data,omitempty" parquet:"data,optional"`
21 | Flags []string `json:"flags,omitempty" parquet:"flags,list,optional"`
22 | UID string `json:"uid" parquet:"uid"`
23 | }
24 |
--------------------------------------------------------------------------------
/ocsf/resourcedetails.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ResourceDetailsFields defines the Arrow fields for ResourceDetails.
8 | var ResourceDetailsFields = []arrow.Field{
9 | {Name: "criticality", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "group", Type: GroupStruct, Nullable: true},
12 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
13 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "namespace", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "owner", Type: UserStruct, Nullable: true},
17 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
19 | }
20 |
21 | var ResourceDetailsStruct = arrow.StructOf(ResourceDetailsFields...)
22 | var ResourceDetailsClassname = "resource_details"
23 |
24 | type ResourceDetails struct {
25 | Criticality *string `json:"criticality,omitempty" parquet:"criticality,optional"`
26 | Data *string `json:"data,omitempty" parquet:"data,optional"` // JSON blob
27 | Group *Group `json:"group,omitempty" parquet:"group,optional"`
28 | Labels []string `json:"labels,omitempty" parquet:"labels,list,optional"`
29 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
30 | Name *string `json:"name,omitempty" parquet:"name,optional"`
31 | Namespace *string `json:"namespace,omitempty" parquet:"namespace,optional"`
32 | Owner *User `json:"owner,omitempty" parquet:"owner,optional"`
33 | Type *string `json:"type,omitempty" parquet:"type,optional"`
34 | Version *string `json:"version,omitempty" parquet:"version,optional"`
35 | }
36 |
--------------------------------------------------------------------------------
/ocsf/response.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ResponseFields defines the Arrow fields for Response.
8 | var ResponseFields = []arrow.Field{
9 | {Name: "code", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
10 | {Name: "containers", Type: arrow.ListOf(ContainerStruct), Nullable: true},
11 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "error", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "error_message", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
15 | {Name: "message", Type: arrow.BinaryTypes.String, Nullable: true},
16 | }
17 |
18 | var ResponseStruct = arrow.StructOf(ResponseFields...)
19 | var ResponseClassname = "response"
20 |
21 | type Response struct {
22 | Code *int32 `json:"code,omitempty" parquet:"code,optional"`
23 | Containers []*Container `json:"containers,omitempty" parquet:"containers,list,optional"`
24 | Data *string `json:"data,omitempty" parquet:"data,optional"`
25 | Error *string `json:"error,omitempty" parquet:"error,optional"`
26 | ErrorMessage *string `json:"error_message,omitempty" parquet:"error_message,optional"`
27 | Flags []string `json:"flags,omitempty" parquet:"flags,list,optional"`
28 | Message *string `json:"message,omitempty" parquet:"message,optional"`
29 | }
30 |
--------------------------------------------------------------------------------
/ocsf/san.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // SubjectAlternativeNameFields defines the Arrow fields for Subject Alternative Name.
8 | var SubjectAlternativeNameFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var SubjectAlternativeNameStruct = arrow.StructOf(SubjectAlternativeNameFields...)
14 | var SubjectAlternativeNameClassname = "san"
15 |
16 | type SubjectAlternativeName struct {
17 | Name string `json:"name" parquet:"name"`
18 | Type string `json:"type" parquet:"type"`
19 | }
20 |
--------------------------------------------------------------------------------
/ocsf/schemaextention.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var SchemaExtensionFields = []arrow.Field{
8 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
9 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var SchemaExtensionStruct = arrow.StructOf(SchemaExtensionFields...)
14 | var SchemaExtensionClassname = "extension"
15 |
16 | type SchemaExtension struct {
17 | Name string `json:"name" parquet:"name"`
18 | UID string `json:"uid" parquet:"uid"`
19 | Version string `json:"version" parquet:"version"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/service.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // ServiceFields defines the Arrow fields for Service.
8 | var ServiceFields = []arrow.Field{
9 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
10 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "tags", Type: arrow.ListOf(KeyValueObjectStruct), Nullable: true},
12 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
14 | }
15 |
16 | var ServiceStruct = arrow.StructOf(ServiceFields...)
17 | var ServiceClassname = "service"
18 |
19 | type Service struct {
20 | Labels []string `json:"labels,omitempty" parquet:"labels,list,optional"`
21 | Name *string `json:"name,omitempty" parquet:"name,optional"`
22 | Tags []*KeyValueObject `json:"tags,omitempty" parquet:"tags,list,optional"`
23 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
24 | Version *string `json:"version,omitempty" parquet:"version,optional"`
25 | }
26 |
--------------------------------------------------------------------------------
/ocsf/session.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // SessionFields defines the Arrow fields for Session.
8 | var SessionFields = []arrow.Field{
9 | {Name: "count", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
10 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
11 | {Name: "credential_uid", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "expiration_reason", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "expiration_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
14 | {Name: "is_mfa", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
15 | {Name: "is_remote", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
16 | {Name: "is_vpn", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
17 | {Name: "issuer", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "terminal", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
20 | {Name: "uid_alt", Type: arrow.BinaryTypes.String, Nullable: true},
21 | {Name: "uuid", Type: arrow.BinaryTypes.String, Nullable: true},
22 | }
23 |
24 | var SessionStruct = arrow.StructOf(SessionFields...)
25 | var SessionClassname = "session"
26 |
27 | type Session struct {
28 | Count *int `json:"count,omitempty" parquet:"count,optional"`
29 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
30 | CredentialUID *string `json:"credential_uid,omitempty" parquet:"credential_uid,optional"`
31 | ExpirationReason *string `json:"expiration_reason,omitempty" parquet:"expiration_reason,optional"`
32 | ExpirationTime *int64 `json:"expiration_time,omitempty" parquet:"expiration_time,optional"`
33 | IsMFA *bool `json:"is_mfa,omitempty" parquet:"is_mfa,optional"`
34 | IsRemote *bool `json:"is_remote,omitempty" parquet:"is_remote,optional"`
35 | IsVPN *bool `json:"is_vpn,omitempty" parquet:"is_vpn,optional"`
36 | Issuer *string `json:"issuer,omitempty" parquet:"issuer,optional"`
37 | Terminal *string `json:"terminal,omitempty" parquet:"terminal,optional"`
38 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
39 | UIDAlt *string `json:"uid_alt,omitempty" parquet:"uid_alt,optional"`
40 | UUID *string `json:"uuid,omitempty" parquet:"uuid,optional"`
41 | }
42 |
--------------------------------------------------------------------------------
/ocsf/subtechnique.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var SubTechniqueFields = []arrow.Field{
8 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
9 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var SubTechniqueStruct = arrow.StructOf(SubTechniqueFields...)
14 | var SubTechniqueClassname = "sub_technique"
15 |
16 | type SubTechnique struct {
17 | Name string `json:"name" parquet:"name"`
18 | SrcURL string `json:"src_url" parquet:"src_url"`
19 | UID string `json:"uid" parquet:"uid"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/tactic.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // TacticFields defines the Arrow fields for Tactic.
8 | var TacticFields = []arrow.Field{
9 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: false},
11 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
12 | }
13 |
14 | var TacticStruct = arrow.StructOf(TacticFields...)
15 | var TacticClassname = "tactic"
16 |
17 | type Tactic struct {
18 | Name string `json:"name" parquet:"name"`
19 | SrcURL string `json:"src_url" parquet:"src_url"`
20 | UID string `json:"uid" parquet:"uid"`
21 | }
22 |
--------------------------------------------------------------------------------
/ocsf/technique.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | var TechniqueFields = []arrow.Field{
8 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
9 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: false},
10 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
11 | }
12 |
13 | var TechniqueStruct = arrow.StructOf(TechniqueFields...)
14 | var TechniqueClassname = "technique"
15 |
16 | type Technique struct {
17 | Name string `json:"name" parquet:"name"`
18 | SrcURL string `json:"src_url" parquet:"src_url"`
19 | UID string `json:"uid" parquet:"uid"`
20 | }
21 |
--------------------------------------------------------------------------------
/ocsf/url.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // URLFields defines the Arrow fields for URL.
8 | var URLFields = []arrow.Field{
9 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
10 | {Name: "hostname", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "port", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
13 | {Name: "query_string", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "resource_type", Type: arrow.BinaryTypes.String, Nullable: true},
15 | {Name: "scheme", Type: arrow.BinaryTypes.String, Nullable: true},
16 | {Name: "subdomain", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "url_string", Type: arrow.BinaryTypes.String, Nullable: true},
18 | {Name: "categories", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
19 | {Name: "category_ids", Type: arrow.ListOf(arrow.PrimitiveTypes.Int32), Nullable: true},
20 | }
21 |
22 | var URLStruct = arrow.StructOf(URLFields...)
23 | var URLClassname = "url"
24 |
25 | type URL struct {
26 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
27 | Hostname *string `json:"hostname,omitempty" parquet:"hostname,optional"`
28 | Path *string `json:"path,omitempty" parquet:"path,optional"`
29 | Port *int `json:"port,omitempty" parquet:"port,optional"`
30 | QueryString *string `json:"query_string,omitempty" parquet:"query_string,optional"`
31 | ResourceType *string `json:"resource_type,omitempty" parquet:"resource_type,optional"`
32 | Scheme *string `json:"scheme,omitempty" parquet:"scheme,optional"`
33 | Subdomain *string `json:"subdomain,omitempty" parquet:"subdomain,optional"`
34 | URLString *string `json:"url_string,omitempty" parquet:"url_string,optional"`
35 | Categories []string `json:"categories,omitempty" parquet:"categories,list,optional"`
36 | CategoryIDs []*int `json:"category_ids,omitempty" parquet:"category_ids,list,optional"`
37 | }
38 |
--------------------------------------------------------------------------------
/ocsf/user.go:
--------------------------------------------------------------------------------
1 | package ocsf
2 |
3 | import (
4 | "github.com/apache/arrow-go/v18/arrow"
5 | )
6 |
7 | // UserFields defines the Arrow fields for User.
8 | var UserFields = []arrow.Field{
9 | {Name: "account", Type: AccountStruct, Nullable: true},
10 | {Name: "credential_uid", Type: arrow.BinaryTypes.String, Nullable: true},
11 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
12 | {Name: "email_addr", Type: arrow.BinaryTypes.String, Nullable: true},
13 | {Name: "full_name", Type: arrow.BinaryTypes.String, Nullable: true},
14 | {Name: "groups", Type: arrow.ListOf(GroupStruct), Nullable: true},
15 | {Name: "ldap_person", Type: LdapPersonStruct, Nullable: true},
16 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
17 | {Name: "org", Type: OrganizationStruct, Nullable: true},
18 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
21 | {Name: "uid_alt", Type: arrow.BinaryTypes.String, Nullable: true},
22 | }
23 |
24 | var UserStruct = arrow.StructOf(UserFields...)
25 | var UserClassname = "user"
26 |
27 | type User struct {
28 | Account *Account `json:"account,omitempty" parquet:"account,optional"`
29 | CredentialUID *string `json:"credential_uid,omitempty" parquet:"credential_uid,optional"`
30 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
31 | EmailAddr *string `json:"email_addr,omitempty" parquet:"email_addr,optional"`
32 | FullName *string `json:"full_name,omitempty" parquet:"full_name,optional"`
33 | Groups []*Group `json:"groups,omitempty" parquet:"groups,list,optional"`
34 | LDAPPerson *LdapPerson `json:"ldap_person,omitempty" parquet:"ldap_person,optional"`
35 | Name *string `json:"name,omitempty" parquet:"name,optional"`
36 | Org *Organization `json:"org,omitempty" parquet:"org,optional"`
37 | Type *string `json:"type,omitempty" parquet:"type,optional"`
38 | // TypeID enum: [3,99,0,1,2]
39 | TypeID *int `json:"type_id,omitempty" parquet:"type_id,optional"`
40 | UID *string `json:"uid,omitempty" parquet:"uid,optional"`
41 | UIDAlt *string `json:"uid_alt,omitempty" parquet:"uid_alt,optional"`
42 | }
43 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/account.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Account struct {
9 |
10 | // Labels: The list of labels associated to the account.
11 | Labels []string `json:"labels,omitempty" parquet:"labels,optional,list"`
12 |
13 | // Name: The name of the account (e.g. GCP Project name , Linux Account name or AWS Account name).
14 | Name *string `json:"name,omitempty" parquet:"name,optional"`
15 |
16 | // Tags: The list of tags; {key:value} pairs associated to the account.
17 | Tags []*KeyValueobject `json:"tags,omitempty" parquet:"tags,optional,list"`
18 |
19 | // Type: The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source.
20 | Type *string `json:"type,omitempty" parquet:"type,optional"`
21 |
22 | // Type ID: The normalized account type identifier.
23 | TypeId *int32 `json:"type_id,omitempty" parquet:"type_id,optional"`
24 |
25 | // Unique ID: The unique identifier of the account (e.g. AWS Account ID , OCID , GCP Project ID , Azure Subscription ID , Google Workspace Customer ID , or M365 Tenant UID).
26 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | }
28 |
29 | var AccountFields = []arrow.Field{
30 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
31 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "tags", Type: arrow.ListOf(KeyValueobjectStruct), Nullable: true},
33 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
35 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var AccountStruct = arrow.StructOf(AccountFields...)
39 |
40 | var AccountSchema = arrow.NewSchema(AccountFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/actor.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Actor struct {
9 |
10 | // Application Name: The client application or service that initiated the activity. This can be in conjunction with the user if present. Note that app_name is distinct from the process if present.
11 | AppName *string `json:"app_name,omitempty" parquet:"app_name,optional"`
12 |
13 | // Application ID: The unique identifier of the client application or service that initiated the activity. This can be in conjunction with the user if present. Note that app_name is distinct from the process.pid or process.uid if present.
