Open Cybersecurity Schema Framework Launched

A new open source framework aims to break down data silos that block security efforts and help organizations more effectively detect and deal with cyberattacks. 

The Open Cybersecurity Schema Framework (OCSF) project, led by AWS and Splunk, “is an open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes,” the announcement states. The OCSF also includes contributions from other initial members, including Cloudflare, CrowdStrike, IBM Security, Okta, Palo Alto Networks, Rapid7, Salesforce, Trend Micro, and Zscaler.

“The framework is made up of a set of data types, an attribute dictionary, and the taxonomy,” according to the website, “and is agnostic to storage format, data collection and ETL processes.” Additionally, “the core schema for cybersecurity events is intended to be agnostic to implementations. The schema framework definition files and the resulting normative schema are written as JSON.”

A list of schema categories is also available, where users can apply profiles and browse attributes, objects, and event classes. 

Comments