Hello all, I was wondering how is Cribl implementing OCSF mappings?
Page 1 / 1
<@U02ELKX57CH> <@U02PA4EAP1S> ^^^
Hi <@U04S0RP486P>, I can walk you through how we do it. Currently we only support the network activity class, but several more classes are 'work in progress'. If you don't mind me asking, what is your use case for it?
Hello <@U02ELKX57CH> I was thinking for example use cases to structure like syslog messages better, putting it in OCSF format
will DM you so we can go into this further
We have a need for this internally <@U02ELKX57CH> so I'd like to see how we could expand our support. <@U01LSBF5953> does this factor into your Rosetta pack?
If there's mappings for Windows OS logs for OCSF I can add them to the Rosetta pack
Not really sure what your intentions were for Rosetta, it's for Windows logs only?
In general, there's a market need for an any to any mapper. Not sure the product is helping us as much as it could there. It's certainly a set of ideas on the backlog to make mapping schemas easier.
I mean naming wise, maybe quality it more then 
> it's for Windows logs onlyYes
Ocsf is massive in structure, we should chat <@U01LSBF5953>
OCSF, OTel, its like when big vendors get together they just want to make things more complicated
It's a meta-schema
Lol
I use that in my slides for ocsf when talking about it
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.