14 | AppUid *string `json:"app_uid,omitempty" parquet:"app_uid,optional"`
15 |
16 | // Authorization Information: Provides details about an authorization, such as authorization outcome, and any associated policies related to the activity/event.
17 | Authorizations []*AuthorizationResult `json:"authorizations,omitempty" parquet:"authorizations,optional,list"`
18 |
19 | // Identity Provider: This object describes details about the Identity Provider used.
20 | Idp *IdentityProvider `json:"idp,omitempty" parquet:"idp,optional"`
21 |
22 | // Process: The process that initiated the activity.
23 | Process *Process `json:"process,omitempty" parquet:"process,optional"`
24 |
25 | // Session: The user session from which the activity was initiated.
26 | Session *Session `json:"session,omitempty" parquet:"session,optional"`
27 |
28 | // User: The user that initiated the activity or the user context from which the activity was initiated.
29 | User *User `json:"user,omitempty" parquet:"user,optional"`
30 | }
31 |
32 | var ActorFields = []arrow.Field{
33 | {Name: "app_name", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "app_uid", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "authorizations", Type: arrow.ListOf(AuthorizationResultStruct), Nullable: true},
36 | {Name: "idp", Type: IdentityProviderStruct, Nullable: true},
37 | {Name: "process", Type: ProcessStruct, Nullable: true},
38 | {Name: "session", Type: SessionStruct, Nullable: true},
39 | {Name: "user", Type: UserStruct, Nullable: true},
40 | }
41 |
42 | var ActorStruct = arrow.StructOf(ActorFields...)
43 |
44 | var ActorSchema = arrow.NewSchema(ActorFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/affected_code.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type AffectedCode struct {
9 |
10 | // End Line: The line number of the last line of code block identified as vulnerable.
11 | EndLine *int32 `json:"end_line,omitempty" parquet:"end_line,optional"`
12 |
13 | // File: Details about the file that contains the affected code block.
14 | File File `json:"file" parquet:"file"`
15 |
16 | // Owner: Details about the user that owns the affected file.
17 | Owner *User `json:"owner,omitempty" parquet:"owner,optional"`
18 |
19 | // Remediation Guidance: Describes the recommended remediation steps to address identified issue(s).
20 | Remediation *Remediation `json:"remediation,omitempty" parquet:"remediation,optional"`
21 |
22 | // Start Line: The line number of the first line of code block identified as vulnerable.
23 | StartLine *int32 `json:"start_line,omitempty" parquet:"start_line,optional"`
24 | }
25 |
26 | var AffectedCodeFields = []arrow.Field{
27 | {Name: "end_line", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
28 | {Name: "file", Type: FileStruct, Nullable: false},
29 | {Name: "owner", Type: UserStruct, Nullable: true},
30 | {Name: "remediation", Type: RemediationStruct, Nullable: true},
31 | {Name: "start_line", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
32 | }
33 |
34 | var AffectedCodeStruct = arrow.StructOf(AffectedCodeFields...)
35 |
36 | var AffectedCodeSchema = arrow.NewSchema(AffectedCodeFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/agent.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Agent struct {
9 |
10 | // Agent Name: The name of the agent or sensor. For example: AWS SSM Agent.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Agent Policies: Describes the various policies that may be applied or enforced by an agent or sensor. E.g., Conditional Access, prevention, auto-update, tamper protection, destination configuration, etc.
14 | Policies []*Policy `json:"policies,omitempty" parquet:"policies,optional,list"`
15 |
16 | // Agent Type: The normalized caption of the type_id value for the agent or sensor. In the case of 'Other' or 'Unknown', it is defined by the event source.
17 | Type *string `json:"type,omitempty" parquet:"type,optional"`
18 |
19 | // Type ID: The normalized representation of an agent or sensor. E.g., EDR, vulnerability management, APM, backup & recovery, etc.
20 | TypeId *int32 `json:"type_id,omitempty" parquet:"type_id,optional"`
21 |
22 | // Agent ID: The UID of the agent or sensor, sometimes known as a Sensor ID or aid.
23 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
24 |
25 | // Alternate Agent ID: An alternative or contextual identifier for the agent or sensor, such as a configuration, organization, or license UID.
26 | UidAlt *string `json:"uid_alt,omitempty" parquet:"uid_alt,optional"`
27 |
28 | // Vendor Name: The company or author who created the agent or sensor. For example: Crowdstrike.
29 | VendorName *string `json:"vendor_name,omitempty" parquet:"vendor_name,optional"`
30 |
31 | // Agent Version: The semantic version of the agent or sensor, e.g., 7.101.50.0.
32 | Version *string `json:"version,omitempty" parquet:"version,optional"`
33 | }
34 |
35 | var AgentFields = []arrow.Field{
36 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "policies", Type: arrow.ListOf(PolicyStruct), Nullable: true},
38 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
40 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
41 | {Name: "uid_alt", Type: arrow.BinaryTypes.String, Nullable: true},
42 | {Name: "vendor_name", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
44 | }
45 |
46 | var AgentStruct = arrow.StructOf(AgentFields...)
47 |
48 | var AgentSchema = arrow.NewSchema(AgentFields, nil)
49 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/analytic.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Analytic struct {
9 |
10 | // Category: The analytic category.
11 | Category *string `json:"category,omitempty" parquet:"category,optional"`
12 |
13 | // Description: The description of the analytic that generated the finding.
14 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
15 |
16 | // Name: The name of the analytic that generated the finding.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Type: The analytic type.
20 | Type *string `json:"type,omitempty" parquet:"type,optional"`
21 |
22 | // Type ID: The analytic type ID.
23 | TypeId int32 `json:"type_id" parquet:"type_id"`
24 |
25 | // Unique ID: The unique identifier of the analytic that generated the finding.
26 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
27 |
28 | // Version: The analytic version. For example: 1.1.
29 | Version *string `json:"version,omitempty" parquet:"version,optional"`
30 | }
31 |
32 | var AnalyticFields = []arrow.Field{
33 | {Name: "category", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
38 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var AnalyticStruct = arrow.StructOf(AnalyticFields...)
43 |
44 | var AnalyticSchema = arrow.NewSchema(AnalyticFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/api.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type API struct {
9 |
10 | // Group: The information pertaining to the API group.
11 | Group *Group `json:"group,omitempty" parquet:"group,optional"`
12 |
13 | // Operation: Verb/Operation associated with the request
14 | Operation string `json:"operation" parquet:"operation"`
15 |
16 | // API Request Details: Details pertaining to the API request.
17 | Request *RequestElements `json:"request,omitempty" parquet:"request,optional"`
18 |
19 | // API Response Details: Details pertaining to the API response.
20 | Response *ResponseElements `json:"response,omitempty" parquet:"response,optional"`
21 |
22 | // Service: The information pertaining to the API service.
23 | Service *Service `json:"service,omitempty" parquet:"service,optional"`
24 |
25 | // Version: The version of the API service.
26 | Version *string `json:"version,omitempty" parquet:"version,optional"`
27 | }
28 |
29 | var APIFields = []arrow.Field{
30 | {Name: "group", Type: GroupStruct, Nullable: true},
31 | {Name: "operation", Type: arrow.BinaryTypes.String, Nullable: false},
32 | {Name: "request", Type: RequestElementsStruct, Nullable: true},
33 | {Name: "response", Type: ResponseElementsStruct, Nullable: true},
34 | {Name: "service", Type: ServiceStruct, Nullable: true},
35 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var APIStruct = arrow.StructOf(APIFields...)
39 |
40 | var APISchema = arrow.NewSchema(APIFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/attack.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITREATTCK struct {
9 |
10 | // Sub Technique: The Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.
11 | SubTechnique *MITREATTCKSubTechnique `json:"sub_technique,omitempty" parquet:"sub_technique,optional"`
12 |
13 | // Tactic: The Tactic object describes the tactic ID and/or name that is associated to an attack, as defined by ATT&CK® Matrix.
14 | Tactic *MITREATTCKTactic `json:"tactic,omitempty" parquet:"tactic,optional"`
15 |
16 | // Technique: The Technique object describes the technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.
17 | Technique *MITREATTCKTechnique `json:"technique,omitempty" parquet:"technique,optional"`
18 |
19 | // Version: The ATT&CK® Matrix version.
20 | Version *string `json:"version,omitempty" parquet:"version,optional"`
21 | }
22 |
23 | var MITREATTCKFields = []arrow.Field{
24 | {Name: "sub_technique", Type: MITREATTCKSubTechniqueStruct, Nullable: true},
25 | {Name: "tactic", Type: MITREATTCKTacticStruct, Nullable: true},
26 | {Name: "technique", Type: MITREATTCKTechniqueStruct, Nullable: true},
27 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var MITREATTCKStruct = arrow.StructOf(MITREATTCKFields...)
31 |
32 | var MITREATTCKSchema = arrow.NewSchema(MITREATTCKFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/auth_factor.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type AuthenticationFactor struct {
9 |
10 | // Device: Device used to complete an authentication request.
11 | Device *Device `json:"device,omitempty" parquet:"device,optional"`
12 |
13 | // Email Address: The email address used in an email-based authentication factor.
14 | EmailAddr *string `json:"email_addr,omitempty" parquet:"email_addr,optional"`
15 |
16 | // Factor Type: The type of authentication factor used in an authentication attempt.
17 | FactorType *string `json:"factor_type,omitempty" parquet:"factor_type,optional"`
18 |
19 | // Factor Type ID: The normalized identifier for the authentication factor.
20 | FactorTypeId int32 `json:"factor_type_id" parquet:"factor_type_id"`
21 |
22 | // HMAC-based One-time Password (HOTP): Whether the authentication factor is an HMAC-based One-time Password (HOTP).
23 | IsHotp *bool `json:"is_hotp,omitempty" parquet:"is_hotp,optional"`
24 |
25 | // Time-based One-time Password (TOTP): Whether the authentication factor is a Time-based One-time Password (TOTP).
26 | IsTotp *bool `json:"is_totp,omitempty" parquet:"is_totp,optional"`
27 |
28 | // Phone Number: The phone number used for a telephony-based authentication request.
29 | PhoneNumber *string `json:"phone_number,omitempty" parquet:"phone_number,optional"`
30 |
31 | // Provider: The name of provider for an authentication factor.
32 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
33 |
34 | // Security Questions: The question(s) provided to user for a question-based authentication factor.
35 | SecurityQuestions []string `json:"security_questions,omitempty" parquet:"security_questions,optional,list"`
36 | }
37 |
38 | var AuthenticationFactorFields = []arrow.Field{
39 | {Name: "device", Type: DeviceStruct, Nullable: true},
40 | {Name: "email_addr", Type: arrow.BinaryTypes.String, Nullable: true},
41 | {Name: "factor_type", Type: arrow.BinaryTypes.String, Nullable: true},
42 | {Name: "factor_type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
43 | {Name: "is_hotp", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
44 | {Name: "is_totp", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
45 | {Name: "phone_number", Type: arrow.BinaryTypes.String, Nullable: true},
46 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
47 | {Name: "security_questions", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
48 | }
49 |
50 | var AuthenticationFactorStruct = arrow.StructOf(AuthenticationFactorFields...)
51 |
52 | var AuthenticationFactorSchema = arrow.NewSchema(AuthenticationFactorFields, nil)
53 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/authorization.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type AuthorizationResult struct {
9 |
10 | // Authorization Decision/Outcome: Authorization Result/outcome, e.g. allowed, denied.
11 | Decision *string `json:"decision,omitempty" parquet:"decision,optional"`
12 |
13 | // Policy: Details about the Identity/Access management policies that are applicable.
14 | Policy *Policy `json:"policy,omitempty" parquet:"policy,optional"`
15 | }
16 |
17 | var AuthorizationResultFields = []arrow.Field{
18 | {Name: "decision", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "policy", Type: PolicyStruct, Nullable: true},
20 | }
21 |
22 | var AuthorizationResultStruct = arrow.StructOf(AuthorizationResultFields...)
23 |
24 | var AuthorizationResultSchema = arrow.NewSchema(AuthorizationResultFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/autonomous_system.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type AutonomousSystem struct {
9 |
10 | // Name: Organization name for the Autonomous System.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Number: Unique number that the AS is identified by.
14 | Number *int32 `json:"number,omitempty" parquet:"number,optional"`
15 | }
16 |
17 | var AutonomousSystemFields = []arrow.Field{
18 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "number", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | }
21 |
22 | var AutonomousSystemStruct = arrow.StructOf(AutonomousSystemFields...)
23 |
24 | var AutonomousSystemSchema = arrow.NewSchema(AutonomousSystemFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cis_benchmark.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type CISBenchmark struct {
9 |
10 | // CIS Controls: The CIS Critical Security Controls is a prioritized set of actions to protect your organization and data from cyber-attack vectors.
11 | CisControls []*CISControl `json:"cis_controls,omitempty" parquet:"cis_controls,optional,list"`
12 |
13 | // Description: The CIS Benchmark description. For example: The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.
14 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
15 |
16 | // Name: The CIS Benchmark name. For example: Ensure mounting of cramfs filesystems is disabled.
17 | Name string `json:"name" parquet:"name"`
18 | }
19 |
20 | var CISBenchmarkFields = []arrow.Field{
21 | {Name: "cis_controls", Type: arrow.ListOf(CISControlStruct), Nullable: true},
22 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
24 | }
25 |
26 | var CISBenchmarkStruct = arrow.StructOf(CISBenchmarkFields...)
27 |
28 | var CISBenchmarkSchema = arrow.NewSchema(CISBenchmarkFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cis_benchmark_result.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type CISBenchmarkResult struct {
9 |
10 | // Description: The CIS benchmark description.
11 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
12 |
13 | // Name: The CIS benchmark name.
14 | Name string `json:"name" parquet:"name"`
15 |
16 | // Remediation Guidance: Describes the recommended remediation steps to address identified issue(s).
17 | Remediation *Remediation `json:"remediation,omitempty" parquet:"remediation,optional"`
18 |
19 | // Rule: The CIS benchmark rule.
