ocsf-docs
ocsf-docs copied to clipboard
ocsf
OCSF Documentation
Thank you for writing such an excellent white paper that introduces the schema so thoroughly. It is incredibly well written and complete. There are a few places where I think...
Not sure how or if this should be merged with our formal docs. However we discussed this question of how to determine if a log is supported the other day....
Add to Docs information on Groups. In the following example a group is part of the Event Class. group → For each attribute ensure you add a group value. Valid...
There is very often the question of how to distinguish between `Recommended` attributes and `Optional` attributes. Upon discussing this with some OCSF adopters, it seems one major distinction is that...
Originated from `ocsf-schema` PR https://github.com/ocsf/ocsf-schema/pull/807 I believe there is an important relationship between the `observable` [datatypes](https://schema.ocsf.io/1.0.0/data_types?extensions=) and how the [observable objects ](https://schema.ocsf.io/1.0.0/objects/observable?extensions=)are identified. For instance, I believe the OCSF translator...
A topic of discussion that often comes up from OCSF adopters is "When should I use/create an Extension versus when should I use/create a Profile. The `Understanding OCSF` document does...
The topic that triggered this - Changing captions of an enum attribute is also a breaking change, since captions are used as values of the sibling string attributes. We should...
I am currently trying to understand how OCSF compares to STIX. I noticed in the present FAQ (https://github.com/ocsf/ocsf-docs/tree/main/FAQs) that you planned to add an explanation on how they are complementary....
https://github.com/ocsf/ocsf-docs/blob/main/Understanding%20OCSF.md documents the `timestamp_t` format as "milliseconds since the unix epoch", however the example payload provided by https://schema.ocsf.io/sample/1.2.0/classes/base_event produces a value for the `time` field in the quadrillions (e.g. `"time":...
