#ocsf — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ocsf, aggregated by home.social.
-
🎥 Video: ASPS — Agentic SOC Parallel Simulation Center ===================
Opening (executive summary):
ASPS is presented as a research-and-simulation platform that models a complete SOC team in a parallel virtual space. The platform combines a strong reasoning model called DeepSeek, a Model Context Protocol MCP for inter-agent context sharing, and OCSF-formatted telemetry stored in an integrated security data warehouse. The design intent is autonomous, multi-agent exercises that span attack generation through final reporting.Technical details:
• Agents and roles: seven distinct agents perform discrete SOC functions — Purple Team (traffic generation), Detection Engineer (rule authoring and verification), Analysis Engine (rule execution and alerting), Triage (false-positive filtering), Forensics (chain construction), Commander (response orchestration), Reporter (structured incident reports).• Data model and telemetry: the platform relies on OCSF as the canonical event schema and provides a lightweight Security Data Warehouse for storage, pivot visualization, and raw-log inspection to validate observability and signature quality.
• Reasoning and orchestration: DeepSeek supplies layered Chain-of-Thought reasoning to support analyst-like deductions. MCP serves as the context protocol enabling agents to exchange structured model state, prompts, and evidence without conflating agent internals.
Implementation concepts (high level):
• Simulation flow: Purple Team creates high-fidelity attack traffic and background noise; Detection Engineer synthesizes detection rules from observed telemetry; Analysis Engine runs detections to produce alerts that Triage evaluates; Forensics reconstructs attack graphs that Commander uses to propose actions; Reporter archives outputs.• Explainability: the Detection Engineering Workbench traces transformations from raw events to detection rules, enabling auditability and human review of automated rule generation.
Limitations and considerations:
• Observability dependency: fidelity depends on the quality and coverage of OCSF telemetry and scenario realism from the Purple Team.
• Autonomous risk: automated rule generation and response decisioning require validation to avoid operational hazards in production-like environments.
• Research maturity: described features emphasize exploratory capability; real-world deployment constraints (integration, scale, governance) are not exhaustively detailed.Use cases:
• Testing detection coverage and SOC playbooks in controlled parallel runs.
• Research into multi-agent reasoning for security automation.🔹 tool #OCSF #MCP #DeepSeek #Agentic_SOC
🔗 Source: https://github.com/SafelineMan/Agentic-SOC-Simulation
-
Today in our #EverythingOpen redux, we present @[email protected], who takes us on a tour of how the #InfoSec landscape has changed, the move to #ZeroTrust, #OpenStandards efforts, and the advent of #OCSF - a standard #taxonomy for representing #SIEM events, and the platform-agnostic @opentelemetry.
-
Today in our #EverythingOpen redux, we present @ctudball, who takes us on a tour of how the #InfoSec landscape has changed, the move to #ZeroTrust, #OpenStandards efforts, and the advent of #OCSF - a standard #taxonomy for representing #SIEM events, and the platform-agnostic @opentelemetry.
-
Today in our #EverythingOpen redux, we present @ctudball, who takes us on a tour of how the #InfoSec landscape has changed, the move to #ZeroTrust, #OpenStandards efforts, and the advent of #OCSF - a standard #taxonomy for representing #SIEM events, and the platform-agnostic @opentelemetry.
-
Today in our #EverythingOpen redux, we present @ctudball, who takes us on a tour of how the #InfoSec landscape has changed, the move to #ZeroTrust, #OpenStandards efforts, and the advent of #OCSF - a standard #taxonomy for representing #SIEM events, and the platform-agnostic @opentelemetry.
-
Today in our #EverythingOpen redux, we present @ctudball, who takes us on a tour of how the #InfoSec landscape has changed, the move to #ZeroTrust, #OpenStandards efforts, and the advent of #OCSF - a standard #taxonomy for representing #SIEM events, and the platform-agnostic @opentelemetry.
-
My review of 5 leading open source standards: OpenTelemetry, OpenFeature, CloudEvents, CDEvents and the Open Cybersecurity Framework (OCSF).
https://youtu.be/D6KqtJIVcts
#opentelemetry #openfeature #cloudevents #cdfoundation #cdevents and #ocsf -
My review of 5 leading open source standards: OpenTelemetry, OpenFeature, CloudEvents, CDEvents and the Open Cybersecurity Framework (OCSF).
https://youtu.be/D6KqtJIVcts
#opentelemetry #openfeature #cloudevents #cdfoundation #cdevents and #ocsf -
My review of 5 leading open source standards: OpenTelemetry, OpenFeature, CloudEvents, CDEvents and the Open Cybersecurity Framework (OCSF).
https://youtu.be/D6KqtJIVcts
#opentelemetry #openfeature #cloudevents #cdfoundation #cdevents and #ocsf -
My review of 5 leading open source standards: OpenTelemetry, OpenFeature, CloudEvents, CDEvents and the Open Cybersecurity Framework (OCSF).
https://youtu.be/D6KqtJIVcts
#opentelemetry #openfeature #cloudevents #cdfoundation #cdevents and #ocsf -
Earlier this year the Open Cybersecurity Schema Framework (#OCSF) was founded to form a new #opensource standard for #cybersecurity data.
Now AWS is implementing the standard into a #SecurityLake service to collect data from a wide ecosystem uniformly into a #datalake. -
Earlier this year the Open Cybersecurity Schema Framework (#OCSF) was founded to form a new #opensource standard for #cybersecurity data.
Now AWS is implementing the standard into a #SecurityLake service to collect data from a wide ecosystem uniformly into a #datalake. -
Earlier this year the Open Cybersecurity Schema Framework (#OCSF) was founded to form a new #opensource standard for #cybersecurity data.