20 | Rule *Rule `json:"rule,omitempty" parquet:"rule,optional"`
21 | }
22 |
23 | var CISBenchmarkResultFields = []arrow.Field{
24 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
25 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
26 | {Name: "remediation", Type: RemediationStruct, Nullable: true},
27 | {Name: "rule", Type: RuleStruct, Nullable: true},
28 | }
29 |
30 | var CISBenchmarkResultStruct = arrow.StructOf(CISBenchmarkResultFields...)
31 |
32 | var CISBenchmarkResultSchema = arrow.NewSchema(CISBenchmarkResultFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cis_control.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type CISControl struct {
9 |
10 | // Description: The CIS Control description. For example: Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.
11 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
12 |
13 | // Name: The CIS Control name. For example: 4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software.
14 | Name string `json:"name" parquet:"name"`
15 |
16 | // Version: The CIS Control version. For example: v8.
17 | Version *string `json:"version,omitempty" parquet:"version,optional"`
18 | }
19 |
20 | var CISControlFields = []arrow.Field{
21 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
23 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var CISControlStruct = arrow.StructOf(CISControlFields...)
27 |
28 | var CISControlSchema = arrow.NewSchema(CISControlFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cis_csc.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type CISCSC struct {
9 |
10 | // Security Control: A Control is prescriptive, prioritized, and simplified set of best practices that one can use to strengthen their cybersecurity posture. e.g. AWS SecurityHub Controls, CIS Controls.
11 | Control string `json:"control" parquet:"control"`
12 |
13 | // Version: The CIS critical security control version.
14 | Version *string `json:"version,omitempty" parquet:"version,optional"`
15 | }
16 |
17 | var CISCSCFields = []arrow.Field{
18 | {Name: "control", Type: arrow.BinaryTypes.String, Nullable: false},
19 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
20 | }
21 |
22 | var CISCSCStruct = arrow.StructOf(CISCSCFields...)
23 |
24 | var CISCSCSchema = arrow.NewSchema(CISCSCFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/classifier_details.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type ClassifierDetails struct {
9 |
10 | // Name: The name of the classifier.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Type: The type of the classifier.
14 | Type string `json:"type" parquet:"type"`
15 |
16 | // Unique ID: The unique identifier of the classifier.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var ClassifierDetailsFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: false},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var ClassifierDetailsStruct = arrow.StructOf(ClassifierDetailsFields...)
27 |
28 | var ClassifierDetailsSchema = arrow.NewSchema(ClassifierDetailsFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cloud.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Cloud struct {
9 |
10 | // Account: The account object describes details about the account that was the source or target of the activity.
11 | Account *Account `json:"account,omitempty" parquet:"account,optional"`
12 |
13 | // Cloud Partition: The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).
14 | CloudPartition *string `json:"cloud_partition,omitempty" parquet:"cloud_partition,optional"`
15 |
16 | // Organization: Organization and org unit relevant to the event or object.
17 | Org *Organization `json:"org,omitempty" parquet:"org,optional"`
18 |
19 | // Provider: The unique name of the Cloud services provider, such as AWS, MS Azure, GCP, etc.
20 | Provider string `json:"provider" parquet:"provider"`
21 |
22 | // Region: The name of the cloud region, as defined by the cloud provider.
23 | Region *string `json:"region,omitempty" parquet:"region,optional"`
24 |
25 | // Network Zone: The availability zone in the cloud region, as defined by the cloud provider.
26 | Zone *string `json:"zone,omitempty" parquet:"zone,optional"`
27 | }
28 |
29 | var CloudFields = []arrow.Field{
30 | {Name: "account", Type: AccountStruct, Nullable: true},
31 | {Name: "cloud_partition", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "org", Type: OrganizationStruct, Nullable: true},
33 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: false},
34 | {Name: "region", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "zone", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var CloudStruct = arrow.StructOf(CloudFields...)
39 |
40 | var CloudSchema = arrow.NewSchema(CloudFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/cwe.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type CWE struct {
9 |
10 | // Caption: The caption assigned to the Common Weakness Enumeration unique identifier.
11 | Caption *string `json:"caption,omitempty" parquet:"caption,optional"`
12 |
13 | // Source URL: URL pointing to the CWE Specification. For more information see CWE.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // CWE ID: The Common Weakness Enumeration unique number assigned to a specific weakness. A CWE Identifier begins "CWE" followed by a sequence of digits that acts as a unique identifier. For example: CWE-123.
17 | Uid string `json:"uid" parquet:"uid"`
18 | }
19 |
20 | var CWEFields = []arrow.Field{
21 | {Name: "caption", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
24 | }
25 |
26 | var CWEStruct = arrow.StructOf(CWEFields...)
27 |
28 | var CWESchema = arrow.NewSchema(CWEFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/d3f_tactic.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITRED3FENDTactic struct {
9 |
10 | // Name: The tactic name that is associated with the defensive technique. For example: Isolate.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Source URL: The versioned permalink of the defensive tactic. For example: https://d3fend.mitre.org/tactic/d3f:Isolate/.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // Unique ID: The unique identifier of the entity.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var MITRED3FENDTacticFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITRED3FENDTacticStruct = arrow.StructOf(MITRED3FENDTacticFields...)
27 |
28 | var MITRED3FENDTacticSchema = arrow.NewSchema(MITRED3FENDTacticFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/d3f_technique.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITREDEFENDTechnique struct {
9 |
10 | // Name: The name of the defensive technique. For example: IO Port Restriction.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Source URL: The versioned permalink of the defensive technique. For example: https://d3fend.mitre.org/technique/d3f:IOPortRestriction/.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // Unique ID: The unique identifier of the defensive technique. For example: D3-IOPR.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var MITREDEFENDTechniqueFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITREDEFENDTechniqueStruct = arrow.StructOf(MITREDEFENDTechniqueFields...)
27 |
28 | var MITREDEFENDTechniqueSchema = arrow.NewSchema(MITREDEFENDTechniqueFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/d3fend.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITRED3FEND struct {
9 |
10 | // MITRE DEFEND™ Tactic: The Tactic object describes the tactic ID and/or name that is associated with a countermeasure.
11 | D3fTactic *MITRED3FENDTactic `json:"d3f_tactic,omitempty" parquet:"d3f_tactic,optional"`
12 |
13 | // MITRE DEFEND™ Technique: The Technique object describes the technique ID and/or name associated with a countermeasure.
14 | D3fTechnique *MITREDEFENDTechnique `json:"d3f_technique,omitempty" parquet:"d3f_technique,optional"`
15 |
16 | // Version: The D3FEND™ Matrix version.
17 | Version *string `json:"version,omitempty" parquet:"version,optional"`
18 | }
19 |
20 | var MITRED3FENDFields = []arrow.Field{
21 | {Name: "d3f_tactic", Type: MITRED3FENDTacticStruct, Nullable: true},
22 | {Name: "d3f_technique", Type: MITREDEFENDTechniqueStruct, Nullable: true},
23 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITRED3FENDStruct = arrow.StructOf(MITRED3FENDFields...)
27 |
28 | var MITRED3FENDSchema = arrow.NewSchema(MITRED3FENDFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/database.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Database struct {
9 |
10 | // Created Time: The time when the database was known to have been created.
11 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
12 |
13 | // Data Classification: A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
14 | DataClassifications []*DataClassification `json:"data_classifications,omitempty" parquet:"data_classifications,optional,list"`
15 |
16 | // Description: The description of the database.
17 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
18 |
19 | // Groups: The group names to which the database belongs.
20 | Groups []*Group `json:"groups,omitempty" parquet:"groups,optional,list"`
21 |
22 | // Modified Time: The most recent time when any changes, updates, or modifications were made within the database.
23 | ModifiedTime *int64 `json:"modified_time,omitempty" parquet:"modified_time,optional"`
24 |
25 | // Name: The database name, ordinarily as assigned by a database administrator.
26 | Name *string `json:"name,omitempty" parquet:"name,optional"`
27 |
28 | // Size: The size of the database in bytes.
29 | Size *int64 `json:"size,omitempty" parquet:"size,optional"`
30 |
31 | // Type: The database type.
32 | Type *string `json:"type,omitempty" parquet:"type,optional"`
33 |
34 | // Type ID: The normalized identifier of the database type.
35 | TypeId int32 `json:"type_id" parquet:"type_id"`
36 |
37 | // Unique ID: The unique identifier of the database.
38 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
39 | }
40 |
41 | var DatabaseFields = []arrow.Field{
42 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
43 | {Name: "data_classifications", Type: arrow.ListOf(DataClassificationStruct), Nullable: true},
44 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
45 | {Name: "groups", Type: arrow.ListOf(GroupStruct), Nullable: true},
46 | {Name: "modified_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
47 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
48 | {Name: "size", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
49 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
50 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
51 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
52 | }
53 |
54 | var DatabaseStruct = arrow.StructOf(DatabaseFields...)
55 |
56 | var DatabaseSchema = arrow.NewSchema(DatabaseFields, nil)
57 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/dce_rpc.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DCERPC struct {
9 |
10 | // Command: The request command (e.g. REQUEST, BIND).
11 | Command *string `json:"command,omitempty" parquet:"command,optional"`
12 |
13 | // Command Response: The reply to the request command (e.g. RESPONSE, BINDACK or FAULT).
14 | CommandResponse *string `json:"command_response,omitempty" parquet:"command_response,optional"`
15 |
16 | // Flags: The list of interface flags.
17 | Flags []string `json:"flags" parquet:"flags,list"`
18 |
19 | // Opnum: An operation number used to identify a specific remote procedure call (RPC) method or a method in an interface.
20 | Opnum *int32 `json:"opnum,omitempty" parquet:"opnum,optional"`
21 |
22 | // Remote Procedure Call Interface: The RPC Interface object describes the details pertaining to the remote procedure call interface.
23 | RpcInterface RPCInterface `json:"rpc_interface" parquet:"rpc_interface"`
24 | }
25 |
26 | var DCERPCFields = []arrow.Field{
27 | {Name: "command", Type: arrow.BinaryTypes.String, Nullable: true},
28 | {Name: "command_response", Type: arrow.BinaryTypes.String, Nullable: true},
29 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: false},
30 | {Name: "opnum", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
31 | {Name: "rpc_interface", Type: RPCInterfaceStruct, Nullable: false},
32 | }
33 |
34 | var DCERPCStruct = arrow.StructOf(DCERPCFields...)
35 |
36 | var DCERPCSchema = arrow.NewSchema(DCERPCFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/digital_signature.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DigitalSignature struct {
9 |
10 | // Algorithm: The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.
11 | Algorithm *string `json:"algorithm,omitempty" parquet:"algorithm,optional"`
12 |
13 | // Algorithm ID: The identifier of the normalized digital signature algorithm.
14 | AlgorithmId int32 `json:"algorithm_id" parquet:"algorithm_id"`
15 |
16 | // Certificate: The certificate object containing information about the digital certificate.
17 | Certificate *DigitalCertificate `json:"certificate,omitempty" parquet:"certificate,optional"`
18 |
19 | // Created Time: The time when the digital signature was created.
20 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
21 |
22 | // Developer UID: The developer ID on the certificate that signed the file.
23 | DeveloperUid *string `json:"developer_uid,omitempty" parquet:"developer_uid,optional"`
24 |
25 | // Message Digest: The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.
26 | Digest *Fingerprint `json:"digest,omitempty" parquet:"digest,optional"`
27 |
28 | // State: The digital signature state defines the signature state, normalized to the caption of 'state_id'. In the case of 'Other', it is defined by the event source.
29 | State *string `json:"state,omitempty" parquet:"state,optional"`
30 |
31 | // State ID: The normalized identifier of the signature state.
32 | StateId *int32 `json:"state_id,omitempty" parquet:"state_id,optional"`
33 | }
34 |
35 | var DigitalSignatureFields = []arrow.Field{
36 | {Name: "algorithm", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "algorithm_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
38 | {Name: "certificate", Type: DigitalCertificateStruct, Nullable: true},
39 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
40 | {Name: "developer_uid", Type: arrow.BinaryTypes.String, Nullable: true},
41 | {Name: "digest", Type: FingerprintStruct, Nullable: true},
42 | {Name: "state", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "state_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
44 | }
45 |
46 | var DigitalSignatureStruct = arrow.StructOf(DigitalSignatureFields...)
47 |
48 | var DigitalSignatureSchema = arrow.NewSchema(DigitalSignatureFields, nil)
49 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/discovery_details.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DiscoveryDetails struct {
9 |
10 | // Count: The number of discovered entities of the specified type.
11 | Count *int32 `json:"count,omitempty" parquet:"count,optional"`
12 |
13 | // Occurrence Details: Details about where in the target entity, specified information was discovered. Only the attributes, relevant to the target entity type should be populuated.
14 | OccurrenceDetails *OccurrenceDetails `json:"occurrence_details,omitempty" parquet:"occurrence_details,optional"`
15 |
16 | // Type: The specific type of information that was discovered. e.g. name, phone_number, etc.
17 | Type *string `json:"type,omitempty" parquet:"type,optional"`
18 |
19 | // Value: Optionally, the specific value of discovered information.
20 | Value *string `json:"value,omitempty" parquet:"value,optional"`
21 | }
22 |
23 | var DiscoveryDetailsFields = []arrow.Field{
24 | {Name: "count", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
25 | {Name: "occurrence_details", Type: OccurrenceDetailsStruct, Nullable: true},
26 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
27 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var DiscoveryDetailsStruct = arrow.StructOf(DiscoveryDetailsFields...)
31 |
32 | var DiscoveryDetailsSchema = arrow.NewSchema(DiscoveryDetailsFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/display.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Display struct {
9 |
10 | // Color Depth: The numeric color depth.
11 | ColorDepth *int32 `json:"color_depth,omitempty" parquet:"color_depth,optional"`
12 |
13 | // Physical Height: The numeric physical height of display.
