From cc008962370d03aed9dd1e2c4f975bb3ea77fb2d Mon Sep 17 00:00:00 2001 From: Michael Wenthold <61566003+miwent@users.noreply.github.com> Date: Tue, 18 Apr 2023 14:00:40 -0400 Subject: [PATCH 01/14] Revert "79 backwards alert severity level mapping" --- source/schema/entities/alerts_derived.csv | 2 +- source/schema/entities/destination_derived.csv | 4 ++-- source/schema/entities/event_derived.csv | 2 +- source/schema/entities/host_derived.csv | 4 ++-- source/schema/entities/source_derived.csv | 4 ++-- source/schema/entities/user_derived.csv | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/source/schema/entities/alerts_derived.csv b/source/schema/entities/alerts_derived.csv index 071853e..5d37482 100644 --- a/source/schema/entities/alerts_derived.csv +++ b/source/schema/entities/alerts_derived.csv @@ -1,3 +1,3 @@ "Field Name", "Example Values", "Field Type", "Notes" "alert_severity", "critical, high, medium, low, informational", "keyword", "Severity of Alert" -"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical" \ No newline at end of file +"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" \ No newline at end of file diff --git a/source/schema/entities/destination_derived.csv b/source/schema/entities/destination_derived.csv index efde1b4..4c59cf9 100644 --- a/source/schema/entities/destination_derived.csv +++ b/source/schema/entities/destination_derived.csv @@ -4,6 +4,6 @@ "destination_geo_*",,,"See: :ref:`geo_* fields `" "destination_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" -"destination_priority","critical, high, medium, low","keyword","Future: from entity mapping" -"destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical" +"destination_priority","critical, high, medium, low, informational","keyword","Future: from entity mapping" +"destination_priority_level","1-4","byte","1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" "destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Mapped from source_ip or source_hostname in that order" \ No newline at end of file diff --git a/source/schema/entities/event_derived.csv b/source/schema/entities/event_derived.csv index e209b14..64add49 100644 --- a/source/schema/entities/event_derived.csv +++ b/source/schema/entities/event_derived.csv @@ -3,4 +3,4 @@ "event_action_type","credential validation, logon, notice","keyword","This is a sub-type to event_action’s type field." "event_outcome","success, failure","keyword", "event_severity","critical, high, medium, low, informational","keyword", -"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical" \ No newline at end of file +"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message: 1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" \ No newline at end of file diff --git a/source/schema/entities/host_derived.csv b/source/schema/entities/host_derived.csv index 1419d9c..bb43947 100644 --- a/source/schema/entities/host_derived.csv +++ b/source/schema/entities/host_derived.csv @@ -4,7 +4,7 @@ "host_geo_*",,,"See: :ref:`geo_* fields `" "host_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" "host_mac","a0b44401a9d1","keyword","MAC address of host, non-delimited and lower case" -"host_priority","critical, high, medium, low","keyword","Future: from entity mapping" -"host_priority_level",2,"byte","Numeric value representing the priority of the host device, 1 = low, 2 = medium, 3 = high, 4 = critical" +"host_priority","critical, high, medium, low, informational","keyword","Future: from entity mapping" +"host_priority_level",2,"byte","Future: from entity mapping: 1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" "host_type",,"keyword","Machine “type”" "host_type_version",,"keyword","Version of the host_type being described - can be an OS version, etc." \ No newline at end of file diff --git a/source/schema/entities/source_derived.csv b/source/schema/entities/source_derived.csv index b73926e..88bb2d3 100644 --- a/source/schema/entities/source_derived.csv +++ b/source/schema/entities/source_derived.csv @@ -4,6 +4,6 @@ "source_geo_*",,,"See: :ref:`geo_* fields `" "source_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" "source_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" -"source_priority","critical, high, medium, low","keyword","Future: from entity mapping" -"source_priority_level","1-4","byte","Numeric value representing the priority of the source device, 1 = low, 2 = medium, 3 = high, 4 = critical" +"source_priority","critical, high, medium, low, informational","keyword","Future: