What: They have collaborated on a joint initiative to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.
- Schema includes: Activity; Activity ID; Category; Category ID; Class; Class ID; Count; Duration; End Time; Enrichments; Event Time; Message; Metadata; Observables; Original Time; Product; Profiles; Raw Data; Reference Event Code; Reference Event ID; Reference Event Name; Severity; Severity ID; Start Time; Status; Status Code; Status Details; Status ID; Timezone Offset; Type ID; Type Name; Unmapped Data
Thoughts: There's still a tremendous amount of work
to be done and it will realistically be quite some time before the value is
realized from this effort. However, it's good to see some progress and
interest. This has been a problem for a very, very long time.
Tags: Open Cybersecurity Schema Framework (OCSF)
Sources:
- News: https://www.cnn.com
- Github here: https://github.com/ocsf/
- Schema here: Open Cybersecurity Schema Framework (ocsf.io)