14 | PhysicalHeight *int32 `json:"physical_height,omitempty" parquet:"physical_height,optional"`
15 |
16 | // Physical Orientation: The numeric physical orientation of display.
17 | PhysicalOrientation *int32 `json:"physical_orientation,omitempty" parquet:"physical_orientation,optional"`
18 |
19 | // Physical Width: The numeric physical width of display.
20 | PhysicalWidth *int32 `json:"physical_width,omitempty" parquet:"physical_width,optional"`
21 |
22 | // Scale Factor: The numeric scale factor of display.
23 | ScaleFactor *int32 `json:"scale_factor,omitempty" parquet:"scale_factor,optional"`
24 | }
25 |
26 | var DisplayFields = []arrow.Field{
27 | {Name: "color_depth", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
28 | {Name: "physical_height", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
29 | {Name: "physical_orientation", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
30 | {Name: "physical_width", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
31 | {Name: "scale_factor", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
32 | }
33 |
34 | var DisplayStruct = arrow.StructOf(DisplayFields...)
35 |
36 | var DisplaySchema = arrow.NewSchema(DisplayFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/dns_answer.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DNSAnswer struct {
9 |
10 | // Resource Record Class: The class of DNS data contained in this resource record. See RFC1035. For example: IN.
11 | Class *string `json:"class,omitempty" parquet:"class,optional"`
12 |
13 | // DNS Header Flags: The list of DNS answer header flag IDs.
14 | FlagIds []int32 `json:"flag_ids,omitempty" parquet:"flag_ids,optional,list"`
15 |
16 | // DNS Header Flags: The list of DNS answer header flags.
17 | Flags []string `json:"flags,omitempty" parquet:"flags,optional,list"`
18 |
19 | // Packet UID: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
20 | PacketUid *int32 `json:"packet_uid,omitempty" parquet:"packet_uid,optional"`
21 |
22 | // DNS RData: The data describing the DNS resource. The meaning of this data depends on the type and class of the resource record.
23 | Rdata string `json:"rdata" parquet:"rdata"`
24 |
25 | // TTL: The time interval that the resource record may be cached. Zero value means that the resource record can only be used for the transaction in progress, and should not be cached.
26 | Ttl *int32 `json:"ttl,omitempty" parquet:"ttl,optional"`
27 |
28 | // Resource Record Type: The type of data contained in this resource record. See RFC1035. For example: CNAME.
29 | Type *string `json:"type,omitempty" parquet:"type,optional"`
30 | }
31 |
32 | var DNSAnswerFields = []arrow.Field{
33 | {Name: "class", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "flag_ids", Type: arrow.ListOf(arrow.PrimitiveTypes.Int32), Nullable: true},
35 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
36 | {Name: "packet_uid", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
37 | {Name: "rdata", Type: arrow.BinaryTypes.String, Nullable: false},
38 | {Name: "ttl", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
39 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var DNSAnswerStruct = arrow.StructOf(DNSAnswerFields...)
43 |
44 | var DNSAnswerSchema = arrow.NewSchema(DNSAnswerFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/dns_query.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DNSQuery struct {
9 |
10 | // Resource Record Class: The class of resource records being queried. See RFC1035. For example: IN.
11 | Class *string `json:"class,omitempty" parquet:"class,optional"`
12 |
13 | // Hostname: The hostname or domain being queried. For example: www.example.com
14 | Hostname string `json:"hostname" parquet:"hostname"`
15 |
16 | // DNS Opcode: The DNS opcode specifies the type of the query message.
17 | Opcode *string `json:"opcode,omitempty" parquet:"opcode,optional"`
18 |
19 | // DNS Opcode ID: The DNS opcode ID specifies the normalized query message type as defined in RFC-5395.
20 | OpcodeId *int32 `json:"opcode_id,omitempty" parquet:"opcode_id,optional"`
21 |
22 | // Packet UID: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
23 | PacketUid *int32 `json:"packet_uid,omitempty" parquet:"packet_uid,optional"`
24 |
25 | // Resource Record Type: The type of resource records being queried. See RFC1035. For example: A, AAAA, CNAME, MX, and NS.
26 | Type *string `json:"type,omitempty" parquet:"type,optional"`
27 | }
28 |
29 | var DNSQueryFields = []arrow.Field{
30 | {Name: "class", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "hostname", Type: arrow.BinaryTypes.String, Nullable: false},
32 | {Name: "opcode", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "opcode_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
34 | {Name: "packet_uid", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
35 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var DNSQueryStruct = arrow.StructOf(DNSQueryFields...)
39 |
40 | var DNSQuerySchema = arrow.NewSchema(DNSQueryFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/domain_contact.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type DomainContact struct {
9 |
10 | // Contact Email: The user's primary email address.
11 | EmailAddr *string `json:"email_addr,omitempty" parquet:"email_addr,optional"`
12 |
13 | // Contact Location Information: Location details for the contract such as the city, state/province, country, etc.
14 | Location *GeoLocation `json:"location,omitempty" parquet:"location,optional"`
15 |
16 | // Name: The individual or organization name for the contact.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Phone Number: The number associated with the phone.
20 | PhoneNumber *string `json:"phone_number,omitempty" parquet:"phone_number,optional"`
21 |
22 | // Domain Contact Type: The Domain Contact type, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 |
25 | // Domain Contact Type ID: The normalized domain contact type ID.
26 | TypeId int32 `json:"type_id" parquet:"type_id"`
27 |
28 | // Unique ID: The unique identifier of the contact information, typically provided in WHOIS information.
29 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
30 | }
31 |
32 | var DomainContactFields = []arrow.Field{
33 | {Name: "email_addr", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "location", Type: GeoLocationStruct, Nullable: true},
35 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "phone_number", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
39 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var DomainContactStruct = arrow.StructOf(DomainContactFields...)
43 |
44 | var DomainContactSchema = arrow.NewSchema(DomainContactFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/email_auth.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type EmailAuthentication struct {
9 |
10 | // DKIM Status: The DomainKeys Identified Mail (DKIM) status of the email.
11 | Dkim *string `json:"dkim,omitempty" parquet:"dkim,optional"`
12 |
13 | // DKIM Domain: The DomainKeys Identified Mail (DKIM) signing domain of the email.
14 | DkimDomain *string `json:"dkim_domain,omitempty" parquet:"dkim_domain,optional"`
15 |
16 | // DKIM Signature: The DomainKeys Identified Mail (DKIM) signature used by the sending/receiving system.
17 | DkimSignature *string `json:"dkim_signature,omitempty" parquet:"dkim_signature,optional"`
18 |
19 | // DMARC Status: The Domain-based Message Authentication, Reporting and Conformance (DMARC) status of the email.
20 | Dmarc *string `json:"dmarc,omitempty" parquet:"dmarc,optional"`
21 |
22 | // DMARC Override: The Domain-based Message Authentication, Reporting and Conformance (DMARC) override action.
23 | DmarcOverride *string `json:"dmarc_override,omitempty" parquet:"dmarc_override,optional"`
24 |
25 | // DMARC Policy: The Domain-based Message Authentication, Reporting and Conformance (DMARC) policy status.
26 | DmarcPolicy *string `json:"dmarc_policy,omitempty" parquet:"dmarc_policy,optional"`
27 |
28 | // SPF Status: The Sender Policy Framework (SPF) status of the email.
29 | Spf *string `json:"spf,omitempty" parquet:"spf,optional"`
30 | }
31 |
32 | var EmailAuthenticationFields = []arrow.Field{
33 | {Name: "dkim", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "dkim_domain", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "dkim_signature", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "dmarc", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "dmarc_override", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "dmarc_policy", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "spf", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var EmailAuthenticationStruct = arrow.StructOf(EmailAuthenticationFields...)
43 |
44 | var EmailAuthenticationSchema = arrow.NewSchema(EmailAuthenticationFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/encryption_details.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type EncryptionDetails struct {
9 |
10 | // Encryption Algorithm: The encryption algorithm used, normalized to the caption of 'algorithm_id
11 | Algorithm *string `json:"algorithm,omitempty" parquet:"algorithm,optional"`
12 |
13 | // Encryption Algorithm ID: The encryption algorithm used.
14 | AlgorithmId *int32 `json:"algorithm_id,omitempty" parquet:"algorithm_id,optional"`
15 |
16 | // Encryption Key Length: The length of the encryption key used.
17 | KeyLength *int32 `json:"key_length,omitempty" parquet:"key_length,optional"`
18 |
19 | // Key UID: The unique identifier of the key used for encrpytion. For example, AWS KMS Key ARN.
20 | KeyUid *string `json:"key_uid,omitempty" parquet:"key_uid,optional"`
21 |
22 | // Encryption Type: The type of the encryption used.
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 | }
25 |
26 | var EncryptionDetailsFields = []arrow.Field{
27 | {Name: "algorithm", Type: arrow.BinaryTypes.String, Nullable: true},
28 | {Name: "algorithm_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
29 | {Name: "key_length", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
30 | {Name: "key_uid", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
32 | }
33 |
34 | var EncryptionDetailsStruct = arrow.StructOf(EncryptionDetailsFields...)
35 |
36 | var EncryptionDetailsSchema = arrow.NewSchema(EncryptionDetailsFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/endpoint_connection.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type EndpointConnection struct {
9 |
10 | // Response Code: A numerical response status code providing details about the connection.
11 | Code *int32 `json:"code,omitempty" parquet:"code,optional"`
12 |
13 | // Network Endpoint: Provides characteristics of the network endpoint.
14 | NetworkEndpoint *NetworkEndpoint `json:"network_endpoint,omitempty" parquet:"network_endpoint,optional"`
15 | }
16 |
17 | var EndpointConnectionFields = []arrow.Field{
18 | {Name: "code", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
19 | {Name: "network_endpoint", Type: NetworkEndpointStruct, Nullable: true},
20 | }
21 |
22 | var EndpointConnectionStruct = arrow.StructOf(EndpointConnectionFields...)
23 |
24 | var EndpointConnectionSchema = arrow.NewSchema(EndpointConnectionFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/enrichment.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Enrichment struct {
9 |
10 | // Created Time: The time when the enrichment data was generated.
11 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
12 |
13 | // Data: The enrichment data associated with the attribute and value. The meaning of this data depends on the type the enrichment record.
14 | Data string `json:"data" parquet:"data"`
15 |
16 | // Description: A long description of the enrichment data.
17 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
18 |
19 | // Name: The name of the attribute to which the enriched data pertains.
20 | Name string `json:"name" parquet:"name"`
21 |
22 | // Provider: The enrichment data provider name.
23 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
24 |
25 | // Reputation Scores: The reputation of the enrichment data.
26 | Reputation *Reputation `json:"reputation,omitempty" parquet:"reputation,optional"`
27 |
28 | // Short Description: A short description of the enrichment data.
29 | ShortDesc *string `json:"short_desc,omitempty" parquet:"short_desc,optional"`
30 |
31 | // Source URL: The URL of the source of the enrichment data.
32 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
33 |
34 | // Type: The enrichment type. For example: location.
35 | Type *string `json:"type,omitempty" parquet:"type,optional"`
36 |
37 | // Value: The value of the attribute to which the enriched data pertains.
38 | Value string `json:"value" parquet:"value"`
39 | }
40 |
41 | var EnrichmentFields = []arrow.Field{
42 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
43 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: false},
44 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
45 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
46 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
47 | {Name: "reputation", Type: ReputationStruct, Nullable: true},
48 | {Name: "short_desc", Type: arrow.BinaryTypes.String, Nullable: true},
49 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
50 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
51 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
52 | }
53 |
54 | var EnrichmentStruct = arrow.StructOf(EnrichmentFields...)
55 |
56 | var EnrichmentSchema = arrow.NewSchema(EnrichmentFields, nil)
57 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/environment_variable.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type EnvironmentVariable struct {
9 |
10 | // Name: The name of the environment variable.
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Value: The value of the environment variable.
14 | Value string `json:"value" parquet:"value"`
15 | }
16 |
17 | var EnvironmentVariableFields = []arrow.Field{
18 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
19 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
20 | }
21 |
22 | var EnvironmentVariableStruct = arrow.StructOf(EnvironmentVariableFields...)
23 |
24 | var EnvironmentVariableSchema = arrow.NewSchema(EnvironmentVariableFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/epss.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type EPSS struct {
9 |
10 | // Created Time: The timestamp indicating when the EPSS score was calculated.
11 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
12 |
13 | // EPSS Percentile: The EPSS score's percentile representing relative importance and ranking of the score in the larger EPSS dataset.
14 | Percentile *float64 `json:"percentile,omitempty" parquet:"percentile,optional"`
15 |
16 | // EPPS Score: The EPSS score representing the probability [0-1] of exploitation in the wild in the next 30 days (following score publication).
17 | Score string `json:"score" parquet:"score"`
18 |
19 | // Version: The version of the EPSS model used to calculate the score.
20 | Version *string `json:"version,omitempty" parquet:"version,optional"`
21 | }
22 |
23 | var EPSSFields = []arrow.Field{
24 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
25 | {Name: "percentile", Type: arrow.PrimitiveTypes.Float64, Nullable: true},
26 | {Name: "score", Type: arrow.BinaryTypes.String, Nullable: false},
27 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var EPSSStruct = arrow.StructOf(EPSSFields...)
31 |
32 | var EPSSSchema = arrow.NewSchema(EPSSFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/extension.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type SchemaExtension struct {
9 |
10 | // Name: The schema extension name. For example: dev.
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Unique ID: The schema extension unique identifier. For example: 999.
14 | Uid string `json:"uid" parquet:"uid"`
15 |
16 | // Version: The schema extension version. For example: 1.0.0-alpha.2.
17 | Version string `json:"version" parquet:"version"`
18 | }
19 |
20 | var SchemaExtensionFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
22 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
23 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
24 | }
25 |
26 | var SchemaExtensionStruct = arrow.StructOf(SchemaExtensionFields...)
