Thursday, August 11, 2022

Open Cybersecurity Schema Framework (OCSF)

Who: Amazon, Cloudflare, CrowdStrike, IBM, Okta, and Salesforce

What: They have collaborated on a joint initiative to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.

  • Schema includes: Activity; Activity ID; Category; Category ID; Class; Class ID; Count; Duration; End Time; Enrichments; Event Time; Message; Metadata; Observables; Original Time; Product; Profiles; Raw Data; Reference Event Code; Reference Event ID; Reference Event Name; Severity; Severity ID; Start Time; Status; Status Code; Status Details; Status ID; Timezone Offset; Type ID; Type Name; Unmapped Data

Thoughts: There's still a tremendous amount of work to be done and it will realistically be quite some time before the value is realized from this effort. However, it's good to see some progress and interest. This has been a problem for a very, very long time. 

Tags: Open Cybersecurity Schema Framework (OCSF)

Sources: