Can this skill help with specific OCSF schema lookups?

Yes, it can spawn a specialized subagent to fetch OCSF schema documentation for event classes, objects, attributes, and profiles.

How does this skill handle validation?

It implements a testing phase using the ocsf::cast operator, which validates the output against the OCSF schema and emits warnings on any mismatches.

What is the primary goal of the mapping-to-ocsf skill?

The goal is to guide users through adding OCSF (Open Cybersecurity Schema Framework) mapping to a Tenzir TQL parsing pipeline to ensure security events are normalized and compliant.

Do I need an existing Tenzir parser to use this skill?

The skill includes a preliminary phase to check for an existing parser; if one doesn't exist, it will guide you through creating one first.

OCSF Mapping for Tenzir

Name: OCSF Mapping for Tenzir
Author: tenzir

bytenzir

•

安全与测试

Normalizes security events to the Open Cybersecurity Schema Framework (OCSF) within Tenzir TQL pipelines.

关于

This skill provides a guided, multi-phase workflow for security engineers to map raw log data to the OCSF standard using Tenzir's TQL. It automates the process of identifying appropriate OCSF event classes, selecting relevant profiles (like Host or OSINT), and generating structured mapping operators. By integrating validation via the ocsf::cast operator and automated testing, it ensures that cybersecurity data is normalized, compliant, and ready for cross-platform interoperability within the Tenzir ecosystem.

主要功能

Guided OCSF target analysis and event class identification
Structured mapping operator generation using industry-standard templates
Automated schema validation and compliance testing
Integrated changelog management via the tenzir-ship framework
3 GitHub stars
Support for specialized OCSF profiles including Host, OSINT, and Network Proxy

使用场景

Converting proprietary firewall or EDR logs into normalized OCSF events
Validating existing Tenzir parsing pipelines for OCSF compliance
Standardizing disparate security data sources for unified cross-tool analytics

关于

主要功能

Guided OCSF target analysis and event class identification
Structured mapping operator generation using industry-standard templates
Automated schema validation and compliance testing
Integrated changelog management via the tenzir-ship framework
3 GitHub stars
Support for specialized OCSF profiles including Host, OSINT, and Network Proxy

使用场景

Converting proprietary firewall or EDR logs into normalized OCSF events
Validating existing Tenzir parsing pipelines for OCSF compliance
Standardizing disparate security data sources for unified cross-tool analytics