Now AWS is implementing the standard into a #SecurityLake service to collect data from a wide ecosystem uniformly into a #datalake. -
Amazon introduces Amazon Security Lake at #reInvent https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-security-lake-preview/
Quick take: Affordable storage at scale not only challenges log management incumbents (and indirectly SIEM since analytics beyond existing AWS offerings are TBD), but also – and significantly – challenges Google (primarily Chronicle) and Microsoft (Sentinel) with the hyperscaler advantage. The cloud bigs “can get it for you wholesale” when it comes to storage and minimize markup – which also targets one of Splunk’s most longstanding issues. SMB may be an initial target (where the skew toward *DR and primarily EDR becomes more pronounced down market), but also keep an eye on their mo behind #OCSF and their initial partners on the spec.
This is just the first step in what is likely a more ambitious direction. Just consider the combo of aligning multi-source data (including competing cloud providers) and AWS observability as to where this could lead. Also note that Jon Ramsey, now at AWS, has built an ambitious security data platform before (at Secureworks). -
Amazon introduces Amazon Security Lake at #reInvent https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-security-lake-preview/
Quick take: Affordable storage at scale not only challenges log management incumbents (and indirectly SIEM since analytics beyond existing AWS offerings are TBD), but also – and significantly – challenges Google (primarily Chronicle) and Microsoft (Sentinel) with the hyperscaler advantage. The cloud bigs “can get it for you wholesale” when it comes to storage and minimize markup – which also targets one of Splunk’s most longstanding issues. SMB may be an initial target (where the skew toward *DR and primarily EDR becomes more pronounced down market), but also keep an eye on their mo behind #OCSF and their initial partners on the spec.
This is just the first step in what is likely a more ambitious direction. Just consider the combo of aligning multi-source data (including competing cloud providers) and AWS observability as to where this could lead. Also note that Jon Ramsey, now at AWS, has built an ambitious security data platform before (at Secureworks). -
Amazon introduces Amazon Security Lake at #reInvent https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-security-lake-preview/
Quick take: Affordable storage at scale not only challenges log management incumbents (and indirectly SIEM since analytics beyond existing AWS offerings are TBD), but also – and significantly – challenges Google (primarily Chronicle) and Microsoft (Sentinel) with the hyperscaler advantage. The cloud bigs “can get it for you wholesale” when it comes to storage and minimize markup – which also targets one of Splunk’s most longstanding issues. SMB may be an initial target (where the skew toward *DR and primarily EDR becomes more pronounced down market), but also keep an eye on their mo behind #OCSF and their initial partners on the spec.
This is just the first step in what is likely a more ambitious direction. Just consider the combo of aligning multi-source data (including competing cloud providers) and AWS observability as to where this could lead. Also note that Jon Ramsey, now at AWS, has built an ambitious security data platform before (at Secureworks). -
Earlier this year the Open Cybersecurity Schema Framework (#OCSF) was founded to form a new #opensource standard for #cybersecurity data. Now
#AWS is implementing the standard into a #SecurityLake service to collect data from a wide ecosystem uniformly into a #datalake -
Earlier this year the Open Cybersecurity Schema Framework (#OCSF) was founded to form a new #opensource standard for #cybersecurity data. Now
#AWS is implementing the standard into a #SecurityLake service to collect data from a wide ecosystem uniformly into a #datalake -
I'm really excited by what I'm reading about #AWS Security Lake announced at #reinvent, particularly the use of OCSF (https://github.com/ocsf). If security vendors could agree on a common standard for security logs it would be a huge headache removed, particularly for smaller businesses who rarely have the resources to implement lots of custom log integrations.
Note to vendors - every RFP and sales call from now on I will be asking you whether you support this standard.
-
I'm really excited by what I'm reading about #AWS Security Lake announced at #reinvent, particularly the use of OCSF (https://github.com/ocsf). If security vendors could agree on a common standard for security logs it would be a huge headache removed, particularly for smaller businesses who rarely have the resources to implement lots of custom log integrations.
Note to vendors - every RFP and sales call from now on I will be asking you whether you support this standard.
-
I'm really excited by what I'm reading about #AWS Security Lake announced at #reinvent, particularly the use of OCSF (https://github.com/ocsf). If security vendors could agree on a common standard for security logs it would be a huge headache removed, particularly for smaller businesses who rarely have the resources to implement lots of custom log integrations.
Note to vendors - every RFP and sales call from now on I will be asking you whether you support this standard.
-
I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/
-
I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/
-
I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/
-
I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/
-
I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/
-
The Open Cybersecurity Schema Framework (OCSF) project, led by Amazon Web Services and Splunk, launches to help organizations more effectively deal with cyberattacks https://www.fosslife.org/open-cybersecurity-schema-framework-launched #security #tools #OCSF #OpenSource #AWS #Splunk #Cloudflare #CrowdStrike #SalesForce #TrendMicro
-
The Open Cybersecurity Schema Framework (OCSF) project, led by Amazon Web Services and Splunk, launches to help organizations more effectively deal with cyberattacks https://www.fosslife.org/open-cybersecurity-schema-framework-launched #security #tools #OCSF #OpenSource #AWS #Splunk #Cloudflare #CrowdStrike #SalesForce #TrendMicro
-
The Open Cybersecurity Schema Framework (OCSF) project, led by Amazon Web Services and Splunk, launches to help organizations more effectively deal with cyberattacks https://www.fosslife.org/open-cybersecurity-schema-framework-launched #security #tools #OCSF #OpenSource #AWS #Splunk #Cloudflare #CrowdStrike #SalesForce #TrendMicro