Databricks Data Lakehouse vs. a Data Warehouse: What’s the Difference? Read Our Latest Blog...
Databricks Data Lakehouse vs. a Data Warehouse: What’s the Difference? Read Our Latest Blog...
Start Free Trial

ChaosSearch Blog

3 MIN READ

Collaborative Community Creates New Cybersecurity Approach

Collaborative Community Creates New Cybersecurity Approach
2:16

Open Cybersecurity Schema Framework

 

At the Black Hat USA 2022 security conference in Las Vegas last week, Amazon AWS and Splunk who had initially partnered building on the ICD Schema from Symantec, brought 15 other vendors including: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler together to form the Open Cybersecurity Schema Framework (OCSF). This initiative acknowledges the enormous challenge of dealing with data from the wide spectrum of security products in a way that empowers enterprises to be able to protect against and respond to security threats quickly and effectively. “Providing a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion” is the main mission of the initiative.

 

Collaborative Community Creates New Approach to Cybersecurity

 

It is great to see collaboration among vendors rising to the challenge presented by the ever-changing world of cybersecurity. At ChaosSearch, we are especially happy to see the schema using JSON and the open collaboration to make systems and data more secure.

And more than that, are excited to see this project evolve, and the OCSF schema make its way into the products of the companies embracing it.

READ: The New Best Way to Index and Query JSON Logs 

 

OCSF Schema

 

ChaosSearch has many customers creating and realizing the benefits of operational and security data lakes for monitoring and alerting on security, application, Kubernetes, infrastructure logs, CloudWatch, CloudTrail, VPC FLow Logs, Splunk, Cloudflare, Fastly, Signal Sciences, Okta, Auth0, etc. Our customers utilize standard log shippers like Fluentd/Fluent Bit, Logstash/Beats, Kinesis Firehose, and tools like Cribl to ship data to AWS cloud object storage (AWS S3 or Google Cloud Storage). Once data is in cloud object storage, ChaosSearch’s patented indexing technology provides disruptive price/performance directly out of a customer’s S3 (or GCS) bucket. Any log, csv, or JSON data (like the OCSF schema or even JSON that is not as well architected or has complex JSON nesting), is a great fit for ChaosSearch.

For information on the OCSF project, visit https://github.com/ocsf/.

 

Learn More About ChaosSearch and Start a Free Trial

 

Additional Resources

Read the Blog: The Importance of Cloud Performance and Security Platforms

Watch the Demo: Unlock JSON Files for Analytics at Scale in ChaosSearch

Read the Blog: Going Beyond CloudWatch: 5 Steps to Better Log Analytics & Analysis

About the Author, Dave Armlin

Dave Armlin is the VP Customer Success of ChaosSearch. In this role, he works closely with new customers to ensure successful deployments, as well as with established customers to help streamline integrating new workloads into the ChaosSearch platform. Dave has extensive experience in big data and customer success from prior roles at Hubspot, Deep Information Sciences, Verizon, and more. Dave loves technology and balances his addiction to coffee with quality time with his wife, daughter, and son as they attack whatever sport is in season. He holds a Bachelor of Science in Computer Science from Northeastern University. More posts by Dave Armlin