OCSF Encoder

codec

Encodes events to Open Cybersecurity Schema Framework format.

OCSF Encoder

Encodes Arrow RecordBatches to Open Cybersecurity Schema Framework (OCSF) JSON format.

Configuration

FieldTypeRequiredDefaultDescription
codecstringyesMust be "ocsf"

Example

sinks:
  my_s3:
    type: s3
    bucket: security-events
    prefix: ocsf/
    encoding:
      codec: ocsf

When to Use

  • Security analytics - Standardized security event format
  • SIEM integration - Splunk, Sentinel, Chronicle
  • Threat detection - Cross-platform security correlation