Add boot_uid to device.

On Linux systems, the procfs contains a unique per-boot identifier. Certian tools, such as EDR platforms or journald logs contain this identifier in their emitted telemerty. From an analytical perspective, it's useful to extract since it provides an analyst the ability to see activity from a given system across multiple reboots. For more details see: `man 3 sd_id128_get_machine()`
ocsf · Feb 4, 2025 · 6f0a32a · 6f0a32a
1 parent c736233
commit 6f0a32a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,10 @@ Thankyou! -->
 
 ## [Unreleased]
 
+### Added
+* #### Objects
+  1. Added `boot_uid` to `device`.
+
 ## [v1.4.0] - January 31st, 2025
 
 ### Added

diff --git a/objects/device.json b/objects/device.json
@@ -130,6 +130,10 @@
     "vendor_name": {
       "description": "The vendor for the device. For example <code>Dell</code> or <code>Lenovo</code>.",
       "requirement": "recommended"
+    },
+    "boot_id": {
+      "description": "A unique identifier of the device that changes after every reboot. For example, the value of <code>/proc/sys/kernel/random/boot_id</code> from Linux's procfs.",
+      "requirement": "optional"
     }
   },
   "references": [