Skip to main content

OCSF Mapping App Introduction

What is the OCSF Mapping App?

The OCSF Mapping App is a powerful tool designed to help security teams efficiently transform raw security logs into the Open Cybersecurity Schema Framework (OCSF) format. By leveraging AI capabilities, the app significantly reduces the time and complexity involved in mapping diverse log sources to this standardized schema.

Architecture Overview

The OCSF Mapping App and ZephFlow create a complete solution for security log normalization. The OCSF Mapping App provides an AI-assisted interface where security engineers can develop mapping configurations that transform raw logs into standardized OCSF format. These configurations are portable and can be exported as standard files.

ZephFlow is Fleak's execution engine that applies these mapping configurations to live log streams. Similar to data processing platforms like Apache Flink or Cribl Stream, ZephFlow acts as the runtime that processes high-volume log data using the transformation rules you've created.

OCSF Mapping App Architecture

The key advantage of this approach is flexibility - you maintain full control over your mapping logic and can choose where to deploy it. The configuration files generated by the OCSF Mapping App work directly with ZephFlow without modification, creating a seamless workflow from development to production.

Getting Started

To get started with the OCSF Mapping App, you can:

  1. Start from a Template (Recommended for First-Time Users)
  2. Create a Mapping from Scratch
  3. Import Existing Mappings

Setting Up Your First Project

Begin by logging into the app at https://app.ocsf.fleak.ai/. The dashboard displays your existing projects and allows you to create new ones by clicking the "New Project" button in the top-right corner.

Projects Dashboard

Each project serves as a container for multiple mapping configurations. This organization helps you manage mappings for different log types or systems in a structured way.

Creating a New Project

Create New Project Dialog

When creating a new project:

  1. Enter a descriptive project name
  2. Optionally add a description to provide context about the project's purpose
  3. Click "Create Project" to proceed

Understanding Projects and Mappings

A project contains multiple mappings, with each mapping designed for one specific type of log format. It's important to ensure that all sample logs within a single mapping share the same format structure.