Skip to content
@ocsf

Open Cybersecurity Schema Framework

Welcome to OCSF

The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.

Overview

The framework is made up of a set of data types, an attribute dictionary, and the taxonomy. It is not restricted to the cybersecurity domain nor to events, however the initial focus of the framework has been a schema for cybersecurity events. OCSF is agnostic to storage format, data collection and ETL processes. The core schema for cybersecurity events is intended to be agnostic to implementations. The schema framework definition files and the resulting normative schema are written as JSON.

Refer to the white paper Understanding the Open Cybersecurity Schema Framework for an introduction to the framework and schema. A schema browser for the cybersecurity schema can be found at OCSF Schema, where the user can easily navigate the schema, apply profiles and extensions, and browse the attributes, objects and event classes.

OCSF Joins the Linux Foundation

November 19, 2024 is a milestone in the continued progress of the OCSF consortium of companies and individuals committed to the standardization of cybersecurity related events. We are pleased that an organization as storied and consequential as the Linux Foundation has considered our progress to be worthy of becoming a Linux Foundation Project. OCSF development will not change as the Linux Foundation policies and governance model is consistent with the current model. Please review the Technical Charter.

FAQ

We are maintaining a list of FAQs here.

Contributors

OCSF has a Steering Committee and Maintainers in addition to Contributors. Interested in contributing to the OCSF project? Please check out the documentation on how in the OCSF Contribution Guide file.

List of Contributing Organizations

Slack Workspace

The project has a Slack workspace where contributors discuss issues and topics. If you would like to be invited to join, create a new discussion with your request on the OCSF Discussions page — please use the "Slack Workspace Requests" category. Tell us about interests and introduce yourself to the group after you accept an invite.

License

OCSF is licensed under the Apache License 2.0. Check out the LICENSE file to understand the requirements to use the artifacts of the project.

Copyright

Copyright © OCSF a Series of LF Projects, LLC

For web site terms of use, trademark policy and other project policies please see LF Projects, LLC.

Pinned Loading

  1. governance governance Public

    31 9

  2. ocsf-docs ocsf-docs Public

    OCSF Documentation

    122 22

  3. ocsf-schema ocsf-schema Public

    OCSF Schema

    639 140

  4. ocsf-server ocsf-server Public

    OCSF Schema WEB Server

    Elixir 44 28

  5. examples examples Public

    This repo contains example of raw event examples and possible translations to the OCSF schema.

    34 35

Repositories

Showing 10 of 14 repositories
  • ocsf-schema Public

    OCSF Schema

    ocsf/ocsf-schema’s past year of commit activity
    639 Apache-2.0 140 66 14 Updated Dec 20, 2024
  • .github Public

    Entry point for introduction to the schema

    ocsf/.github’s past year of commit activity
    6 Apache-2.0 3 0 0 Updated Dec 20, 2024
  • ocsf-docs Public

    OCSF Documentation

    ocsf/ocsf-docs’s past year of commit activity
    122 Apache-2.0 22 5 1 Updated Dec 19, 2024
  • ocsf/ocsf.github.io’s past year of commit activity
    HTML 0 Apache-2.0 1 0 0 Updated Dec 18, 2024
  • ocsf-validator Public

    OCSF Schema Validation

    ocsf/ocsf-validator’s past year of commit activity
    Python 9 Apache-2.0 5 3 2 Updated Dec 13, 2024
  • examples Public

    This repo contains example of raw event examples and possible translations to the OCSF schema.

    ocsf/examples’s past year of commit activity
    34 35 1 8 Updated Dec 13, 2024
  • splunk Public

    The Splunk schema extension repository

    ocsf/splunk’s past year of commit activity
    9 Apache-2.0 3 0 0 Updated Dec 5, 2024
  • common-process-id Public

    OCSF Common Process Identifier (CPID)

    ocsf/common-process-id’s past year of commit activity
    2 Apache-2.0 1 0 1 Updated Nov 20, 2024
  • governance Public
    ocsf/governance’s past year of commit activity
    31 9 5 0 Updated Nov 19, 2024
  • ocsf-server Public

    OCSF Schema WEB Server

    ocsf/ocsf-server’s past year of commit activity
    Elixir 44 Apache-2.0 28 25 0 Updated Nov 19, 2024

Most used topics

Loading…