Skip to content

OCSF Schema Support #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
frenchy64 merged 5 commits into from
Jan 23, 2025
Merged

OCSF Schema Support #55

frenchy64 merged 5 commits into from
Jan 23, 2025

Conversation

@frenchy64
Copy link
Contributor

@frenchy64 frenchy64 commented Dec 24, 2024
edited
Loading

Includes support for OCSF schemas.

OCSF exposes a simple format for schemas at e.g., https://schema.ocsf.io/api/classes/account_change

flanders.ocsf converts this format to flanders.

A separate project includes all the OCSF schemas, which we depend on via its jar during dev: https://github.com/frenchy64/ocsf-schema-export

We don't need the mainline OCSF schemas for now, we will vendor the Cisco variants during deployments.

The README in this PR describes how to use all this to create Plumatic Schema or Malli from OCSF schemas.

The unit tests boots a local ocsf-server and fuzz tests Plumatic Schema and Malli conversions against samples from https://schema.ocsf.io/doc/index.html#/Sample%20Data

@frenchy64 frenchy64 changed the title Ocsf schema2 OCSF Schema Support Dec 24, 2024
@frenchy64 frenchy64 marked this pull request as ready for review December 24, 2024 06:53
@frenchy64 frenchy64 self-assigned this Dec 24, 2024
marioaquino
marioaquino reviewed Dec 27, 2024
View reviewed changes
deps.edn
org.clojure/core.match {:mvn/version "1.0.0"}
prismatic/schema {:mvn/version "1.4.1"}}
:aliases {:test {:extra-paths ["test"]
prismatic/schema {:mvn/version "1.2.0"}
Copy link

@marioaquino marioaquino Dec 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the downgrade on the schema version?

Copy link
Contributor Author

@frenchy64 frenchy64 Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC the project.clj and deps.edn were out of sync. Since we use the jar, I figured the project.clj wins.

@marioaquino
Copy link

marioaquino commented Dec 27, 2024

This is brilliant!! Exactly what I needed!

marioaquino
marioaquino reviewed Jan 6, 2025
View reviewed changes
@marioaquino
Copy link

marioaquino commented Jan 6, 2025

I was testing out the work on this PR and I get a strange error that I'm scratching my head on. I created a gist describing my findings...

@frenchy64
Copy link
Contributor Author

frenchy64 commented Jan 6, 2025

@marioaquino thanks. Looks like the Cisco schema uses a vector of singleton maps for "attributes" (rather than just a map). I will add support for that.

@frenchy64
Copy link
Contributor Author

frenchy64 commented Jan 6, 2025

Done. I didn't realize Cisco OCSF schemas were different. Might make sense to export them to https://github.com/frenchy64/ocsf-schema-export.

marioaquino
marioaquino approved these changes Jan 7, 2025
View reviewed changes
Copy link

@marioaquino marioaquino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fantastic and does exactly what I need! Great work, Ambrose!

@gbuisson
Copy link

gbuisson commented Jan 23, 2025

Fantastic Ambrose! Let's get this merged and released.

@frenchy64 frenchy64 merged commit bc598b3 into master Jan 23, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marioaquino marioaquino marioaquino approved these changes

Assignees

@frenchy64 frenchy64

Labels

review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@frenchy64 @marioaquino @gbuisson