The AWS extension for the Open Cybersecurity Schema Framework (OCSF). This extension adds AWS-specific event classes, objects, attributes, and profiles to the core OCSF schema, enabling richer representation of security events in AWS environments.
This extension is registered in the OCSF Extensions Registry.
This extension is compiled together with the core ocsf-schema using the ocsf-schema-compiler.
pip install ocsf-schema-compiler
# Clone the core schema if you haven't already
git clone https://github.com/ocsf/ocsf-schema.git
# Compile with the AWS extension
ocsf-schema-compiler path/to/ocsf-schema -e path/to/aws -aThe -a flag allows attribute shadowing, which is required for this extension.
A GitHub Actions workflow validates that the extension compiles successfully on every push and pull request to main. It checks out both this extension and the core schema, then runs the compiler to catch issues early.
We welcome contributions! Please refer to the core OCSF Contribution Guide for detailed guidelines.
Licensed under the Apache License 2.0.
Resources: