Add boot_uid to device.

On Linux systems, the procfs contains a unique per-boot identifier. Certain tools, such
as EDR platforms or journald logs contain this identifier in their emitted telemerty. From
an analytical perspective, it's useful to extract since it provides an analyst the ability
to see activity from a given system across multiple reboots.

For more details see:
`man 3 sd_id128_get_machine()`

Signed-off-by: Hunter Madison <[email protected]>

CHANGELOG.md

@@ -41,6 +41,10 @@ Thankyou! -->
 
 ## [Unreleased]
 
+### Added
+* #### Objects
+  1. Added `boot_uid` to `device`.
+
 ## [v1.4.0] - January 31st, 2025
 
 ### Added

dictionary.json

@@ -401,6 +401,11 @@
       "description": "The time when the system was booted.",
       "type": "timestamp_t"
     },
+    "boot_uid": {
+      "caption": "Boot UID",
+      "description": "A unique identifier of the device that changes after every reboot. For example, the value of <code>/proc/sys/kernel/random/boot_id</code> from Linux's procfs.",
+      "type": "string_t"
+    },
     "boundary": {
       "caption": "Boundary",
       "description": "The boundary of the connection, normalized to the caption of 'boundary_id'. In the case of 'Other', it is defined by the event source. <p> For cloud connections, this translates to the traffic-boundary(same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External.</p>",

objects/device.json

@@ -130,6 +130,10 @@
     "vendor_name": {
       "description": "The vendor for the device. For example <code>Dell</code> or <code>Lenovo</code>.",
       "requirement": "recommended"
+    },
+    "boot_id": {
+      "description": "A unique identifier of the device that changes after every reboot. For example, the value of <code>/proc/sys/kernel/random/boot_id</code> from Linux's procfs.",
+      "requirement": "optional"
     }
   },
   "references": [