Welcome to the Open Cybersecurity Schema Framework (OCSF) documentation repository!
New to OCSF? Start here:
- Understanding OCSF - Core concepts and architecture
- Frequently Asked Questions - Common questions answered
High-level documentation including the comprehensive "Understanding OCSF" guide and key concepts.
Frequently asked questions covering general OCSF topics and schema-specific questions.
In-depth technical articles covering advanced topics like profiles, observables, extensions, and process modeling.
Historical documents and decisions that shaped OCSF development.
The Open Cybersecurity Schema Framework (OCSF) is an open-source effort to create a common schema for security events across the cybersecurity ecosystem. It addresses the challenge of inconsistent data formats by providing:
- Standardized Schema: Common format for security events
- Extensibility: Framework for domain-specific extensions
- Interoperability: Enable tools to work together seamlessly
- Community-Driven: Backed by major industry players (see our Contributors list)
- ocsf-schema - The core OCSF schema definitions
- ocsf-server - OCSF schema server implementation
- governance - OCSF governance model and processes
- Quick Questions: Check our FAQs
- Schema Questions: See the Schema FAQ
- Technical Issues: Create an issue in the relevant repository
- General Discussion: Use GitHub Discussions
This repository organizes OCSF documentation by type and audience:
- Point-in-time snapshots of current work are maintained in the overview section
- Version-specific documentation will be organized as the schema evolves
- Community contributions are welcome!
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
The OCSF documentation is a community effort. We welcome contributions, feedback, and suggestions to make this resource better for everyone.