ocsf-docs icon indicating copy to clipboard operation
ocsf-docs copied to clipboard

Published 20 hours ago verified publisher icon ocsf

FAQ - OCSF relation to STIX

Open jetlime opened this issue 1 year ago • 1 comments

I am currently trying to understand how OCSF compares to STIX. I noticed in the present FAQ (https://github.com/ocsf/ocsf-docs/tree/main/FAQs) that you planned to add an explanation on how they are complementary. As I cannot seem to find an answer to my question online, would it be possible to obtain one here?

Thanks.

jetlime avatar Apr 05 '23 19:04 jetlime

I think the best person to elaborate on this would be @JasonKeirstead . In short, STIX IOCs can be matched against OCSF observables to match possible attack vectors from known threat actors. There is an overlap in concept as STIX also distinguishes observables (from where OCSF borrowed the name), from IOCs, which are those observables and other artifacts that match threat vectors.

pagbabian-splunk avatar May 30 '23 15:05 pagbabian-splunk