Problem statement (Why?)

The Open Cybersecurity Schema Framework (OCSF) is a collaborative, open-source effort by AWS and leading partners in the cybersecurity industry. It addresses the long-standing challenge of sharing data across various security tools. Traditionally, the security space has been fragmented due to interoperability issues and data normalization challenges. This has posed a significant hurdle for organizations using multiple security applications, requiring constant integration and maintenance efforts. However, with OCSF, a vendor-agnostic core security schema is now available, enabling a common approach to data sharing among different tools.

OCSF provides a standard schema for common security events, defines versioning criteria to facilitate schema evolution, and includes a self-governance process for security log producers and consumers. The OCSF schema provides logs in a standardized format compatible with log processors, providing a predictable and extensible solution that works seamlessly with industry-standard tools.

MongoDB 8.0.0 introduces a new schema for audit logs, OCSF. It’s available only in Atlas and Enterprise versions. We also want to implement this to remain perceived as MongoDB experts and treat security as a top priority.

Solution (What?)

• Notion page or presentation on what are the tasks to be implemented and estimation of the size

Acceptance criteria

1. Clear understanding of the OCSF schema implementation for the audit log.

References

• https://www.mongodb.com/docs/upcoming/release-notes/8.0/#ocsf-schema-for-log-messages

• https://docs.aws.amazon.com/security-lake/latest/userguide/open-cybersecurity-schema-framework.html

• https://github.com/ocsf/ocsf-docs/blob/main/Understanding%20OCSF.md