27 |
28 | var SchemaExtensionSchema = arrow.NewSchema(SchemaExtensionFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/feature.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Feature struct {
9 |
10 | // Name: The name of the feature.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Unique ID: The unique identifier of the feature.
14 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
15 |
16 | // Version: The version of the feature.
17 | Version *string `json:"version,omitempty" parquet:"version,optional"`
18 | }
19 |
20 | var FeatureFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var FeatureStruct = arrow.StructOf(FeatureFields...)
27 |
28 | var FeatureSchema = arrow.NewSchema(FeatureFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/fingerprint.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Fingerprint struct {
9 |
10 | // Algorithm: The hash algorithm used to create the digital fingerprint, normalized to the caption of algorithm_id. In the case of Other, it is defined by the event source.
11 | Algorithm *string `json:"algorithm,omitempty" parquet:"algorithm,optional"`
12 |
13 | // Algorithm ID: The identifier of the normalized hash algorithm, which was used to create the digital fingerprint.
14 | AlgorithmId int32 `json:"algorithm_id" parquet:"algorithm_id"`
15 |
16 | // Value: The digital fingerprint value.
17 | Value string `json:"value" parquet:"value"`
18 | }
19 |
20 | var FingerprintFields = []arrow.Field{
21 | {Name: "algorithm", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "algorithm_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
23 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
24 | }
25 |
26 | var FingerprintStruct = arrow.StructOf(FingerprintFields...)
27 |
28 | var FingerprintSchema = arrow.NewSchema(FingerprintFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/group.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Group struct {
9 |
10 | // Description: The group description.
11 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
12 |
13 | // Domain: The domain where the group is defined. For example: the LDAP or Active Directory domain.
14 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
15 |
16 | // Name: The group name.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Privileges: The group privileges.
20 | Privileges []string `json:"privileges,omitempty" parquet:"privileges,optional,list"`
21 |
22 | // Account Type: The type of the group or account.
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 |
25 | // Unique ID: The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group.
26 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | }
28 |
29 | var GroupFields = []arrow.Field{
30 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "privileges", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
34 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var GroupStruct = arrow.StructOf(GroupFields...)
39 |
40 | var GroupSchema = arrow.NewSchema(GroupFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/hassh.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type HASSH struct {
9 |
10 | // Algorithm: The concatenation of key exchange, encryption, authentication and compression algorithms (separated by ';'). NOTE: This is not the underlying algorithm for the hash implementation.
11 | Algorithm *string `json:"algorithm,omitempty" parquet:"algorithm,optional"`
12 |
13 | // Fingerprint: The hash of the key exchange, encryption, authentication and compression algorithms.
14 | Fingerprint Fingerprint `json:"fingerprint" parquet:"fingerprint"`
15 | }
16 |
17 | var HASSHFields = []arrow.Field{
18 | {Name: "algorithm", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "fingerprint", Type: FingerprintStruct, Nullable: false},
20 | }
21 |
22 | var HASSHStruct = arrow.StructOf(HASSHFields...)
23 |
24 | var HASSHSchema = arrow.NewSchema(HASSHFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/http_cookie.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type HTTPCookie struct {
9 |
10 | // Domain: The domain name for the server from which the http_cookie is served.
11 | Domain *string `json:"domain,omitempty" parquet:"domain,optional"`
12 |
13 | // Expiration Time: The expiration time of the HTTP cookie.
14 | ExpirationTime *int64 `json:"expiration_time,omitempty" parquet:"expiration_time,optional"`
15 |
16 | // HTTP Only: This attribute prevents the cookie from being accessed via JavaScript.
17 | IsHttpOnly *bool `json:"is_http_only,omitempty" parquet:"is_http_only,optional"`
18 |
19 | // Secure: The cookie attribute indicates that cookies are sent to the server only when the request is encrypted using the HTTPS protocol.
20 | IsSecure *bool `json:"is_secure,omitempty" parquet:"is_secure,optional"`
21 |
22 | // Name: The HTTP cookie name.
23 | Name string `json:"name" parquet:"name"`
24 |
25 | // Path: The path of the HTTP cookie.
26 | Path *string `json:"path,omitempty" parquet:"path,optional"`
27 |
28 | // SameSite: The cookie attribute that lets servers specify whether/when cookies are sent with cross-site requests. Values are: Strict, Lax or None
29 | Samesite *string `json:"samesite,omitempty" parquet:"samesite,optional"`
30 |
31 | // Value: The HTTP cookie value.
32 | Value string `json:"value" parquet:"value"`
33 | }
34 |
35 | var HTTPCookieFields = []arrow.Field{
36 | {Name: "domain", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "expiration_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
38 | {Name: "is_http_only", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
39 | {Name: "is_secure", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
40 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
41 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
42 | {Name: "samesite", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
44 | }
45 |
46 | var HTTPCookieStruct = arrow.StructOf(HTTPCookieFields...)
47 |
48 | var HTTPCookieSchema = arrow.NewSchema(HTTPCookieFields, nil)
49 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/http_header.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type HTTPHeader struct {
9 |
10 | // Name: The name of the HTTP header.
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Value: The value of the HTTP header.
14 | Value string `json:"value" parquet:"value"`
15 | }
16 |
17 | var HTTPHeaderFields = []arrow.Field{
18 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
19 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
20 | }
21 |
22 | var HTTPHeaderStruct = arrow.StructOf(HTTPHeaderFields...)
23 |
24 | var HTTPHeaderSchema = arrow.NewSchema(HTTPHeaderFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/http_response.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type HTTPResponse struct {
9 |
10 | // Response Body Length: The actual length of the HTTP response body, in number of bytes, independent of a potentially existing Content-Length header.
11 | BodyLength *int32 `json:"body_length,omitempty" parquet:"body_length,optional"`
12 |
13 | // Response Code: The Hypertext Transfer Protocol (HTTP) status code returned from the web server to the client. For example, 200.
14 | Code int32 `json:"code" parquet:"code"`
15 |
16 | // HTTP Content Type: The request header that identifies the original media type of the resource (prior to any content encoding applied for sending).
17 | ContentType *string `json:"content_type,omitempty" parquet:"content_type,optional"`
18 |
19 | // HTTP Headers: Additional HTTP headers of an HTTP request or response.
20 | HttpHeaders []*HTTPHeader `json:"http_headers,omitempty" parquet:"http_headers,optional,list"`
21 |
22 | // Latency: The HTTP response latency measured in milliseconds.
23 | Latency *int32 `json:"latency,omitempty" parquet:"latency,optional"`
24 |
25 | // Response Length: The length of the entire HTTP response, in number of bytes.
26 | Length *int32 `json:"length,omitempty" parquet:"length,optional"`
27 |
28 | // Message: The description of the event/finding, as defined by the source.
29 | Message *string `json:"message,omitempty" parquet:"message,optional"`
30 |
31 | // Status: The response status. For example: A successful HTTP status of 'OK' which corresponds to a code of 200.
32 | Status *string `json:"status,omitempty" parquet:"status,optional"`
33 | }
34 |
35 | var HTTPResponseFields = []arrow.Field{
36 | {Name: "body_length", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
37 | {Name: "code", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
38 | {Name: "content_type", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "http_headers", Type: arrow.ListOf(HTTPHeaderStruct), Nullable: true},
40 | {Name: "latency", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
41 | {Name: "length", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
42 | {Name: "message", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "status", Type: arrow.BinaryTypes.String, Nullable: true},
44 | }
45 |
46 | var HTTPResponseStruct = arrow.StructOf(HTTPResponseFields...)
47 |
48 | var HTTPResponseSchema = arrow.NewSchema(HTTPResponseFields, nil)
49 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/image.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Image struct {
9 |
10 | // Labels: The list of labels associated to the image.
11 | Labels []string `json:"labels,omitempty" parquet:"labels,optional,list"`
12 |
13 | // Name: The image name. For example: elixir.
14 | Name *string `json:"name,omitempty" parquet:"name,optional"`
15 |
16 | // Path: The full path to the image file.
17 | Path *string `json:"path,omitempty" parquet:"path,optional"`
18 |
19 | // Tags: The list of tags; {key:value} pairs associated to the image.
20 | Tags []*KeyValueobject `json:"tags,omitempty" parquet:"tags,optional,list"`
21 |
22 | // Unique ID: The unique image ID. For example: 77af4d6b9913.
23 | Uid string `json:"uid" parquet:"uid"`
24 | }
25 |
26 | var ImageFields = []arrow.Field{
27 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
28 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
29 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
30 | {Name: "tags", Type: arrow.ListOf(KeyValueobjectStruct), Nullable: true},
31 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
32 | }
33 |
34 | var ImageStruct = arrow.StructOf(ImageFields...)
35 |
36 | var ImageSchema = arrow.NewSchema(ImageFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/ja4_fingerprint.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type JA4Fingerprint struct {
9 |
10 | // JA4 Section A: The 'a' section of the JA4 fingerprint.
11 | SectionA *string `json:"section_a,omitempty" parquet:"section_a,optional"`
12 |
13 | // JA4 Section B: The 'b' section of the JA4 fingerprint.
14 | SectionB *string `json:"section_b,omitempty" parquet:"section_b,optional"`
15 |
16 | // JA4 Section C: The 'c' section of the JA4 fingerprint.
17 | SectionC *string `json:"section_c,omitempty" parquet:"section_c,optional"`
18 |
19 | // JA4 Section D: The 'd' section of the JA4 fingerprint.
20 | SectionD *string `json:"section_d,omitempty" parquet:"section_d,optional"`
21 |
22 | // Type: The JA4+ fingerprint type as defined by FoxIO, normalized to the caption of 'type_id'. In the case of 'Other', it is defined by the event source.
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 |
25 | // Type ID: The identifier of the JA4+ fingerprint type.
26 | TypeId int32 `json:"type_id" parquet:"type_id"`
27 |
28 | // Value: The JA4+ fingerprint value.
29 | Value string `json:"value" parquet:"value"`
30 | }
31 |
32 | var JA4FingerprintFields = []arrow.Field{
33 | {Name: "section_a", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "section_b", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "section_c", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "section_d", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
39 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
40 | }
41 |
42 | var JA4FingerprintStruct = arrow.StructOf(JA4FingerprintFields...)
43 |
44 | var JA4FingerprintSchema = arrow.NewSchema(JA4FingerprintFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/job.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Job struct {
9 |
10 | // Command Line: The job command line.
11 | CmdLine *string `json:"cmd_line,omitempty" parquet:"cmd_line,optional"`
12 |
13 | // Created Time: The time when the job was created.
14 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
15 |
16 | // Description: The description of the job.
17 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
18 |
19 | // File: The file that pertains to the job.
20 | File File `json:"file" parquet:"file"`
21 |
22 | // Last Run: The time when the job was last run.
23 | LastRunTime *int64 `json:"last_run_time,omitempty" parquet:"last_run_time,optional"`
24 |
25 | // Name: The name of the job.
26 | Name string `json:"name" parquet:"name"`
27 |
28 | // Next Run: The time when the job will next be run.
29 | NextRunTime *int64 `json:"next_run_time,omitempty" parquet:"next_run_time,optional"`
30 |
31 | // Run State: The run state of the job.
32 | RunState *string `json:"run_state,omitempty" parquet:"run_state,optional"`
33 |
34 | // Run State ID: The run state ID of the job.
35 | RunStateId *int32 `json:"run_state_id,omitempty" parquet:"run_state_id,optional"`
36 |
37 | // User: The user that created the job.
38 | User *User `json:"user,omitempty" parquet:"user,optional"`
39 | }
40 |
41 | var JobFields = []arrow.Field{
42 | {Name: "cmd_line", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
44 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
45 | {Name: "file", Type: FileStruct, Nullable: false},
46 | {Name: "last_run_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
47 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
48 | {Name: "next_run_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
49 | {Name: "run_state", Type: arrow.BinaryTypes.String, Nullable: true},
50 | {Name: "run_state_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
51 | {Name: "user", Type: UserStruct, Nullable: true},
52 | }
53 |
54 | var JobStruct = arrow.StructOf(JobFields...)
55 |
56 | var JobSchema = arrow.NewSchema(JobFields, nil)
57 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/kernel.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type KernelResource struct {
9 |
10 | // System: The indication of whether the object is part of the operating system.
11 | IsSystem *bool `json:"is_system,omitempty" parquet:"is_system,optional"`
12 |
13 | // Name: The name of the kernel resource.
14 | Name string `json:"name" parquet:"name"`
15 |
16 | // Path: The full path of the kernel resource.
17 | Path *string `json:"path,omitempty" parquet:"path,optional"`
18 |
19 | // System Call: The system call that was invoked.
20 | SystemCall *string `json:"system_call,omitempty" parquet:"system_call,optional"`
21 |
22 | // Type: The type of the kernel resource.
23 | Type *string `json:"type,omitempty" parquet:"type,optional"`
24 |
25 | // Type ID: The type of the kernel resource.
26 | TypeId int32 `json:"type_id" parquet:"type_id"`
27 | }
28 |
29 | var KernelResourceFields = []arrow.Field{
30 | {Name: "is_system", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
31 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
32 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "system_call", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
36 | }
37 |
38 | var KernelResourceStruct = arrow.StructOf(KernelResourceFields...)
39 |
40 | var KernelResourceSchema = arrow.NewSchema(KernelResourceFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/kernel_driver.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type KernelExtension struct {
9 |
10 | // File: The driver/extension file object.
11 | File File `json:"file" parquet:"file"`
12 | }
13 |
14 | var KernelExtensionFields = []arrow.Field{
15 | {Name: "file", Type: FileStruct, Nullable: false},
16 | }
17 |
18 | var KernelExtensionStruct = arrow.StructOf(KernelExtensionFields...)
