-
Notifications
You must be signed in to change notification settings - Fork 215
Open
Description
I am not sure if this is a mistake, or how it should be interpreted, but event_category_type
can be found twice in the event attributes:
Name | Type | Description | Sample Value |
---|---|---|---|
event_category_type | string | A description of the event, which can help with categorization. If the vendor defines a category/grouping for its log. i.e. Zeek has a few category types for its many logs (network-protocols, network-observations, etc...). Example. sysmon event id 12 is EventType field is this. | network-protocols |
event_category_type | string | If the event contains a category, then this it. i.e For the Windows Security channel, this could be something such as Audit object access. For Zeek conn.log, this would be network-protocols. | Audit Object Access |
https://github.com/OTRF/OSSEM/blob/master/docs/cdm/entities/event.md?plain=1#L9-L10
Metadata
Metadata
Assignees
Labels
No labels