from entity mapping" +"source_priority_level","1-5","byte","1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" "source_reference","IPv4,IPv6, hostname,fqdn","keyword (normalized:loweronly)","Mapped from source_ip or source_hostname in that order" \ No newline at end of file diff --git a/source/schema/entities/user_derived.csv b/source/schema/entities/user_derived.csv index ddd95f4..1fdef36 100644 --- a/source/schema/entities/user_derived.csv +++ b/source/schema/entities/user_derived.csv @@ -2,5 +2,5 @@ "user_category","vip, default account, finance, help desk","keyword","Future: From entity mapping" "user_name_mapped","Built in\Administrators","keyword/loweronly","When a user identity or identities is mapped from a source outside of the message itself it is written to this field. This is where Windows well-known SIDs are resolved." "user_priority","critical, high, medium, low","keyword","Future: From entity mapping" -"user_priority_level","1-4","byte","Numeric value representing the priority of the user account, 1 = low, 2 = medium, 3 = high, 4 = critical" +"user_priority_level","1-4","byte","1 = Critical, 2 = High, 3 = Medium, 4 = Low" "user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”" \ No newline at end of file From 662b8c555899b307e027bda2f73b22c25325bcd8 Mon Sep 17 00:00:00 2001 From: Michael Wenthold <61566003+miwent@users.noreply.github.com> Date: Fri, 28 Jul 2023 08:28:26 -0400 Subject: [PATCH 02/14] Update bug_report.md Remove some of the issue template sections that aren't applicable to the schema. --- .github/ISSUE_TEMPLATE/bug_report.md | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 1829902..16b72f4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -8,25 +8,10 @@ assignees: bud1979 --- **Describe the bug** -A clear and concise description of what the bug is. + -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. +**Optional: Suggested outcome** + **Graylog Version (please complete the following information):** -- Graylog Version: -- Elastic Version: -- Mongo Version: -- Illuminate Version: -- OS: - - Browser: +- Schema version: From 6f5cbed91be802976df9181eeffcb501c12bd07e Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:14:27 -0500 Subject: [PATCH 03/14] Create wifi.rst add rst file --- source/schema/entities/wifi.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 source/schema/entities/wifi.rst diff --git a/source/schema/entities/wifi.rst b/source/schema/entities/wifi.rst new file mode 100644 index 0000000..bc35056 --- /dev/null +++ b/source/schema/entities/wifi.rst @@ -0,0 +1,11 @@ +WiFi Fields +============ + + - For messages that are related to wireless connections. + + +.. csv-table:: WiFi Fields + :file: wifi.csv + :widths: 10, 15, 10, 65 + :header-rows: 1 + :delim: , From 51830366f8261a8ef1bf99d6b4177628ce788b09 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:17:09 -0500 Subject: [PATCH 04/14] Create wifi.csv added wifi.csv --- source/schema/entities/wifi.csv | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 source/schema/entities/wifi.csv diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv new file mode 100644 index 0000000..89322bf --- /dev/null +++ b/source/schema/entities/wifi.csv @@ -0,0 +1,21 @@ +"Field Name", "Example Values", "Field Type", "Notes" +"wifi_ssid","Guest_Access","keyword","The name of the broadcased network." +"wifi_frequency","2416","long","The f0 frequency for the selected band or channel frequency." +"wifi_frequency_unit","MHz","keyword","The f0 frequency unit for the selected band or channel frequency." +"wifi_channel","3","integer","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data." +"wifi_band","2.4 GHz","keyword","The 802.11 standard provides several bands for WiFi use like 900 MHz, 2.4GHz, 5 GHz and others." +"wifi_encyption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3." +"wifi_phy_mode","g","keyword","Sometimes called phy_type, other options range from 802.11 to 802.11be (WiFi 7)." +"wifi_signal_strength","-57","long","Some vendors use the field name rssi in dbm." +"wifi_signal_strength_unit","dbm","keyword","The unit for signal strength, some options are dBμV/m or dBm." +"wifi_signal_to_noise","48","long","The signal to noise ratio." +"wifi_signal_to_noise_unit","db","keyword","The unit for signal to noise ratio." +"wifi_signal_to_noise_level","-90","long","The signal to noise level." +"wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level." +"wifi_data_rate","400","long","The