Standardize on OCSF to run your own detection rules?

Y	Hacker News new \| ask \| show \| jobs

2 points by julian-datable 377 days ago

Anyone adopted OCSF as their canonical logging schema?

Hoping to cut parsing overhead and make detection rule writing easier. Currently mapping 20-odd sources.

Any lessons/red flags you can share?