Feat: [ocsf#1122] - extend User, LDAP Person + cloud like AzureAd sup…

…port added

- wip - status: Ldap person in progress

objects/ldap_person.json

@@ -4,6 +4,12 @@
   "name": "ldap_person",
   "extends": "object",
   "attributes": {
+    "allowed_to_act_on_behalf_of_other_identity": {
+      "requirement": "optional"
+    },
+    "allowed_to_delegate_to": {
+      "requirement": "optional"
+    },
     "cost_center": {
       "requirement": "optional"
     },
@@ -14,6 +20,13 @@
     "deleted_time": {
       "requirement": "optional"
     },
+    "display_name": {
+      "requirement": "recommended"
+    },
+    "domain": {
+      "requirement": "recommended",
+      "description": "Name of the Active Directory Domain."
+    },
     "email_addrs": {
       "requirement": "optional"
     },
@@ -33,6 +46,12 @@
       "description": "The labels associated with the user. For example in AD this could be the <code>userType</code>, <code>employeeType</code>. For example: <code>Member, Employee</code>.",
       "requirement": "optional"
     },
+    "parent_dn": {
+      "requirement": "optional"
+    },
+    "last_known_parent": {
+      "requirement": "optional"
+    },
     "last_login_time": {
       "requirement": "optional"
     },
@@ -52,15 +71,54 @@
     "manager": {
       "requirement": "optional"
     },
+    "member_of": {
+      "requirement": "optional",
+      "description": "Specifies the names of groups in Active Directory in which the user is a member."
+    },
+    "member_of_guid": {
+      "requirement": "optional",
+      "description": "Specifies the list of GUIDs of groups in Active Directory in which the user is a member."
+    },
+    "member_of_transitive": {
+      "requirement": "optional",
+      "description": "This attribute specifies the set of distinguished names (DNs) in the memberOf attribute on the current object and the DNs from the memberOf attributes of each of the objects specified in the memberOf attribute on the current object."
+    },
     "modified_time": {
       "description": "The timestamp when the user entry was last modified.",
       "requirement": "optional"
     },
     "office_location": {
       "requirement": "optional"
     },
+    "primary_group_id": {
+      "requirement": "optional"
+    },
+    "resultant_pso": {
+      "requirement": "optional"
+    },
+    "is_service_account": {
+      "requirement": "recommended"
+    },
+    "sid_history": {
+      "requirement": "optional"
+    },
     "surname": {
       "requirement": "optional"
+    },
+    "usn_changed": {
+      "requirement": "optional"
+    },
+    "usn_created": {
+      "requirement": "optional"
+    },
+    "user_principal_name": {
+      "requirement": "recommended"
+    },
+    "user_account_control": {
+      "requirement": "recommended"
+    },
+    "user_password_expiry_computed_time": {
+      "requirement": "optional"
     }
   }
 }

objects/ldap_person_AD.json

@@ -0,0 +1,39 @@
+{
+  "admin_count": {
+    "requirement": "recommended"
+  },
+  "consistency_guid": {
+    "requirement": "optional"
+  },
+  "creator_sid": {
+    "requirement": "optional"
+  },
+  "email_addr": {
+    "requirement": "optional",
+    "description": "Email address of the the user in Active Directory."
+  },
+  "forest": {
+    "requirement": "recommended"
+  },
+  "is_deleted": {
+    "requirement": "recommended"
+  },
+  "is_recycled": {
+    "requirement": "optional"
+  },
+  "nt_security_descriptor": {
+    "requirement": "optional"
+  },
+  "sam_account_type": {
+    "requirement": "optional"
+  },
+  "service_principal_name": {
+    "requirement": "optional"
+  },
+  "sam_account_name": {
+    "requirement": "optional"
+  },
+  "token_groups": {
+    "requirement": "optional"
+  }
+}

objects/user.json

@@ -146,6 +146,10 @@
           "caption": "System",
           "description": "System account. For example, Windows computer accounts with a trailing dollar sign ($)."
         },
+        "4": {
+          "caption": "Service",
+          "description": "Service account."
+        },
         "99": {
           "caption": "Other"
         }