This section contains in-depth technical articles about various aspects of the Open Cybersecurity Schema Framework (OCSF).
- Profiles are Powerful - Deep dive into OCSF profiles and their four modeling approaches
- Defining and Using Observables - Guide to working with observables in OCSF
- Representing Process Parentage - How to model process relationships in OCSF
- Patching Core Using Extensions - How to extend OCSF core schema using extensions
- Modeling Alerts - How to Model Alerts with OCSF
We welcome contributions of technical articles that help the OCSF community understand and implement the framework effectively.
If you'd like to contribute an article:
- Follow the existing article structure and style
- Use clear, technical language with practical examples
- Include code samples where appropriate
- Submit a pull request with your article
- Audience: Technical practitioners implementing or working with OCSF
- Format: Markdown with clear headings and structure
- Length: Comprehensive but focused - typically 1000-3000 words
- Examples: Include practical code examples and use cases
- Accuracy: Ensure technical accuracy and test any code samples
- OCSF Schema Repository
- OCSF Server
- FAQs for common questions