/OSSEM

Open Source Security Events Metadata (OSSEM)

Primary LanguagePython

OSSEM

Open Source Love Open_Threat_Research Community Twitter

The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference while mapping data sources to data analytics used to validate the detection of adversarial techniques. In addition, the project provides a common data model (CDM) that can be used for data engineers during data normalization procedures to allow security analysts to query and analyze data across diverse data sources. Finally, the project also provides documentation about the structure and relationships identified in specific data sources to facilitate the development of data analytics.

Goals

  • Define and share a common data moel in order to improve the data standardization and transformation of security event logs
  • Define and share data structures and relationships identified in security events logs
  • Provide detailed information in a dictionary format about several security event logs to the community
  • Learn more about security event logs (Windows, Linux, MacOS, Azure, AWS, etc)
  • Have fun and think more about the data structure in your SIEM when it comes down to detection!!

Project Structure

There are three main folders:

Author

Current Committers

Projects Using OSSEM

Resources