per issue 8427 set httptype method, registrydeletetype registry_value…

…, and registrysettype registry_data to optional
threatgrid · Oct 18, 2023 · 7dac2b1 · 7dac2b1
1 parent 1082531
commit 7dac2b1
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 12 deletions.
diff --git a/doc/structures/sighting.md b/doc/structures/sighting.md
@@ -1715,11 +1715,11 @@ Time of the observation. If the observation was made over a period of time, than
 |[process_id](#propertyprocess_id-integer)|Integer| |&#10003;|
 |[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |&#10003;|
 |[registry_key](#propertyregistry_key-shortstringstring)|ShortStringString| |&#10003;|
-|[registry_value](#propertyregistry_value-medstringstring)|MedStringString| |&#10003;|
 |[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |&#10003;|
 |[type](#propertytype-registrydeletetypeidentifierstring)|RegistryDeleteTypeIdentifierString| |&#10003;|
 |[process_guid](#propertyprocess_guid-integer)|Integer| ||
 |[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
+|[registry_value](#propertyregistry_value-medstringstring)|MedStringString| ||
 
 
 <a id="propertyprocess_guid-integer"></a>
@@ -1763,7 +1763,7 @@ Time of the observation. If the observation was made over a period of time, than
 <a id="propertyregistry_value-medstringstring"></a>
 ## Property registry_value ∷ MedStringString
 
-* This entry is required
+* This entry is optional
 
 
   * *MedString* String with at most 2048 characters.
@@ -1825,13 +1825,13 @@ Time of the observation. If the observation was made over a period of time, than
 | -------- | ---- | ----------- | --------- |
 |[process_id](#propertyprocess_id-integer)|Integer| |&#10003;|
 |[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |&#10003;|
-|[registry_data](#propertyregistry_data-longstringstring)|LongStringString| |&#10003;|
 |[registry_key](#propertyregistry_key-shortstringstring)|ShortStringString| |&#10003;|
 |[registry_value](#propertyregistry_value-medstringstring)|MedStringString| |&#10003;|
 |[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |&#10003;|
 |[type](#propertytype-registrysettypeidentifierstring)|RegistrySetTypeIdentifierString| |&#10003;|
 |[process_guid](#propertyprocess_guid-integer)|Integer| ||
 |[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
+|[registry_data](#propertyregistry_data-longstringstring)|LongStringString| ||
 |[registry_data_length](#propertyregistry_data_length-integer)|Integer| ||
 
 
@@ -1868,7 +1868,7 @@ Time of the observation. If the observation was made over a period of time, than
 <a id="propertyregistry_data-longstringstring"></a>
 ## Property registry_data ∷ LongStringString
 
-* This entry is required
+* This entry is optional
 
 
   * *LongString* String with at most 5000 characters.
@@ -2054,13 +2054,13 @@ Time of the observation. If the observation was made over a period of time, than
 | Property | Type | Description | Required? |
 | -------- | ---- | ----------- | --------- |
 |[host](#propertyhost-shortstringstring)|ShortStringString| |&#10003;|
-|[method](#propertymethod-httpmethodstring)|HTTPMethodString| |&#10003;|
 |[process_id](#propertyprocess_id-integer)|Integer| |&#10003;|
 |[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |&#10003;|
 |[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |&#10003;|
 |[traffic](#propertytraffic-trafficobject)|*Traffic* Object| |&#10003;|
 |[type](#propertytype-httptypeidentifierstring)|HTTPTypeIdentifierString| |&#10003;|
 |[encrypted](#propertyencrypted-boolean)|Boolean| ||
+|[method](#propertymethod-httpmethodstring)|HTTPMethodString| ||
 |[process_guid](#propertyprocess_guid-integer)|Integer| ||
 |[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
 |[query](#propertyquery-longstringstring)|LongStringString| ||
@@ -2085,7 +2085,7 @@ Time of the observation. If the observation was made over a period of time, than
 <a id="propertymethod-httpmethodstring"></a>
 ## Property method ∷ HTTPMethodString
 
-* This entry is required
+* This entry is optional
 
 
   * Allowed Values:

diff --git a/src/ctim/schemas/sighting/context.cljc b/src/ctim/schemas/sighting/context.cljc
@@ -160,14 +160,14 @@
    (f/required-entries
     (f/entry :type HTTPTypeIdentifier)
     (f/entry :host c/ShortString)
-    (f/entry :method HTTPMethod)
     (f/entry :traffic Traffic))
    (f/optional-entries
     (f/entry :url_port f/any-int)
     (f/entry :process_guid f/any-int)
     (f/entry :process_username c/ShortString)
     (f/entry :query c/LongString)
-    (f/entry :encrypted f/any-bool))))
+    (f/entry :encrypted f/any-bool)
+    (f/entry :method HTTPMethod))))
 
 (def registry-event-entries
   (concat
@@ -192,10 +192,10 @@
    registry-event-entries
    (f/required-entries
     (f/entry :type RegistrySetTypeIdentifier)
-    (f/entry :registry_value c/MedString)
-    (f/entry :registry_data c/LongString))
+    (f/entry :registry_value c/MedString))
    (f/optional-entries
-    (f/entry :registry_data_length f/any-int))))
+    (f/entry :registry_data_length f/any-int)
+    (f/entry :registry_data c/LongString))))
 
 (def registry-delete-type-identifier "RegistryDeleteEvent")
 (def-eq RegistryDeleteTypeIdentifier registry-delete-type-identifier)
@@ -204,7 +204,8 @@
   (concat
    registry-event-entries
    (f/required-entries
-    (f/entry :type RegistryDeleteTypeIdentifier)
+    (f/entry :type RegistryDeleteTypeIdentifier))
+   (f/optional-entries
     (f/entry :registry_value c/MedString))))
 
 (def registry-rename-type-identifier "RegistryRenameEvent")