banner Expire 25 October 2025
adv exp at 30 July 2025
banner Expire 10 February 2026
Ad End 1 November 2025
ad End 5 May 2025
ad End 25 October 2025
Ad End 4 April 2026
Menu
What's new
By:
Filters
UniCvv
banner Expire 20 October 2024
banner Expire 15 January 2025
Money Club cc shop
Wizard's shop 2.0
Ad Ends 13 July 2025
Carding Game
BidenCash Shop
Carding.pw carding forum
Kfc CLub
Yale Lodge
best shop

OSSEM - Open Source Security Events Metadata

Dark_Code_x

Dark_Code_x

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,852
Reaction score
739
Points
212
Awards
2
  • Somebody Likes you
  • First post
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference for projects like the ThreatHunter-Playbook while mapping data sources to data analytics used to validate the detection of adversarial techniques. In addition, the project provides a common information model (CIM) that can be used for data engineers during data normalization procedures to allow security analysts to query and analyze data across diverse data sources. Finally, the project also provides docu mentation about the structure and relationships identified in specific data sources to facilitate the development of data analytics.

Project Structure
There are four main folders:
  • Common Information Model (CIM):
    • Facilitates the normalization of data sets by providing a standard way to parse security event logs
    • It is organized by specific entities associated with event logs and defined in more details by Data Dictionaries
    • The definitions of each entity and its respective field names are mostly general descriptions that could help and expedite event logs parsing procedures.
  • Data Dictionaries:
    • Contains specific information about several security event logs organized by operating system and their respective data sets
    • Each dictionary describes a single event log and its corresponding event field names
    • The difference between the Common Information Model folder and the data dictionaries is that in the CIM the field definitions are more general whereas in a data dictionary, each field name definition is unique to the specific event log.
  • Detection Data Model:
    • Focuses on defining the required data in form of data objects and the relationships among each other needed to facilitate the creation of data analytics and validate the detection of adversary techniques
    • This is inspired by the awesome work of MITRE with their project CAR Analytics
    • The information needed for each data object is pulled from the entities defined in the Common Information Model
  • ATTACK Data Sources:
    • Focuses on the documentation of data sources suggested or associated with techniques defined in the Enterprise Matrix
    • In addition, here is where data sources will be mapped with specific data objects defined in the Detection Data Model part of the project with the main goal of creating a link between techniques, data sources and data analytics
  • Download: https://github.com/hunters-forge/OSSEM
 
You must log in or register to reply here.
Ad End 1 November 2024
Top