Schema reference for OCSF version 1.1.0.
Classes
Section titled “Classes”Event classes define the structure and semantics of security events. Each class represents a specific type of activity like authentication, file operations, or network connections. OCSF 1.1.0 includes 50 event classes organized by category.
Browse classesObjects
Section titled “Objects”Objects are reusable data structures embedded within event classes. They represent entities like users, devices, files, and network endpoints. OCSF 1.1.0 defines 106 objects.
Browse objectsProfiles
Section titled “Profiles”Profiles are optional attribute sets that extend event classes with additional context. They enable consistent representation of cross-cutting concerns like host information or malware analysis. OCSF 1.1.0 includes 8 profiles.
Browse profilesExtensions
Section titled “Extensions”Extensions add platform-specific classes, objects, and attributes to the core schema. OCSF 1.1.0 includes 2 extensions.
Browse extensionsTypes define the format and validation rules for attribute values. OCSF 1.1.0 defines 22 types.
Browse types