19 |
20 | var KernelExtensionSchema = arrow.NewSchema(KernelExtensionFields, nil)
21 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/key_value_object.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type KeyValueobject struct {
9 |
10 | // Name: The name of the key.
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Value: The value associated to the key.
14 | Value *string `json:"value,omitempty" parquet:"value,optional"`
15 |
16 | // Values: Optional, the values associated to the key. You can populate this attribute, when you have multiple values for the same key.
17 | Values []string `json:"values,omitempty" parquet:"values,optional,list"`
18 | }
19 |
20 | var KeyValueobjectFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
22 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "values", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
24 | }
25 |
26 | var KeyValueobjectStruct = arrow.StructOf(KeyValueobjectFields...)
27 |
28 | var KeyValueobjectSchema = arrow.NewSchema(KeyValueobjectFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/keyboard_info.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type KeyboardInformation struct {
9 |
10 | // Function Keys: The number of function keys on client keyboard.
11 | FunctionKeys *int32 `json:"function_keys,omitempty" parquet:"function_keys,optional"`
12 |
13 | // IME: The Input Method Editor (IME) file name.
14 | Ime *string `json:"ime,omitempty" parquet:"ime,optional"`
15 |
16 | // Keyboard Layout: The keyboard locale identifier name (e.g., en-US).
17 | KeyboardLayout *string `json:"keyboard_layout,omitempty" parquet:"keyboard_layout,optional"`
18 |
19 | // Keyboard Subtype: The keyboard numeric code.
20 | KeyboardSubtype *int32 `json:"keyboard_subtype,omitempty" parquet:"keyboard_subtype,optional"`
21 |
22 | // Keyboard Type: The keyboard type (e.g., xt, ico).
23 | KeyboardType *string `json:"keyboard_type,omitempty" parquet:"keyboard_type,optional"`
24 | }
25 |
26 | var KeyboardInformationFields = []arrow.Field{
27 | {Name: "function_keys", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
28 | {Name: "ime", Type: arrow.BinaryTypes.String, Nullable: true},
29 | {Name: "keyboard_layout", Type: arrow.BinaryTypes.String, Nullable: true},
30 | {Name: "keyboard_subtype", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
31 | {Name: "keyboard_type", Type: arrow.BinaryTypes.String, Nullable: true},
32 | }
33 |
34 | var KeyboardInformationStruct = arrow.StructOf(KeyboardInformationFields...)
35 |
36 | var KeyboardInformationSchema = arrow.NewSchema(KeyboardInformationFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/kill_chain_phase.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type KillChainPhase struct {
9 |
10 | // Kill Chain Phase: The cyber kill chain phase.
11 | Phase *string `json:"phase,omitempty" parquet:"phase,optional"`
12 |
13 | // Kill Chain Phase ID: The cyber kill chain phase identifier.
14 | PhaseId int32 `json:"phase_id" parquet:"phase_id"`
15 | }
16 |
17 | var KillChainPhaseFields = []arrow.Field{
18 | {Name: "phase", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "phase_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
20 | }
21 |
22 | var KillChainPhaseStruct = arrow.StructOf(KillChainPhaseFields...)
23 |
24 | var KillChainPhaseSchema = arrow.NewSchema(KillChainPhaseFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/long_string.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type LongString struct {
9 |
10 | // Is Truncated: Indicates that value has been truncated. May be omitted if truncation has not occurred.
11 | IsTruncated *bool `json:"is_truncated,omitempty" parquet:"is_truncated,optional"`
12 |
13 | // Untruncated Size: The size in bytes of the string represented by value before truncation. Should be omitted if truncation has not occurred.
14 | UntruncatedSize *int32 `json:"untruncated_size,omitempty" parquet:"untruncated_size,optional"`
15 |
16 | // Value: The string value, truncated if is_truncated is true.
17 | Value string `json:"value" parquet:"value"`
18 | }
19 |
20 | var LongStringFields = []arrow.Field{
21 | {Name: "is_truncated", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
22 | {Name: "untruncated_size", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
23 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
24 | }
25 |
26 | var LongStringStruct = arrow.StructOf(LongStringFields...)
27 |
28 | var LongStringSchema = arrow.NewSchema(LongStringFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/malware.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Malware struct {
9 |
10 | // Classification IDs: The list of normalized identifiers of the malware classifications. Reference: STIX Malware Types
11 | ClassificationIds []int32 `json:"classification_ids" parquet:"classification_ids,list"`
12 |
13 | // Classifications: The list of malware classifications, normalized to the captions of the classification_ids values. In the case of 'Other', they are defined by the event source.
14 | Classifications []string `json:"classifications,omitempty" parquet:"classifications,optional,list"`
15 |
16 | // CVE List: List of Common Vulnerabilities and Exposures (CVE).
17 | Cves []*CVE `json:"cves,omitempty" parquet:"cves,optional,list"`
18 |
19 | // Name: The malware name, as reported by the detection engine.
20 | Name *string `json:"name,omitempty" parquet:"name,optional"`
21 |
22 | // Path: The filesystem path of the malware that was observed.
23 | Path *string `json:"path,omitempty" parquet:"path,optional"`
24 |
25 | // Provider: The provider of the malware information.
26 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
27 |
28 | // Unique ID: The malware unique identifier, as reported by the detection engine. For example a virus id or an IPS signature id.
29 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
30 | }
31 |
32 | var MalwareFields = []arrow.Field{
33 | {Name: "classification_ids", Type: arrow.ListOf(arrow.PrimitiveTypes.Int32), Nullable: false},
34 | {Name: "classifications", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
35 | {Name: "cves", Type: arrow.ListOf(CVEStruct), Nullable: true},
36 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var MalwareStruct = arrow.StructOf(MalwareFields...)
43 |
44 | var MalwareSchema = arrow.NewSchema(MalwareFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/metric.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Metric struct {
9 |
10 | // Name: The name of the metric.
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Value: The value of the metric.
14 | Value string `json:"value" parquet:"value"`
15 | }
16 |
17 | var MetricFields = []arrow.Field{
18 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
19 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: false},
20 | }
21 |
22 | var MetricStruct = arrow.StructOf(MetricFields...)
23 |
24 | var MetricSchema = arrow.NewSchema(MetricFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/module.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Module struct {
9 |
10 | // Base Address: The memory address where the module was loaded.
11 | BaseAddress *string `json:"base_address,omitempty" parquet:"base_address,optional"`
12 |
13 | // File: The module file object.
14 | File *File `json:"file,omitempty" parquet:"file,optional"`
15 |
16 | // Function Name: The entry-point function of the module. The system calls the entry-point function whenever a process or thread loads or unloads the module.
17 | FunctionName *string `json:"function_name,omitempty" parquet:"function_name,optional"`
18 |
19 | // Load Type: The load type, normalized to the caption of the load_type_id value. In the case of 'Other', it is defined by the event source.
20 | LoadType *string `json:"load_type,omitempty" parquet:"load_type,optional"`
21 |
22 | // Load Type ID: The normalized identifier for how the module was loaded in memory.
23 | LoadTypeId int32 `json:"load_type_id" parquet:"load_type_id"`
24 |
25 | // Start Address: The start address of the execution.
26 | StartAddress *string `json:"start_address,omitempty" parquet:"start_address,optional"`
27 |
28 | // Type: The module type.
29 | Type *string `json:"type,omitempty" parquet:"type,optional"`
30 | }
31 |
32 | var ModuleFields = []arrow.Field{
33 | {Name: "base_address", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "file", Type: FileStruct, Nullable: true},
35 | {Name: "function_name", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "load_type", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "load_type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
38 | {Name: "start_address", Type: arrow.BinaryTypes.String, Nullable: true},
39 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var ModuleStruct = arrow.StructOf(ModuleFields...)
43 |
44 | var ModuleSchema = arrow.NewSchema(ModuleFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/network_interface.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type NetworkInterface struct {
9 |
10 | // Hostname: The hostname associated with the network interface.
11 | Hostname *string `json:"hostname,omitempty" parquet:"hostname,optional"`
12 |
13 | // IP Address: The IP address associated with the network interface.
14 | Ip *string `json:"ip,omitempty" parquet:"ip,optional"`
15 |
16 | // MAC Address: The MAC address of the network interface.
17 | Mac *string `json:"mac,omitempty" parquet:"mac,optional"`
18 |
19 | // Name: The name of the network interface.
20 | Name *string `json:"name,omitempty" parquet:"name,optional"`
21 |
22 | // Namespace: The namespace is useful in merger or acquisition situations. For example, when similar entities exist that you need to keep separate.
23 | Namespace *string `json:"namespace,omitempty" parquet:"namespace,optional"`
24 |
25 | // Subnet Prefix Length: The subnet prefix length determines the number of bits used to represent the network part of the IP address. The remaining bits are reserved for identifying individual hosts within that subnet.
26 | SubnetPrefix *int32 `json:"subnet_prefix,omitempty" parquet:"subnet_prefix,optional"`
27 |
28 | // Type: The type of network interface.
29 | Type *string `json:"type,omitempty" parquet:"type,optional"`
30 |
31 | // Type ID: The network interface type identifier.
32 | TypeId int32 `json:"type_id" parquet:"type_id"`
33 |
34 | // Unique ID: The unique identifier for the network interface.
35 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
36 | }
37 |
38 | var NetworkInterfaceFields = []arrow.Field{
39 | {Name: "hostname", Type: arrow.BinaryTypes.String, Nullable: true},
40 | {Name: "ip", Type: arrow.BinaryTypes.String, Nullable: true},
41 | {Name: "mac", Type: arrow.BinaryTypes.String, Nullable: true},
42 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "namespace", Type: arrow.BinaryTypes.String, Nullable: true},
44 | {Name: "subnet_prefix", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
45 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
46 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
47 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
48 | }
49 |
50 | var NetworkInterfaceStruct = arrow.StructOf(NetworkInterfaceFields...)
51 |
52 | var NetworkInterfaceSchema = arrow.NewSchema(NetworkInterfaceFields, nil)
53 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/object.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Object struct {
9 | }
10 |
11 | var ObjectFields = []arrow.Field{}
12 |
13 | var ObjectStruct = arrow.StructOf(ObjectFields...)
14 |
15 | var ObjectSchema = arrow.NewSchema(ObjectFields, nil)
16 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/observable.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Observable struct {
9 |
10 | // Name: The full name of the observable attribute. The name is a pointer/reference to an attribute within the OCSF event data. For example: file.name.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Reputation Scores: Contains the original and normalized reputation scores.
14 | Reputation *Reputation `json:"reputation,omitempty" parquet:"reputation,optional"`
15 |
16 | // Type: The observable value type name.
17 | Type *string `json:"type,omitempty" parquet:"type,optional"`
18 |
19 | // Type ID: The observable value type identifier.
20 | TypeId int32 `json:"type_id" parquet:"type_id"`
21 |
22 | // Value: The value associated with the observable attribute. The meaning of the value depends on the observable type.
If the name refers to a scalar attribute, then the value is the value of the attribute.
If the name refers to an object attribute, then the value is not populated.
23 | Value *string `json:"value,omitempty" parquet:"value,optional"`
24 | }
25 |
26 | var ObservableFields = []arrow.Field{
27 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
28 | {Name: "reputation", Type: ReputationStruct, Nullable: true},
29 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
30 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
31 | {Name: "value", Type: arrow.BinaryTypes.String, Nullable: true},
32 | }
33 |
34 | var ObservableStruct = arrow.StructOf(ObservableFields...)
35 |
36 | var ObservableSchema = arrow.NewSchema(ObservableFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/organization.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Organization struct {
9 |
10 | // Name: The name of the organization, Oracle Cloud Tenancy, Google Cloud Organization, or AWS Organization. For example, Widget, Inc. or the AWS Organization name .
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Org Unit Name: The name of an organizational unit, Google Cloud Folder, or AWS Org Unit. For example, the GCP Project Name , or Dev_Prod_OU .
14 | OuName *string `json:"ou_name,omitempty" parquet:"ou_name,optional"`
15 |
16 | // Org Unit ID: The unique identifier of an organizational unit, Google Cloud Folder, or AWS Org Unit. For example, an Oracle Cloud Tenancy ID , AWS OU ID , or GCP Folder ID .
17 | OuUid *string `json:"ou_uid,omitempty" parquet:"ou_uid,optional"`
18 |
19 | // Unique ID: The unique identifier of the organization, Oracle Cloud Tenancy, Google Cloud Organization, or AWS Organization. For example, an AWS Org ID or Oracle Cloud Domain ID .
20 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
21 | }
22 |
23 | var OrganizationFields = []arrow.Field{
24 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
25 | {Name: "ou_name", Type: arrow.BinaryTypes.String, Nullable: true},
26 | {Name: "ou_uid", Type: arrow.BinaryTypes.String, Nullable: true},
27 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var OrganizationStruct = arrow.StructOf(OrganizationFields...)
31 |
32 | var OrganizationSchema = arrow.NewSchema(OrganizationFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/peripheral_device.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type PeripheralDevice struct {
9 |
10 | // Class: The class of the peripheral device.
11 | Class string `json:"class" parquet:"class"`
12 |
13 | // Model: The peripheral device model.
14 | Model *string `json:"model,omitempty" parquet:"model,optional"`
15 |
16 | // Name: The name of the peripheral device.
17 | Name string `json:"name" parquet:"name"`
18 |
19 | // Serial Number: The peripheral device serial number.
20 | SerialNumber *string `json:"serial_number,omitempty" parquet:"serial_number,optional"`
21 |
22 | // Unique ID: The unique identifier of the peripheral device.
23 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
24 |
25 | // Vendor Name: The peripheral device vendor.
26 | VendorName *string `json:"vendor_name,omitempty" parquet:"vendor_name,optional"`
27 | }
28 |
29 | var PeripheralDeviceFields = []arrow.Field{
30 | {Name: "class", Type: arrow.BinaryTypes.String, Nullable: false},
31 | {Name: "model", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
33 | {Name: "serial_number", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "vendor_name", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var PeripheralDeviceStruct = arrow.StructOf(PeripheralDeviceFields...)
