Support for OCSF (Open Cyber Security Format) for GitLab SECURITY FINDINGS Streaming

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

GitLab Audit Event Streaming supports OCSF (Open Cyber Security Format) for sending audit events to a vast array of industry SEIMs and Security Lake products. AWS Security Lake is supported.

Problem to solve

Security industry vendors are helping create an open standard to ease the interoperability of security information so that customers can experience easy integration across vendors for the critical area of Security Event and Incident Management (SEIM). This standard is OCSF (Open Cyber Security Format)

The standard also supports exchanging findings records.

Some companies that are currently working to support this standard include: AWS, Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Splunk, Sumo Logic, Tanium, Trend Micro, and Zscaler.

Company list refs:

• https://www.rapid7.com/blog/post/2022/08/10/ocsf-working-together-to-standardize-data/
• https://www.forbes.com/sites/tonybradley/2022/08/10/coalition-of-cybersecurity-leaders-launch-open-cybersecurity-schema-framework-ocsf/?sh=7a6381c21f7d
• https://techcrunch.com/2022/08/10/group-of-security-companies-launches-open-source-project-to-ease-data-sharing/

Proposal

Create easy to use (or even default) compatibility with this standard.

If the OCSF schema cannot be made to be the primary audit events streaming format it should be a single configuration change to select it from available options.

Intended users

• Cameron (Compliance Manager)

• Parker (Product Manager)

• Priyanka (Platform Engineer)

• Sam (Security Analyst)

• Alex (Security Operations Engineer)

• Allison (Application Ops)

• Ingrid (Infrastructure Operator) -->

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.