- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
OCSF Emerges as Industry Standard for Cybersecurity Data Sharing
The open-source framework helps security teams normalize data from different tools to improve threat detection and investigation.
Apr. 4, 2026 at 6:06pm by Ben Kaplan
Got story updates? Submit your updates here. ›
The Open Cybersecurity Schema Framework (OCSF) is gaining traction as a vendor-neutral standard for representing security events, findings, objects, and context. By providing a common structure for security data, OCSF helps security teams spend less time rewriting field names and custom parsers, and more time correlating detections, running analytics, and building workflows across products. The project has grown rapidly over the past two years, with over 900 contributors from more than 200 organizations, and is now being widely adopted across the security industry.
Why it matters
In a market where security teams have to stitch together data from a variety of sources, including endpoint, identity, cloud, SaaS, and AI telemetry, a common data framework like OCSF is crucial. It allows for better correlation of security events, more effective threat detection and investigation, and the ability to build workflows that can work across multiple security products.
The details
OCSF is an open-source framework that provides a vendor-neutral way to represent security data. It helps vendors map their own schemas into a common model, and assists customers in moving data through lakes, pipelines, and security tools without requiring time-consuming translation at every step. The project has seen particularly rapid growth over the past two years, expanding from 17 initial companies to a community of over 200 organizations and 900 contributors. OCSF is now being widely adopted across the security industry, with support from major vendors like AWS, Splunk, Palo Alto Networks, and CrowdStrike.
- OCSF was announced in August 2022 by Amazon AWS and Splunk.
- In August 2024, AWS said OCSF had expanded from a 17-company initiative into a community with more than 200 participating organizations and 800 contributors.
- OCSF joined the Linux Foundation in November 2024.
The players
Amazon AWS
One of the founding organizations behind OCSF, which has integrated the framework into its security products and services.
Splunk
Another founding organization of OCSF, which has integrated the framework into its security tools and data processing pipelines.
Linux Foundation
The non-profit organization that OCSF joined in November 2024, providing governance and support for the project.
What’s next
As AI systems become more prevalent in the security landscape, OCSF is expected to play an increasingly important role in helping security teams understand and investigate the actions of these AI assistants. Upcoming versions of OCSF are planned to provide more detailed telemetry and context around AI-driven security events.
The takeaway
OCSF has emerged as a critical standard for the security industry, enabling better data sharing, threat detection, and workflow automation across a wide range of security products and services. Its rapid growth and adoption highlights the industry's need for a common language to make sense of the increasingly complex security landscape.
San Francisco top stories
San Francisco events
Apr. 5, 2026
Golden State Warriors vs. Houston Rockets
Apr. 5, 2026
An Evening With KUN