diff --git a/CHANGELOG.md b/CHANGELOG.md
index 061e1d8ee..4f2947d78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -85,6 +85,7 @@ Thankyou! -->
1. Added `ancestry` as a list of `process_entity`. #1317
1. Added `internal_name` as a `string_t`. #1322
1. Added `cc_mailboxes`, `from_mailbox`, `to_mailboxes`, `delivered_to_list` and `reply_to_mailboxes`. #1307
+ 1. Added `flag_history` and `bytes_missed` attributes. #1316
* #### Objects
1. Added `environment_variable` object. #1172, #1288
@@ -189,6 +190,8 @@ Thankyou! -->
1. Added `internal_name` to the `file` object. #1322
1. Added `cc_mailboxes`, `from_mailbox`, `to_mailboxes`, `delivered_to_list` and `reply_to_mailboxes` to `email` object. #1307
1. Added `sans` array to `certificate` object. #1325
+ 1. Added `flag_history` attribute to the `network_connection_info` object. #1316
+ 1. Added `bytes_missed` attribute to the `network_traffic` object. #1316
### Bugfixes
1. Added sibling definition to `confidence_id` in dictionary, accurately associating `confidence` as its sibling. #1180
diff --git a/dictionary.json b/dictionary.json
index 85c17feca..10928278c 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -486,6 +486,11 @@
"description": "The number of bytes sent from the destination to the source.",
"type": "long_t"
},
+ "bytes_missed": {
+ "caption": "Bytes Missed",
+ "description": "Indicates the number of bytes missed, which is representative of packet loss.",
+ "type": "long_t"
+ },
"bytes_out": {
"caption": "Bytes Out",
"description": "The number of bytes sent from the source to the destination.",
@@ -2294,6 +2299,17 @@
"description": "The software package version in which a reported vulnerability was patched/fixed.",
"type": "string_t"
},
+ "flag_history": {
+ "caption": "Connection Flag History",
+ "description": "The Connection Flag History summarizes events in a network connection. For example flags ShAD representing SYN, SYN/ACK, ACK and Data exchange.",
+ "references": [
+ {
+ "description": "Zeek History",
+ "url": "https://docs.zeek.org/en/master/scripts/base/protocols/conn/main.zeek.html#detailed-interface:~:text=Records%20the%20state%20history%20of%20connections%20as%20a%20string%20of%20letters.%20The%20meaning%20of%20those%20letters%20is"
+ }
+ ],
+ "type": "string_t"
+ },
"flag_ids": {
"caption": "Communication Flag IDs",
"description": "The list of normalized identifiers of the communication flag IDs. See specific usage.",
@@ -2313,7 +2329,7 @@
},
"flags": {
"caption": "Flags",
- "description": "The list of communication flags, normalized to the captions of the flag_ids values. In the case of 'Other', they are defined by the event source.",
+ "description": "The list of communication flags, normalized to the captions of the flag_ids values. See specific usage.",
"type": "string_t",
"is_array": true
},
@@ -2546,8 +2562,16 @@
"sibling": "impact",
"type": "integer_t",
"source": "impact value; impact level",
- "references": [{"description": "NIST SP 800-172 from FIPS 199", "url": "https://doi.org/10.6028/NIST.FIPS.199"},
- {"description": "NIST Computer Security Resource Center", "url": "https://doi.org/10.6028/NIST.FIPS.199"}],
+ "references": [
+ {
+ "description": "NIST SP 800-172 from FIPS 199",
+ "url": "https://doi.org/10.6028/NIST.FIPS.199"
+ },
+ {
+ "description": "NIST Computer Security Resource Center",
+ "url": "https://doi.org/10.6028/NIST.FIPS.199"
+ }
+ ],
"enum": {
"0": {
"caption": "Unknown",
diff --git a/objects/network_connection_info.json b/objects/network_connection_info.json
index 14a3f45fd..d4fa68e9b 100644
--- a/objects/network_connection_info.json
+++ b/objects/network_connection_info.json
@@ -20,6 +20,9 @@
"direction_id": {
"requirement": "required"
},
+ "flag_history": {
+ "requirement": "optional"
+ },
"protocol_name": {
"caption": "Protocol Name",
"description": "The IP protocol name in lowercase, as defined by the Internet Assigned Numbers Authority (IANA). For example: tcp or udp.",
diff --git a/objects/network_traffic.json b/objects/network_traffic.json
index 9adb1e8e7..f0fd83b07 100644
--- a/objects/network_traffic.json
+++ b/objects/network_traffic.json
@@ -11,16 +11,10 @@
"bytes_in": {
"requirement": "optional"
},
- "bytes_out": {
+ "bytes_missed": {
"requirement": "optional"
},
- "packets": {
- "requirement": "recommended"
- },
- "packets_in": {
- "requirement": "optional"
- },
- "packets_out": {
+ "bytes_out": {
"requirement": "optional"
},
"chunks": {
@@ -34,6 +28,15 @@
"chunks_out": {
"description": "The number of chunks sent from the source to the destination.",
"requirement": "optional"
+ },
+ "packets": {
+ "requirement": "recommended"
+ },
+ "packets_in": {
+ "requirement": "optional"
+ },
+ "packets_out": {
+ "requirement": "optional"
}
}
}
diff --git a/objects/request.json b/objects/request.json
index 1e277b9a5..1132b88c9 100644
--- a/objects/request.json
+++ b/objects/request.json
@@ -12,6 +12,7 @@
"requirement": "optional"
},
"flags": {
+ "description": "The communication flags that are associated with the api request.",
"requirement": "optional"
},
"uid": {
diff --git a/objects/response.json b/objects/response.json
index 65f36af25..7de60eedd 100644
--- a/objects/response.json
+++ b/objects/response.json
@@ -21,6 +21,7 @@
"requirement": "recommended"
},
"flags": {
+ "description": "The communication flags that are associated with the api response.",
"requirement": "optional"
},
"message": {