datacontract
OCSF Import
The Open Cybersecurity Framework (OCSF) is an event based schema that tries to categorize all types of security events in a common model. Unfortunately their schema is represented in a custom format (though jsonschema export does exist, it may not capture all the details).
The goal of this issue would be to create an initial pass at importing their schema into the datacontract format to enable exporting the schema to other backends (like pydantic models and ddl statements).
So goal would be to create an example data contract for OCSF schema?
It would be nice to have a compliant data contract example for their schema, that we could publish on: https://datacontract.com/examples/
I currently would not expect changes in the source code for the datacontract-cli project.
I think the scope of this issue would be to add a custom importer that can accepts an OCSF schema document and creates a datacontract yml. Ideally the "OCSF schema document" would be the one exported from https://github.com/ocsf/ocsf-lib-py (e.g., python -m ocsf.schema 1.2.0), which uses the same metamodel (defined here) as the OCSF source code in https://github.com/ocsf/ocsf-schema, not the jsonschema intermediary.
A process like this would be nice:
# compile ocsf schema doc
python -m ocsf.schema 1.2.0 >/tmp/schema1.2.0.json
# import specific OCSF classes as data contract models
datacontract import --format ocsf --source /tmp/schema1.2.0.json --ocsf-class network-activity --ocsf-class process-activity
This is useful because some tools are starting to rely on OCSF as the native representation of their data, so being able to work with these models directly from the datacontract cli tool would be nice.
If this seems like something that you would consider merging, I can work on a PR @jochenchrist .
