OTRF
diff --git a/‎relationships/_all_ossem_relationships.json
Lines changed: 48 additions & 44 deletions b/‎relationships/_all_ossem_relationships.json
Lines changed: 48 additions & 44 deletions
@@ -1730,7 +1730,10 @@
         "contributors": [
             "Jose Rodriguez @Cyb3rPandaH"
         ],
-        "attack": null,
+        "attack": {
+            "data_source": "Firewall",
+            "data_component": "firewall rule modification"
+        },
         "behavior": {
             "source": "process",
             "relationship": "removed",
@@ -1741,16 +1744,12 @@
                 "event_id": 2006,
                 "name": "A rule has been deleted in the Windows Defender Firewall exception list",
                 "platform": "windows",
-                "audit_category": null,
-                "audit_sub_category": null,
-                "log_channel": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall",
-                "log_provider": "Microsoft-Windows-Windows Firewall With Advanced Security"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
-        "notes": [
-            "Potential contribution for ATT&CK - Firewall / firewall rule modification"
-        ]
+        "notes": null
     },
     {
         "relationship_id": "REL-2022-0039",
@@ -3991,7 +3990,10 @@
         "contributors": [
             "Jose Rodriguez @Cyb3rPandaH"
         ],
-        "attack": null,
+        "attack": {
+            "data_source": "Firewall",
+            "data_component": "firewall rule modification"
+        },
         "behavior": {
             "source": "process",
             "relationship": "added",
@@ -4002,16 +4004,12 @@
                 "event_id": 2004,
                 "name": "A rule has been added to the Windows Defender Firewall exception list",
                 "platform": "windows",
-                "audit_category": null,
-                "audit_sub_category": null,
-                "log_channel": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall",
-                "log_provider": "Microsoft-Windows-Windows Firewall With Advanced Security"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
-        "notes": [
-            "Potential contribution for ATT&CK - Firewall / firewall rule modification"
-        ]
+        "notes": null
     },
     {
         "relationship_id": "REL-2022-0089",
@@ -4305,7 +4303,10 @@
         "contributors": [
             "Jose Rodriguez @Cyb3rPandaH"
         ],
-        "attack": null,
+        "attack": {
+            "data_source": "Firewall",
+            "data_component": "firewall rule modification"
+        },
         "behavior": {
             "source": "process",
             "relationship": "modified",
@@ -4316,16 +4317,12 @@
                 "event_id": 2005,
                 "name": "A rule has been modified in the Windows Defender Firewall exception list.",
                 "platform": "windows",
-                "audit_category": null,
-                "audit_sub_category": null,
-                "log_channel": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall",
-                "log_provider": "Microsoft-Windows-Windows Firewall With Advanced Security"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
-        "notes": [
-            "Potential contribution for ATT&CK - Firewall / firewall rule modification"
-        ]
+        "notes": null
     },
     {
         "relationship_id": "REL-2022-0096",
@@ -5359,7 +5356,8 @@
                 "event_id": 2006,
                 "name": "A rule has been deleted in the Windows Defender Firewall exception list",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             },
             {
                 "event_id": "cloudtrail",
@@ -5382,7 +5380,8 @@
                 "event_id": 2033,
                 "name": "All rules have been deleted from the Windows Firewall configuration on this computer.",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
@@ -5802,7 +5801,8 @@
                 "event_id": 2009,
                 "name": "The Windows Firewall service failed to load Group Policy.",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
@@ -7039,7 +7039,10 @@
         "contributors": [
             "Jose Rodriguez @Cyb3rPandaH"
         ],
-        "attack": null,
+        "attack": {
+            "data_source": "Firewall",
+            "data_component": "firewall metadata"
+        },
         "behavior": {
             "source": "user",
             "relationship": "modified",
@@ -7050,13 +7053,15 @@
                 "event_id": 2002,
                 "name": "A Windows Defender Firewall setting has changed.",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             },
             {
                 "event_id": 2003,
                 "name": "A Windows Defender Firewall setting in the Private profile has changed.",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
@@ -7876,7 +7881,8 @@
                 "platform": "windows",
                 "audit_category": null,
                 "audit_sub_category": null,
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             },
             {
                 "event_id": "cloudtrail",
@@ -8450,7 +8456,8 @@
                 "event_id": 2005,
                 "name": "A rule has been modified in the Windows Defender Firewall exception list.",
                 "platform": "windows",
-                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             },
             {
                 "event_id": "cloudtrail",
@@ -8479,7 +8486,10 @@
         "contributors": [
             "Jose Rodriguez @Cyb3rPandaH"
         ],
-        "attack": null,
+        "attack": {
+            "data_source": "Firewall",
+            "data_component": "firewall metadata"
+        },
         "behavior": {
             "source": "process",
             "relationship": "modified",
@@ -8490,25 +8500,19 @@
                 "event_id": 2002,
                 "name": "A Windows Defender Firewall setting has changed.",
                 "platform": "windows",
-                "audit_category": null,
-                "audit_sub_category": null,
-                "log_channel": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall",
-                "log_provider": "Microsoft-Windows-Windows Firewall With Advanced Security"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             },
             {
                 "event_id": 2003,
                 "name": "A Windows Defender Firewall setting in the Private profile has changed.",
                 "platform": "windows",
-                "audit_category": null,
-                "audit_sub_category": null,
-                "log_channel": "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall",
-                "log_provider": "Microsoft-Windows-Windows Firewall With Advanced Security"
+                "log_source": "Microsoft-Windows-Windows Firewall With Advanced Security",
+                "event_version": []
             }
         ],
         "references": null,
-        "notes": [
-            "Potential contribution for ATT&CK - Firewall / firewall modification (New data component and relationship)"
-        ]
+        "notes": null
     },
     {
         "relationship_id": "REL-2022-0181",