Findings/Security Finding/IBM/QRadar SIEM/offense.json is not valid OCSF?

[dfederschmidt]

There seem to be various issues with this sample.

metadata.version is set to a value that is not reasonable. OCSF Version 7.5.0 does not exist.
https://github.com/ocsf/examples/blob/12802e239cc29016d267549e476d563b0b26bcc8/Findings/Security%20Finding/IBM/QRadar%20SIEM/offense.json#LL65C1-L66C1

severity_id - is a required property but is not set on the sample.

There may be various other issues but I stopped looking into using the sample after these 2 issues were uncovered. Just wanted to document this here in case someone else stumbles on this.

[pagbabian-splunk]

Thanks Daniel - good catches. My guess is that the version is not the OCSF version incorrectly populated but the QRadar version, which should be part of the product attribute of metadata: e.g. metadata.product.version = "7.5.0".

@irakledibm can you comment on this?

[irakledibm]

I will review this sample and make appropriate changes.