From 7dac2b1a795d5aee7c0717fcffd7d9220b99065b Mon Sep 17 00:00:00 2001
From: Tiffany Russell <109705231+t2sw@users.noreply.github.com>
Date: Wed, 18 Oct 2023 13:47:03 -0700
Subject: [PATCH] per issue 8427 set httptype method, registrydeletetype
registry_value, and registrysettype registry_data to optional
---
doc/structures/sighting.md | 12 ++++++------
src/ctim/schemas/sighting/context.cljc | 13 +++++++------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/doc/structures/sighting.md b/doc/structures/sighting.md
index b645216b..1633b832 100644
--- a/doc/structures/sighting.md
+++ b/doc/structures/sighting.md
@@ -1715,11 +1715,11 @@ Time of the observation. If the observation was made over a period of time, than
|[process_id](#propertyprocess_id-integer)|Integer| |✓|
|[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |✓|
|[registry_key](#propertyregistry_key-shortstringstring)|ShortStringString| |✓|
-|[registry_value](#propertyregistry_value-medstringstring)|MedStringString| |✓|
|[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |✓|
|[type](#propertytype-registrydeletetypeidentifierstring)|RegistryDeleteTypeIdentifierString| |✓|
|[process_guid](#propertyprocess_guid-integer)|Integer| ||
|[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
+|[registry_value](#propertyregistry_value-medstringstring)|MedStringString| ||
@@ -1763,7 +1763,7 @@ Time of the observation. If the observation was made over a period of time, than
## Property registry_value ∷ MedStringString
-* This entry is required
+* This entry is optional
* *MedString* String with at most 2048 characters.
@@ -1825,13 +1825,13 @@ Time of the observation. If the observation was made over a period of time, than
| -------- | ---- | ----------- | --------- |
|[process_id](#propertyprocess_id-integer)|Integer| |✓|
|[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |✓|
-|[registry_data](#propertyregistry_data-longstringstring)|LongStringString| |✓|
|[registry_key](#propertyregistry_key-shortstringstring)|ShortStringString| |✓|
|[registry_value](#propertyregistry_value-medstringstring)|MedStringString| |✓|
|[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |✓|
|[type](#propertytype-registrysettypeidentifierstring)|RegistrySetTypeIdentifierString| |✓|
|[process_guid](#propertyprocess_guid-integer)|Integer| ||
|[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
+|[registry_data](#propertyregistry_data-longstringstring)|LongStringString| ||
|[registry_data_length](#propertyregistry_data_length-integer)|Integer| ||
@@ -1868,7 +1868,7 @@ Time of the observation. If the observation was made over a period of time, than
## Property registry_data ∷ LongStringString
-* This entry is required
+* This entry is optional
* *LongString* String with at most 5000 characters.
@@ -2054,13 +2054,13 @@ Time of the observation. If the observation was made over a period of time, than
| Property | Type | Description | Required? |
| -------- | ---- | ----------- | --------- |
|[host](#propertyhost-shortstringstring)|ShortStringString| |✓|
-|[method](#propertymethod-httpmethodstring)|HTTPMethodString| |✓|
|[process_id](#propertyprocess_id-integer)|Integer| |✓|
|[process_name](#propertyprocess_name-shortstringstring)|ShortStringString| |✓|
|[time](#propertytime-observedtimeobject)|*ObservedTime* Object| |✓|
|[traffic](#propertytraffic-trafficobject)|*Traffic* Object| |✓|
|[type](#propertytype-httptypeidentifierstring)|HTTPTypeIdentifierString| |✓|
|[encrypted](#propertyencrypted-boolean)|Boolean| ||
+|[method](#propertymethod-httpmethodstring)|HTTPMethodString| ||
|[process_guid](#propertyprocess_guid-integer)|Integer| ||
|[process_username](#propertyprocess_username-shortstringstring)|ShortStringString| ||
|[query](#propertyquery-longstringstring)|LongStringString| ||
@@ -2085,7 +2085,7 @@ Time of the observation. If the observation was made over a period of time, than
## Property method ∷ HTTPMethodString
-* This entry is required
+* This entry is optional
* Allowed Values:
diff --git a/src/ctim/schemas/sighting/context.cljc b/src/ctim/schemas/sighting/context.cljc
index 626cb966..3dbf08a8 100644
--- a/src/ctim/schemas/sighting/context.cljc
+++ b/src/ctim/schemas/sighting/context.cljc
@@ -160,14 +160,14 @@
(f/required-entries
(f/entry :type HTTPTypeIdentifier)
(f/entry :host c/ShortString)
- (f/entry :method HTTPMethod)
(f/entry :traffic Traffic))
(f/optional-entries
(f/entry :url_port f/any-int)
(f/entry :process_guid f/any-int)
(f/entry :process_username c/ShortString)
(f/entry :query c/LongString)
- (f/entry :encrypted f/any-bool))))
+ (f/entry :encrypted f/any-bool)
+ (f/entry :method HTTPMethod))))
(def registry-event-entries
(concat
@@ -192,10 +192,10 @@
registry-event-entries
(f/required-entries
(f/entry :type RegistrySetTypeIdentifier)
- (f/entry :registry_value c/MedString)
- (f/entry :registry_data c/LongString))
+ (f/entry :registry_value c/MedString))
(f/optional-entries
- (f/entry :registry_data_length f/any-int))))
+ (f/entry :registry_data_length f/any-int)
+ (f/entry :registry_data c/LongString))))
(def registry-delete-type-identifier "RegistryDeleteEvent")
(def-eq RegistryDeleteTypeIdentifier registry-delete-type-identifier)
@@ -204,7 +204,8 @@
(concat
registry-event-entries
(f/required-entries
- (f/entry :type RegistryDeleteTypeIdentifier)
+ (f/entry :type RegistryDeleteTypeIdentifier))
+ (f/optional-entries
(f/entry :registry_value c/MedString))))
(def registry-rename-type-identifier "RegistryRenameEvent")