used data rate." +"wifi_data_rate_unit","Mbps","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." +"wifi_frame_type_value","0","keyword","Sometimes called fc_type." +"wifi_frame_type_desciption","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." +“wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." +"wifi_frame_subtype_desc","beacon","The description of a code, e.g. 1000 is for beacon." +"wifi_virtual_access_point","My_access_point","keyword","The access point's name." From dd9589df6ab4bf7cdbe629d955aae2133c464bd0 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:20:20 -0500 Subject: [PATCH 05/14] Update wifi.csv fixed illegal quoting --- source/schema/entities/wifi.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv index 89322bf..5b8ea17 100644 --- a/source/schema/entities/wifi.csv +++ b/source/schema/entities/wifi.csv @@ -16,6 +16,6 @@ "wifi_data_rate_unit","Mbps","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." "wifi_frame_type_value","0","keyword","Sometimes called fc_type." "wifi_frame_type_desciption","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." -“wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." +"wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." "wifi_frame_subtype_desc","beacon","The description of a code, e.g. 1000 is for beacon." "wifi_virtual_access_point","My_access_point","keyword","The access point's name." From 3d64fba53716f6a9cbe326fb6218ef80241a9106 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:21:45 -0500 Subject: [PATCH 06/14] Update wifi.csv fixed line 16 --- source/schema/entities/wifi.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv index 5b8ea17..73bdd5c 100644 --- a/source/schema/entities/wifi.csv +++ b/source/schema/entities/wifi.csv @@ -13,7 +13,7 @@ "wifi_signal_to_noise_level","-90","long","The signal to noise level." "wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level." "wifi_data_rate","400","long","The used data rate." -"wifi_data_rate_unit","Mbps","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." +"wifi_data_rate_unit","Mbps","keyword","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." "wifi_frame_type_value","0","keyword","Sometimes called fc_type." "wifi_frame_type_desciption","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." "wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." From 90e3a771acfce168c074329bc92cfddf84e27e5f Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:22:29 -0500 Subject: [PATCH 07/14] Update wifi.csv fixed line 20 --- source/schema/entities/wifi.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv index 73bdd5c..6cfa957 100644 --- a/source/schema/entities/wifi.csv +++ b/source/schema/entities/wifi.csv @@ -17,5 +17,5 @@ "wifi_frame_type_value","0","keyword","Sometimes called fc_type." "wifi_frame_type_desciption","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." "wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." -"wifi_frame_subtype_desc","beacon","The description of a code, e.g. 1000 is for beacon." +"wifi_frame_subtype_desc","beacon","keyword","The description of a code, e.g. 1000 is for beacon." "wifi_virtual_access_point","My_access_point","keyword","The access point's name." From 5659c85a9674b538d14ebf22bf4a9684f319167a Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:40:02 -0500 Subject: [PATCH 08/14] Update alerts_derived.csv fixed alerts --- source/schema/entities/alerts_derived.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/schema/entities/alerts_derived.csv b/source/schema/entities/alerts_derived.csv index 5d37482..4740ddb 100644 --- a/source/schema/entities/alerts_derived.csv +++ b/source/schema/entities/alerts_derived.csv @@ -1,3 +1,3 @@ "Field Name", "Example Values", "Field Type", "Notes" "alert_severity", "critical, high, medium, low, informational", "keyword", "Severity of Alert" -"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational" \ No newline at end of file +"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical" From 1d0fb9de169bdc015f53496d4501b2896038f38d Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:42:34 -0500 Subject: [PATCH 09/14] Update destination_derived.csv fixed destination file --- source/schema/entities/destination_derived.csv | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source/schema/entities/destination_derived.csv b/source/schema/entities/destination_derived.csv index b09b845..8b40ede 100644 --- a/source/schema/entities/destination_derived.csv +++ b/source/schema/entities/destination_derived.csv @@ -3,7 +3,12 @@ "destination_category",,"keyword","Future: from entity mapping" "destination_geo_*",,,"See: :ref:`geo_* fields `" "destination_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" +"Field Name", "Example Values", "Field Type", "Notes" +"destination_as_*",,,"See: :ref:`as_* fields `" +"destination_category",,"keyword","Future: from entity mapping" +"destination_geo_*",,,"See: :ref:`geo_* fields `" +"destination_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" "destination_priority","critical, high, medium, low","keyword","Future: from entity mapping" "destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical" -"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, desination_mac" +"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, destination_mac" From 10c753e753ba63148fcfbb5f09671973001ee6cf Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:44:25 -0500 Subject: [PATCH 10/14] Update destination_derived.csv fixed destination --- source/schema/entities/destination_derived.csv | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/source/schema/entities/destination_derived.csv b/source/schema/entities/destination_derived.csv index 8b40ede..b09b845 100644 --- a/source/schema/entities/destination_derived.csv +++ b/source/schema/entities/destination_derived.csv @@ -3,12 +3,7 @@ "destination_category",,"keyword","Future: from entity mapping" "destination_geo_*",,,"See: :ref:`geo_* fields `" "destination_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" -"Field Name", "Example Values", "Field Type", "Notes" -"destination_as_*",,,"See: :ref:`as_* fields `" -"destination_category",,"keyword","Future: from entity mapping" -"destination_geo_*",,,"See: :ref:`geo_* fields `" -"destination_location_name","Chicago, US, Datacenter 01, Bismark - Finance","keyword","Field is derived either from an internal enterprise network definition or the Geo location fields if availble" "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" "destination_priority","critical, high, medium, low","keyword","Future: from entity mapping" "destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical" -"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, destination_mac" +"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, desination_mac" From afa439e705d55c9f54530e85e35653c2fd13b34f Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:45:34 -0500 Subject: [PATCH 11/14] Update user_derived.csv fixed user --- source/schema/entities/user_derived.csv | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/schema/entities/user_derived.csv b/source/schema/entities/user_derived.csv index 0fdae59..ef9b57e 100644 --- a/source/schema/entities/user_derived.csv +++ b/source/schema/entities/user_derived.csv @@ -2,5 +2,5 @@ "user_category","vip, default account, finance, help desk","keyword","Future: From entity mapping" "user_name_mapped","Built in\Administrators","keyword (normalized:loweronly)","When a user identity or identities is mapped from a source outside of the message itself it is written to this field. This is where Windows well-known SIDs are resolved." "user_priority","critical, high, medium, low","keyword","Future: From entity mapping" -"user_priority_level","1-4","byte","1 = Critical, 2 = High, 3 = Medium, 4 = Low" -"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”" \ No newline at end of file +"user_priority_level","1-4","byte","Numeric value representing the priority of the user account, 1 = low, 2 = medium, 3 = high, 4 = critical" +"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”" From 9b849012fbf8d7d0c4e5ed0af488613aef17b7b2 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Mon, 23 Oct 2023 12:46:55 -0500 Subject: [PATCH 12/14] Update destination_derived.csv fixed spelling --- source/schema/entities/destination_derived.