Hello has anyone mapped osquery Schema to

Question

Hello has anyone mapped osquery Schema to <https schema ocsf io |OCSF> yet If not are there plans to do so

seph · Answer

Quickly looking at that I m not sure there s a direct mapping osquery tables can be used to construct queries that would meet those categories <https github com teoseller osquery attck> is similar work

Zachary Schmerber · Answer

I was thinking configuration state would be a good mapping <https schema ocsf io classes config state extensions=>

Zachary Schmerber · Answer

< seph> Also OCSF is an open framework If you think osquery could use its own class in the framework feel free to let me know or join the party I am on the weekly meeting for OCSF and we welcome new members

Josh Langner · Answer

Curious < Zachary Schmerber> who is behind OCSF

Zachary Schmerber · Answer

< Josh Langner> AWS Splunk IBM CrowdStrike Brodcom and about 60 others people wise leading the charge

Josh Langner · Answer

Oh interesting I d heard of it when it was announced I missed the announcement on Amazon s Security Lake Thanks for sharing

Zachary Schmerber · Answer

I think RC3 final non breaking change version will be published by May 31 This is when things will heat up on the adoption side

Zachary Schmerber · Answer

AWS is already using RC2 but they have good Schema version controls that allow for easy migration

seph · Answer

I do not personally have the bandwidth to under and OCSF or guess whether osquery should fit But I d encourage interested individuals to come to office hours and do what they think makes sense