Schema reference for OCSF version 1.8.0-dev.
Classes
Section titled “Classes”Event classes define the structure and semantics of security events. Each class represents a specific type of activity like authentication, file operations, or network connections. OCSF 1.8.0-dev includes 83 event classes organized by category.
Browse classesObjects
Section titled “Objects”Objects are reusable data structures embedded within event classes. They represent entities like users, devices, files, and network endpoints. OCSF 1.8.0-dev defines 172 objects.
Browse objectsProfiles
Section titled “Profiles”Profiles are optional attribute sets that extend event classes with additional context. They enable consistent representation of cross-cutting concerns like host information or malware analysis. OCSF 1.8.0-dev includes 13 profiles.
Browse profilesExtensions
Section titled “Extensions”Extensions add platform-specific classes, objects, and attributes to the core schema. OCSF 1.8.0-dev includes 2 extensions.
Browse extensionsTypes define the format and validation rules for attribute values. OCSF 1.8.0-dev defines 24 types.
Browse types