Process, Store and Analyze JSON Data with Ultimate Flexibility. Check out the blog and new demo! -->
Process, Store and Analyze JSON Data with Ultimate Flexibility. Check out the blog and new demo! -->
Start Free Trial

ChaosSearch Blog


Collaborative Community Creates New Cybersecurity Approach

Open Cybersecurity Schema Framework


At the Black Hat USA 2022 security conference in Las Vegas last week, Amazon AWS and Splunk who had initially partnered building on the ICD Schema from Symantec, brought 15 other vendors including: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler together to form the Open Cybersecurity Schema Framework (OCSF). This initiative acknowledges the enormous challenge of dealing with data from the wide spectrum of security products in a way that empowers enterprises to be able to protect against and respond to security threats quickly and effectively. “Providing a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion” is the main mission of the initiative.


Collaborative Community Creates New Approach to Cybersecurity


It is great to see collaboration among vendors rising to the challenge presented by the ever-changing world of cybersecurity. At ChaosSearch, we are especially happy to see the schema using JSON and the open collaboration to make systems and data more secure.

And more than that, are excited to see this project evolve, and the OCSF schema make its way into the products of the companies embracing it.

READ: The New Best Way to Index and Query JSON Logs 


OCSF Schema


ChaosSearch has many customers creating and realizing the benefits of operational and security data lakes for monitoring and alerting on security, application, Kubernetes, infrastructure logs, CloudWatch, CloudTrail, VPC FLow Logs, Splunk, Cloudflare, Fastly, Signal Sciences, Okta, Auth0, etc. Our customers utilize standard log shippers like Fluentd/Fluent Bit, Logstash/Beats, Kinesis Firehose, and tools like Cribl to ship data to AWS cloud object storage (AWS S3 or Google Cloud Storage). Once data is in cloud object storage, ChaosSearch’s patented indexing technology provides disruptive price/performance directly out of a customer’s S3 (or GCS) bucket. Any log, csv, or JSON data (like the OCSF schema or even JSON that is not as well architected or has complex JSON nesting), is a great fit for ChaosSearch.

For information on the OCSF project, visit


Learn More About ChaosSearch and Start a Free Trial


Additional Resources

Read the Blog: The Importance of Cloud Performance and Security Platforms

Watch the Demo: Unlock JSON Files for Analytics at Scale in ChaosSearch

Read the Blog: Going Beyond CloudWatch: 5 Steps to Better Log Analytics & Analysis

About the Author, Dave Armlin

Dave Armlin is the VP Customer Success of ChaosSearch. In this role, he works closely with new customers to ensure successful deployments, as well as with established customers to help streamline integrating new workloads into the ChaosSearch platform. Dave has extensive experience in big data and customer success from prior roles at Hubspot, Deep Information Sciences, Verizon, and more. Dave loves technology and balances his addiction to coffee with quality time with his wife, daughter, and son as they attack whatever sport is in season. He holds a Bachelor of Science in Computer Science from Northeastern University. More posts by Dave Armlin