39 |
40 | var PeripheralDeviceSchema = arrow.NewSchema(PeripheralDeviceFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/policy.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Policy struct {
9 |
10 | // Description: The description of the policy.
11 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
12 |
13 | // Group: The policy group.
14 | Group *Group `json:"group,omitempty" parquet:"group,optional"`
15 |
16 | // Applied: A determination if the content of a policy was applied to a target or request, or not.
17 | IsApplied *bool `json:"is_applied,omitempty" parquet:"is_applied,optional"`
18 |
19 | // Name: The policy name. For example: IAM Policy.
20 | Name *string `json:"name,omitempty" parquet:"name,optional"`
21 |
22 | // Unique ID: A unique identifier of the policy instance.
23 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
24 |
25 | // Version: The policy version number.
26 | Version *string `json:"version,omitempty" parquet:"version,optional"`
27 | }
28 |
29 | var PolicyFields = []arrow.Field{
30 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "group", Type: GroupStruct, Nullable: true},
32 | {Name: "is_applied", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
33 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var PolicyStruct = arrow.StructOf(PolicyFields...)
39 |
40 | var PolicySchema = arrow.NewSchema(PolicyFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/process_entity.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type ProcessEntity struct {
9 |
10 | // Command Line: The full command line used to launch an application, service, process, or job. For example: ssh user@10.0.0.10. If the command line is unavailable or missing, the empty string ” is to be used.
11 | CmdLine *string `json:"cmd_line,omitempty" parquet:"cmd_line,optional"`
12 |
13 | // Created Time: The time when the process was created/started.
14 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
15 |
16 | // Name: The friendly name of the process, for example: Notepad++.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Path: The process file path.
20 | Path *string `json:"path,omitempty" parquet:"path,optional"`
21 |
22 | // Process ID: The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process.
23 | Pid *int32 `json:"pid,omitempty" parquet:"pid,optional"`
24 |
25 | // Unique ID: A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process.
26 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | }
28 |
29 | var ProcessEntityFields = []arrow.Field{
30 | {Name: "cmd_line", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
32 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "pid", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
35 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var ProcessEntityStruct = arrow.StructOf(ProcessEntityFields...)
39 |
40 | var ProcessEntitySchema = arrow.NewSchema(ProcessEntityFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/query_info.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type QueryInformation struct {
9 |
10 | // Total Bytes: The size of the data returned from the query.
11 | Bytes *int64 `json:"bytes,omitempty" parquet:"bytes,optional"`
12 |
13 | // Data: The data returned from the query execution.
14 | Data *string `json:"data,omitempty" parquet:"data,optional"`
15 |
16 | // Name: The query name for a saved or scheduled query.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Query String: A string representing the query code being run. For example: SELECT * FROM my_table
20 | QueryString string `json:"query_string" parquet:"query_string"`
21 |
22 | // Query Time: The time when the query was run.
23 | QueryTime *int64 `json:"query_time,omitempty" parquet:"query_time,optional"`
24 |
25 | // Unique ID: The unique identifier of the query.
26 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
27 | }
28 |
29 | var QueryInformationFields = []arrow.Field{
30 | {Name: "bytes", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
31 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "query_string", Type: arrow.BinaryTypes.String, Nullable: false},
34 | {Name: "query_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
35 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var QueryInformationStruct = arrow.StructOf(QueryInformationFields...)
39 |
40 | var QueryInformationSchema = arrow.NewSchema(QueryInformationFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/reg_key.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type RegistryKey struct {
9 |
10 | // System: The indication of whether the object is part of the operating system.
11 | IsSystem *bool `json:"is_system,omitempty" parquet:"is_system,optional"`
12 |
13 | // Modified Time: The time when the registry key was last modified.
14 | ModifiedTime *int64 `json:"modified_time,omitempty" parquet:"modified_time,optional"`
15 |
16 | // Path: The full path to the registry key.
17 | Path string `json:"path" parquet:"path"`
18 |
19 | // Security Descriptor: The security descriptor of the registry key.
20 | SecurityDescriptor *string `json:"security_descriptor,omitempty" parquet:"security_descriptor,optional"`
21 | }
22 |
23 | var RegistryKeyFields = []arrow.Field{
24 | {Name: "is_system", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
25 | {Name: "modified_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
26 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: false},
27 | {Name: "security_descriptor", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var RegistryKeyStruct = arrow.StructOf(RegistryKeyFields...)
31 |
32 | var RegistryKeySchema = arrow.NewSchema(RegistryKeyFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/reg_value.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type RegistryValue struct {
9 |
10 | // Data: The data of the registry value.
11 | Data *string `json:"data,omitempty" parquet:"data,optional"`
12 |
13 | // Default Value: The indication of whether the value is from a default value name. For example, the value name could be missing.
14 | IsDefault *bool `json:"is_default,omitempty" parquet:"is_default,optional"`
15 |
16 | // System: The indication of whether the object is part of the operating system.
17 | IsSystem *bool `json:"is_system,omitempty" parquet:"is_system,optional"`
18 |
19 | // Modified Time: The time when the registry value was last modified.
20 | ModifiedTime *int64 `json:"modified_time,omitempty" parquet:"modified_time,optional"`
21 |
22 | // Name: The name of the registry value.
23 | Name string `json:"name" parquet:"name"`
24 |
25 | // Path: The full path to the registry key, where the value is located.
26 | Path string `json:"path" parquet:"path"`
27 |
28 | // Type: A string representation of the value type as specified in Registry Value Types.
29 | Type *string `json:"type,omitempty" parquet:"type,optional"`
30 |
31 | // Type ID: The value type ID.
32 | TypeId *int32 `json:"type_id,omitempty" parquet:"type_id,optional"`
33 | }
34 |
35 | var RegistryValueFields = []arrow.Field{
36 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "is_default", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
38 | {Name: "is_system", Type: arrow.FixedWidthTypes.Boolean, Nullable: true},
39 | {Name: "modified_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
40 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
41 | {Name: "path", Type: arrow.BinaryTypes.String, Nullable: false},
42 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
43 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
44 | }
45 |
46 | var RegistryValueStruct = arrow.StructOf(RegistryValueFields...)
47 |
48 | var RegistryValueSchema = arrow.NewSchema(RegistryValueFields, nil)
49 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/remediation.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Remediation struct {
9 |
10 | // Description: The description of the remediation strategy.
11 | Desc string `json:"desc" parquet:"desc"`
12 |
13 | // Knowledgebase Articles: A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.
14 | KbArticleList []*KBArticle `json:"kb_article_list,omitempty" parquet:"kb_article_list,optional,list"`
15 |
16 | // References: A list of supporting URL/s, references that help describe the remediation strategy.
17 | References []string `json:"references,omitempty" parquet:"references,optional,list"`
18 | }
19 |
20 | var RemediationFields = []arrow.Field{
21 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: false},
22 | {Name: "kb_article_list", Type: arrow.ListOf(KBArticleStruct), Nullable: true},
23 | {Name: "references", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
24 | }
25 |
26 | var RemediationStruct = arrow.StructOf(RemediationFields...)
27 |
28 | var RemediationSchema = arrow.NewSchema(RemediationFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/reputation.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Reputation struct {
9 |
10 | // Reputation Score: The reputation score as reported by the event source.
11 | BaseScore float64 `json:"base_score" parquet:"base_score"`
12 |
13 | // Provider: The provider of the reputation information.
14 | Provider *string `json:"provider,omitempty" parquet:"provider,optional"`
15 |
16 | // Reputation Score: The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source.
17 | Score *string `json:"score,omitempty" parquet:"score,optional"`
18 |
19 | // Reputation Score ID: The normalized reputation score identifier.
20 | ScoreId int32 `json:"score_id" parquet:"score_id"`
21 | }
22 |
23 | var ReputationFields = []arrow.Field{
24 | {Name: "base_score", Type: arrow.PrimitiveTypes.Float64, Nullable: false},
25 | {Name: "provider", Type: arrow.BinaryTypes.String, Nullable: true},
26 | {Name: "score", Type: arrow.BinaryTypes.String, Nullable: true},
27 | {Name: "score_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
28 | }
29 |
30 | var ReputationStruct = arrow.StructOf(ReputationFields...)
31 |
32 | var ReputationSchema = arrow.NewSchema(ReputationFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/request.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type RequestElements struct {
9 |
10 | // Containers: When working with containerized applications, the set of containers which write to the standard the output of a particular logging driver. For example, this may be the set of containers involved in handling api requests and responses for a containerized application.
11 | Containers []*Container `json:"containers,omitempty" parquet:"containers,optional,list"`
12 |
13 | // Data: The additional data that is associated with the api request.
14 | Data *string `json:"data,omitempty" parquet:"data,optional"`
15 |
16 | // Flags: The communication flags that are associated with the api request.
17 | Flags []string `json:"flags,omitempty" parquet:"flags,optional,list"`
18 |
19 | // Unique ID: The unique request identifier.
20 | Uid string `json:"uid" parquet:"uid"`
21 | }
22 |
23 | var RequestElementsFields = []arrow.Field{
24 | {Name: "containers", Type: arrow.ListOf(ContainerStruct), Nullable: true},
25 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
26 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
27 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: false},
28 | }
29 |
30 | var RequestElementsStruct = arrow.StructOf(RequestElementsFields...)
31 |
32 | var RequestElementsSchema = arrow.NewSchema(RequestElementsFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/response.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type ResponseElements struct {
9 |
10 | // Response Code: The numeric response sent to a request.
11 | Code *int32 `json:"code,omitempty" parquet:"code,optional"`
12 |
13 | // Containers: When working with containerized applications, the set of containers which write to the standard the output of a particular logging driver. For example, this may be the set of containers involved in handling api requests and responses for a containerized application.
14 | Containers []*Container `json:"containers,omitempty" parquet:"containers,optional,list"`
15 |
16 | // Data: The additional data that is associated with the api response.
17 | Data *string `json:"data,omitempty" parquet:"data,optional"`
18 |
19 | // Error Code: Error Code
20 | Error *string `json:"error,omitempty" parquet:"error,optional"`
21 |
22 | // Error Message: Error Message
23 | ErrorMessage *string `json:"error_message,omitempty" parquet:"error_message,optional"`
24 |
25 | // Flags: The communication flags that are associated with the api response.
26 | Flags []string `json:"flags,omitempty" parquet:"flags,optional,list"`
27 |
28 | // Message: The description of the event/finding, as defined by the source.
29 | Message *string `json:"message,omitempty" parquet:"message,optional"`
30 | }
31 |
32 | var ResponseElementsFields = []arrow.Field{
33 | {Name: "code", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
34 | {Name: "containers", Type: arrow.ListOf(ContainerStruct), Nullable: true},
35 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
36 | {Name: "error", Type: arrow.BinaryTypes.String, Nullable: true},
37 | {Name: "error_message", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "flags", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
39 | {Name: "message", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var ResponseElementsStruct = arrow.StructOf(ResponseElementsFields...)
43 |
44 | var ResponseElementsSchema = arrow.NewSchema(ResponseElementsFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/rpc_interface.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type RPCInterface struct {
9 |
10 | // Acknowledgement Reason: An integer that provides a reason code or additional information about the acknowledgment result.
11 | AckReason *int32 `json:"ack_reason,omitempty" parquet:"ack_reason,optional"`
12 |
13 | // Acknowledgement Result: An integer that denotes the acknowledgment result of the DCE/RPC call.
14 | AckResult *int32 `json:"ack_result,omitempty" parquet:"ack_result,optional"`
15 |
16 | // UUID: The unique identifier of the particular remote procedure or service.
17 | Uuid string `json:"uuid" parquet:"uuid"`
18 |
19 | // Version: The version of the DCE/RPC protocol being used in the session.
20 | Version string `json:"version" parquet:"version"`
21 | }
22 |
23 | var RPCInterfaceFields = []arrow.Field{
24 | {Name: "ack_reason", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
25 | {Name: "ack_result", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
26 | {Name: "uuid", Type: arrow.BinaryTypes.String, Nullable: false},
27 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: false},
28 | }
29 |
30 | var RPCInterfaceStruct = arrow.StructOf(RPCInterfaceFields...)
31 |
32 | var RPCInterfaceSchema = arrow.NewSchema(RPCInterfaceFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/rule.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Rule struct {
9 |
10 | // Category: The rule category.
11 | Category *string `json:"category,omitempty" parquet:"category,optional"`
12 |
13 | // Description: The description of the rule that generated the event.
14 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
15 |
16 | // Name: The name of the rule that generated the event.
17 | Name *string `json:"name,omitempty" parquet:"name,optional"`
18 |
19 | // Type: The rule type.
20 | Type *string `json:"type,omitempty" parquet:"type,optional"`
21 |
22 | // Unique ID: The unique identifier of the rule that generated the event.
23 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
24 |
25 | // Version: The rule version. For example: 1.1.
26 | Version *string `json:"version,omitempty" parquet:"version,optional"`
27 | }
28 |
29 | var RuleFields = []arrow.Field{
30 | {Name: "category", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
32 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
33 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
34 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
36 | }
37 |
38 | var RuleStruct = arrow.StructOf(RuleFields...)
39 |
40 | var RuleSchema = arrow.NewSchema(RuleFields, nil)
41 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/san.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type SubjectAlternativeName struct {
9 |
10 | // Name: Name of SAN (e.g. The actual IP Address or domain.)
11 | Name string `json:"name" parquet:"name"`
12 |
13 | // Type: Type descriptor of SAN (e.g. IP Address/domain/etc.)
14 | Type string `json:"type" parquet:"type"`
15 | }
16 |
17 | var SubjectAlternativeNameFields = []arrow.Field{
18 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: false},
19 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: false},
20 | }
21 |
22 | var SubjectAlternativeNameStruct = arrow.StructOf(SubjectAlternativeNameFields...)