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/schema/entities/destination_derived.csv b/source/schema/entities/destination_derived.csv index b09b845..79bfa0a 100644 --- a/source/schema/entities/destination_derived.csv +++ b/source/schema/entities/destination_derived.csv @@ -6,4 +6,4 @@ "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case" "destination_priority","critical, high, medium, low","keyword","Future: from entity mapping" "destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical" -"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, desination_mac" +"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, destination_mac" From ec24efa1cb86e6c31a3c758e00fd89cb1832ae12 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Tue, 24 Oct 2023 10:18:15 -0500 Subject: [PATCH 13/14] Update wifi.csv fixed spelling --- source/schema/entities/wifi.csv | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv index 6cfa957..c4bd462 100644 --- a/source/schema/entities/wifi.csv +++ b/source/schema/entities/wifi.csv @@ -1,10 +1,10 @@ "Field Name", "Example Values", "Field Type", "Notes" -"wifi_ssid","Guest_Access","keyword","The name of the broadcased network." +"wifi_ssid","Guest_Access","keyword","The name of the broadcasted network." "wifi_frequency","2416","long","The f0 frequency for the selected band or channel frequency." "wifi_frequency_unit","MHz","keyword","The f0 frequency unit for the selected band or channel frequency." "wifi_channel","3","integer","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data." "wifi_band","2.4 GHz","keyword","The 802.11 standard provides several bands for WiFi use like 900 MHz, 2.4GHz, 5 GHz and others." -"wifi_encyption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3." +"wifi_encryption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3." "wifi_phy_mode","g","keyword","Sometimes called phy_type, other options range from 802.11 to 802.11be (WiFi 7)." "wifi_signal_strength","-57","long","Some vendors use the field name rssi in dbm." "wifi_signal_strength_unit","dbm","keyword","The unit for signal strength, some options are dBμV/m or dBm." @@ -14,8 +14,8 @@ "wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level." "wifi_data_rate","400","long","The used data rate." "wifi_data_rate_unit","Mbps","keyword","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." -"wifi_frame_type_value","0","keyword","Sometimes called fc_type." -"wifi_frame_type_desciption","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." +"wifi_frame_type_value","0","long","Sometimes called fc_type." +"wifi_frame_type_description","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." "wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." -"wifi_frame_subtype_desc","beacon","keyword","The description of a code, e.g. 1000 is for beacon." +"wifi_frame_subtype_description","beacon","keyword","The description of a code, e.g. 1000 is for beacon." "wifi_virtual_access_point","My_access_point","keyword","The access point's name." From ddf42a02f6e6522b2a8f6037315b83baff28a127 Mon Sep 17 00:00:00 2001 From: StefanAustin <75188231+StefanAustin@users.noreply.github.com> Date: Thu, 2 Nov 2023 10:59:58 -0500 Subject: [PATCH 14/14] Update wifi.csv Updated some fields --- source/schema/entities/wifi.csv | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/schema/entities/wifi.csv b/source/schema/entities/wifi.csv index c4bd462..4b73f79 100644 --- a/source/schema/entities/wifi.csv +++ b/source/schema/entities/wifi.csv @@ -2,7 +2,7 @@ "wifi_ssid","Guest_Access","keyword","The name of the broadcasted network." "wifi_frequency","2416","long","The f0 frequency for the selected band or channel frequency." "wifi_frequency_unit","MHz","keyword","The f0 frequency unit for the selected band or channel frequency." -"wifi_channel","3","integer","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data." +"wifi_channel","3","long","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data." "wifi_band","2.4 GHz","keyword","The 802.11 standard provides several bands for WiFi use like 900 MHz, 2.4GHz, 5 GHz and others." "wifi_encryption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3." "wifi_phy_mode","g","keyword","Sometimes called phy_type, other options range from 802.11 to 802.11be (WiFi 7)." @@ -14,8 +14,8 @@ "wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level." "wifi_data_rate","400","long","The used data rate." "wifi_data_rate_unit","Mbps","keyword","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s." -"wifi_frame_type_value","0","long","Sometimes called fc_type." +"wifi_frame_type_value","0","keyword","Sometimes called fc_type." "wifi_frame_type_description","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type." "wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000." "wifi_frame_subtype_description","beacon","keyword","The description of a code, e.g. 1000 is for beacon." -"wifi_virtual_access_point","My_access_point","keyword","The access point's name." +"wifi_virtual_access_point","My_access_point","keyword","Virtual access point name."