Andrea Cosentino created CAMEL-22903:
----------------------------------------
Summary: Add OCSF (Open Cybersecurity Schema Framework) DataFormat
component
Key: CAMEL-22903
URL: https://issues.apache.org/jira/browse/CAMEL-22903
Project: Camel
Issue Type: New Feature
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.18.0
This feature adds a new DataFormat component for marshalling and unmarshalling
security events following the [Open Cybersecurity Schema Framework
(OCSF)|https://schema.ocsf.io/] specification.
OCSF is an open-source standard for cybersecurity event logging and data
normalization. It provides a vendor-neutral schema for security events,
enabling interoperability between different security tools and platforms. Major
cloud providers like AWS (Security Hub, Security Lake) now output findings in
OCSF format.
- Marshal/Unmarshal OCSF Events - Convert between Java POJOs and JSON following
OCSF 1.7.0 specification
- Type-safe Event Classes - Generated POJOs for 34 OCSF event classes and 68
object types
- Jackson-based - Uses Jackson for JSON processing with configurable options
- Schema Validation - Optional validation against OCSF schema during
unmarshalling
Details:
- Java POJOs are generated from JSON Schema files using jsonschema2pojo Maven
plugin
- A Python script ({{generate-ocsf-schemas.py}}) is provided to regenerate
schemas from official OCSF specification for future version updates
- Generated classes are placed in {{src/generated/java}} following Camel
conventions
- Schemas use file-based {{$ref}} references and {{allOf}} pattern for
inheritance
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