23 |
24 | var SubjectAlternativeNameSchema = arrow.NewSchema(SubjectAlternativeNameFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/sbom.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type SoftwareBillofMaterials struct {
9 |
10 | // Created Time: The time when the SBOM was created.
11 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
12 |
13 | // Software Package: The device software that is being discovered by an inventory process.
14 | Package SoftwarePackage `json:"package" parquet:"package"`
15 |
16 | // Product: The product that generated the SBOM e.g. cdxgen or Syft.
17 | Product *Product `json:"product,omitempty" parquet:"product,optional"`
18 |
19 | // Software Components: The list of software components used in the software package.
20 | SoftwareComponents []SoftwareComponent `json:"software_components" parquet:"software_components,list"`
21 | }
22 |
23 | var SoftwareBillofMaterialsFields = []arrow.Field{
24 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
25 | {Name: "package", Type: SoftwarePackageStruct, Nullable: false},
26 | {Name: "product", Type: ProductStruct, Nullable: true},
27 | {Name: "software_components", Type: arrow.ListOf(SoftwareComponentStruct), Nullable: false},
28 | }
29 |
30 | var SoftwareBillofMaterialsStruct = arrow.StructOf(SoftwareBillofMaterialsFields...)
31 |
32 | var SoftwareBillofMaterialsSchema = arrow.NewSchema(SoftwareBillofMaterialsFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/scan.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Scan struct {
9 |
10 | // Name: The administrator-supplied or application-generated name of the scan. For example: "Home office weekly user database scan", "Scan folders for viruses", "Full system virus scan"
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Type: The type of scan.
14 | Type *string `json:"type,omitempty" parquet:"type,optional"`
15 |
16 | // Type ID: The type id of the scan.
17 | TypeId int32 `json:"type_id" parquet:"type_id"`
18 |
19 | // Scan UID: The application-defined unique identifier assigned to an instance of a scan.
20 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
21 | }
22 |
23 | var ScanFields = []arrow.Field{
24 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
25 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
26 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
27 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
28 | }
29 |
30 | var ScanStruct = arrow.StructOf(ScanFields...)
31 |
32 | var ScanSchema = arrow.NewSchema(ScanFields, nil)
33 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/security_state.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type SecurityState struct {
9 |
10 | // Security State: The security state, normalized to the caption of the state_id value. In the case of 'Other', it is defined by the source.
11 | State *string `json:"state,omitempty" parquet:"state,optional"`
12 |
13 | // Security State ID: The security state of the managed entity.
14 | StateId *int32 `json:"state_id,omitempty" parquet:"state_id,optional"`
15 | }
16 |
17 | var SecurityStateFields = []arrow.Field{
18 | {Name: "state", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "state_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | }
21 |
22 | var SecurityStateStruct = arrow.StructOf(SecurityStateFields...)
23 |
24 | var SecurityStateSchema = arrow.NewSchema(SecurityStateFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/service.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Service struct {
9 |
10 | // Labels: The list of labels associated with the service.
11 | Labels []string `json:"labels,omitempty" parquet:"labels,optional,list"`
12 |
13 | // Name: The name of the service.
14 | Name *string `json:"name,omitempty" parquet:"name,optional"`
15 |
16 | // Tags: The list of tags; {key:value} pairs associated to the service.
17 | Tags []*KeyValueobject `json:"tags,omitempty" parquet:"tags,optional,list"`
18 |
19 | // Unique ID: The unique identifier of the service.
20 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
21 |
22 | // Version: The version of the service.
23 | Version *string `json:"version,omitempty" parquet:"version,optional"`
24 | }
25 |
26 | var ServiceFields = []arrow.Field{
27 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
28 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
29 | {Name: "tags", Type: arrow.ListOf(KeyValueobjectStruct), Nullable: true},
30 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
31 | {Name: "version", Type: arrow.BinaryTypes.String, Nullable: true},
32 | }
33 |
34 | var ServiceStruct = arrow.StructOf(ServiceFields...)
35 |
36 | var ServiceSchema = arrow.NewSchema(ServiceFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/sub_technique.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITREATTCKSubTechnique struct {
9 |
10 | // Name: The name of the attack sub technique, as defined by ATT&CK® Matrix. For example: Scanning IP Blocks.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Source URL: The versioned permalink of the attack sub technique, as defined by ATT&CK® Matrix. For example: https://attack.mitre.org/versions/v14/techniques/T1595/001/.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // Unique ID: The unique identifier of the attack sub technique, as defined by ATT&CK® Matrix. For example: T1595.001.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var MITREATTCKSubTechniqueFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITREATTCKSubTechniqueStruct = arrow.StructOf(MITREATTCKSubTechniqueFields...)
27 |
28 | var MITREATTCKSubTechniqueSchema = arrow.NewSchema(MITREATTCKSubTechniqueFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/table.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Table struct {
9 |
10 | // Created Time: The time when the table was known to have been created.
11 | CreatedTime *int64 `json:"created_time,omitempty" parquet:"created_time,optional"`
12 |
13 | // Description: The description of the table.
14 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
15 |
16 | // Groups: The group names to which the table belongs.
17 | Groups []*Group `json:"groups,omitempty" parquet:"groups,optional,list"`
18 |
19 | // Modified Time: The most recent time when any changes, updates, or modifications were made within the table.
20 | ModifiedTime *int64 `json:"modified_time,omitempty" parquet:"modified_time,optional"`
21 |
22 | // Name: The table name, ordinarily as assigned by a database administrator.
23 | Name *string `json:"name,omitempty" parquet:"name,optional"`
24 |
25 | // Size: The size of the data table in bytes.
26 | Size *int64 `json:"size,omitempty" parquet:"size,optional"`
27 |
28 | // Unique ID: The unique identifier of the table.
29 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
30 | }
31 |
32 | var TableFields = []arrow.Field{
33 | {Name: "created_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
34 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
35 | {Name: "groups", Type: arrow.ListOf(GroupStruct), Nullable: true},
36 | {Name: "modified_time", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
37 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
38 | {Name: "size", Type: arrow.PrimitiveTypes.Int64, Nullable: true},
39 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
40 | }
41 |
42 | var TableStruct = arrow.StructOf(TableFields...)
43 |
44 | var TableSchema = arrow.NewSchema(TableFields, nil)
45 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/tactic.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITREATTCKTactic struct {
9 |
10 | // Name: The tactic name that is associated with the attack technique, as defined by ATT&CK® Matrix. For example: Reconnaissance.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Source URL: The versioned permalink of the attack tactic, as defined by ATT&CK® Matrix. For example: https://attack.mitre.org/versions/v14/tactics/TA0043/.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // Unique ID: The tactic ID that is associated with the attack technique, as defined by ATT&CK® Matrix. For example: TA0043.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var MITREATTCKTacticFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITREATTCKTacticStruct = arrow.StructOf(MITREATTCKTacticFields...)
27 |
28 | var MITREATTCKTacticSchema = arrow.NewSchema(MITREATTCKTacticFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/technique.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type MITREATTCKTechnique struct {
9 |
10 | // Name: The name of the attack technique, as defined by ATT&CK® Matrix. For example: Active Scanning.
11 | Name *string `json:"name,omitempty" parquet:"name,optional"`
12 |
13 | // Source URL: The versioned permalink of the attack technique, as defined by ATT&CK® Matrix. For example: https://attack.mitre.org/versions/v14/techniques/T1595/.
14 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
15 |
16 | // Unique ID: The unique identifier of the attack technique, as defined by ATT&CK® Matrix. For example: T1595.
17 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
18 | }
19 |
20 | var MITREATTCKTechniqueFields = []arrow.Field{
21 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
24 | }
25 |
26 | var MITREATTCKTechniqueStruct = arrow.StructOf(MITREATTCKTechniqueFields...)
27 |
28 | var MITREATTCKTechniqueSchema = arrow.NewSchema(MITREATTCKTechniqueFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/ticket.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type Ticket struct {
9 |
10 | // Source URL: The url of a ticket in the ticket system.
11 | SrcUrl *string `json:"src_url,omitempty" parquet:"src_url,optional"`
12 |
13 | // Title: The title of the ticket.
14 | Title *string `json:"title,omitempty" parquet:"title,optional"`
15 |
16 | // Ticket Type: The linked ticket type determines whether the ticket is internal or in an external ticketing system.
17 | Type *string `json:"type,omitempty" parquet:"type,optional"`
18 |
19 | // Ticket Type ID: The normalized identifier for the ticket type.
20 | TypeId *int32 `json:"type_id,omitempty" parquet:"type_id,optional"`
21 |
22 | // Unique ID: Unique ticket identifier like ticket id.
23 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
24 | }
25 |
26 | var TicketFields = []arrow.Field{
27 | {Name: "src_url", Type: arrow.BinaryTypes.String, Nullable: true},
28 | {Name: "title", Type: arrow.BinaryTypes.String, Nullable: true},
29 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
30 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
31 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
32 | }
33 |
34 | var TicketStruct = arrow.StructOf(TicketFields...)
35 |
36 | var TicketSchema = arrow.NewSchema(TicketFields, nil)
37 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/tls_extension.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type TLSExtension struct {
9 |
10 | // Data: The data contains information specific to the particular extension type.
11 | Data *string `json:"data,omitempty" parquet:"data,optional"`
12 |
13 | // Type: The TLS extension type. For example: Server Name.
14 | Type *string `json:"type,omitempty" parquet:"type,optional"`
15 |
16 | // Type ID: The TLS extension type identifier. See The Transport Layer Security (TLS) extension page.
17 | TypeId int32 `json:"type_id" parquet:"type_id"`
18 | }
19 |
20 | var TLSExtensionFields = []arrow.Field{
21 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
22 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
23 | {Name: "type_id", Type: arrow.PrimitiveTypes.Int32, Nullable: false},
24 | }
25 |
26 | var TLSExtensionStruct = arrow.StructOf(TLSExtensionFields...)
27 |
28 | var TLSExtensionSchema = arrow.NewSchema(TLSExtensionFields, nil)
29 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/vendor_attributes.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type VendorAttributes struct {
9 |
10 | // Severity: The finding severity, as reported by the Vendor (Finding Provider). The value should be normalized to the caption of the severity_id value. In the case of 'Other', it is defined by the source.
11 | Severity *string `json:"severity,omitempty" parquet:"severity,optional"`
12 |
13 | // Severity ID: The finding severity ID, as reported by the Vendor (Finding Provider).
14 | SeverityId *int32 `json:"severity_id,omitempty" parquet:"severity_id,optional"`
15 | }
16 |
17 | var VendorAttributesFields = []arrow.Field{
18 | {Name: "severity", Type: arrow.BinaryTypes.String, Nullable: true},
19 | {Name: "severity_id", Type: arrow.PrimitiveTypes.Int32, Nullable: true},
20 | }
21 |
22 | var VendorAttributesStruct = arrow.StructOf(VendorAttributesFields...)
23 |
24 | var VendorAttributesSchema = arrow.NewSchema(VendorAttributesFields, nil)
25 |
--------------------------------------------------------------------------------
/ocsf/v1_4_0/web_resource.go:
--------------------------------------------------------------------------------
1 | // autogenerated by scripts/model_gen.go. DO NOT EDIT
2 | package v1_4_0
3 |
4 | import (
5 | "github.com/apache/arrow-go/v18/arrow"
6 | )
7 |
8 | type WebResource struct {
9 |
10 | // Data: Details of the web resource, e.g, file details, search results or application-defined resource.
11 | Data *string `json:"data,omitempty" parquet:"data,optional"`
12 |
13 | // Data Classification: A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
14 | DataClassifications []*DataClassification `json:"data_classifications,omitempty" parquet:"data_classifications,optional,list"`
15 |
16 | // Description: Description of the web resource.
17 | Desc *string `json:"desc,omitempty" parquet:"desc,optional"`
18 |
19 | // Labels: The list of labels associated to the resource.
20 | Labels []string `json:"labels,omitempty" parquet:"labels,optional,list"`
21 |
22 | // Name: The name of the web resource.
23 | Name *string `json:"name,omitempty" parquet:"name,optional"`
24 |
25 | // Tags: The list of tags; {key:value} pairs associated to the resource.
26 | Tags []*KeyValueobject `json:"tags,omitempty" parquet:"tags,optional,list"`
27 |
28 | // Type: The web resource type as defined by the event source.
29 | Type *string `json:"type,omitempty" parquet:"type,optional"`
30 |
31 | // Unique ID: The unique identifier of the web resource.
32 | Uid *string `json:"uid,omitempty" parquet:"uid,optional"`
33 |
34 | // URL String: The URL pointing towards the source of the web resource.
35 | UrlString *string `json:"url_string,omitempty" parquet:"url_string,optional"`
36 | }
37 |
38 | var WebResourceFields = []arrow.Field{
39 | {Name: "data", Type: arrow.BinaryTypes.String, Nullable: true},
40 | {Name: "data_classifications", Type: arrow.ListOf(DataClassificationStruct), Nullable: true},
41 | {Name: "desc", Type: arrow.BinaryTypes.String, Nullable: true},
42 | {Name: "labels", Type: arrow.ListOf(arrow.BinaryTypes.String), Nullable: true},
43 | {Name: "name", Type: arrow.BinaryTypes.String, Nullable: true},
44 | {Name: "tags", Type: arrow.ListOf(KeyValueobjectStruct), Nullable: true},
45 | {Name: "type", Type: arrow.BinaryTypes.String, Nullable: true},
46 | {Name: "uid", Type: arrow.BinaryTypes.String, Nullable: true},
47 | {Name: "url_string", Type: arrow.BinaryTypes.String, Nullable: true},
48 | }
49 |
50 | var WebResourceStruct = arrow.StructOf(WebResourceFields...)
51 |
52 | var WebResourceSchema = arrow.NewSchema(WebResourceFields, nil)
53 |
--------------------------------------------------------------------------------