With the introduction of Open Cybersecurity Schema Framework (OCSF), indexing data in this format into OpenSearch can present challenges with data preparation. The intent of OCSF is to provide a common schema across multiple security tools and processes so that correlating events across security tools and data producers has a common language for security event detection and analysis. OCSF focuses on the security vertical and is optimized for challenges found when correlating security events. When coupled with OpenSearch, you have a valuable tool for bad actor detection and incidence response.
