OCSF Schema Viewer

The Open Cybersecurity Schema Framework (OCSF) is an initiative aimed at standardizing how cybersecurity data is structured and shared across different platforms and tools. By creating a common schema, OCSF allows organizations to easily integrate and analyze security data from various sources, making it easier to detect, respond to, and manage cybersecurity threats.

You can explore the OCSF schema and DataBee’s extension to it using our Dynamic OCSF Schema Explorer. OCSF has various event categories like System Activity, Findings, IAM (Identity and Access Management), and so on. Click on any category to see more about all the event classes under that category. Each category will contain different event classes. Click on an event class to view the detailed schema, which shows the data fields and their types.

Always note the version number at the top left of the schema page to ensure you're looking at the latest framework.

Select the relevant extension if you need information specific to a certain operating system, such as Linux or Windows, or to view DataBee-specific results.

OCSF offers different profiles, such as Cloud, Container, OSINT (Open Source Intelligence), etc. You can tailor the schema to specific environments by selecting the profiles of your choice.