{"library":"ocsf-lib","title":"OCSF Library","description":"A Python library for working with the Open Cybersecurity Schema Framework (OCSF) JSON schema. It provides tools for validating OCSF events, loading schemas, and managing OCSF extensions. The current version is 0.10.4, and it has an active, though irregular, release cadence with significant updates between minor versions.","language":"python","status":"active","last_verified":"Fri Apr 17","install":{"commands":["pip install ocsf-lib"],"cli":null},"imports":["from ocsf_lib.schema import OCSFSchema","from ocsf_lib.events import OCSFEvent","from ocsf_lib.extensions import OCSFExtension","from ocsf_lib.exceptions import OCSFError"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"from ocsf_lib.schema import OCSFSchema\nfrom jsonschema import ValidationError\nimport json\n\n# An example minimal OCSF event (Process Activity Create)\n# This example is simplified; real OCSF events are more complex and follow specific OCSF types.\nexample_event = {\n    \"activity_id\": 1,\n    \"activity_name\": \"Create\",\n    \"category_uid\": 1,\n    \"category_name\": \"Audit Activity\",\n    \"class_uid\": 1001,\n    \"class_name\": \"Process Activity\",\n    \"metadata\": {\n        \"product\": {\n            \"name\": \"MyApplication\",\n            \"vendor_name\": \"MyVendor\",\n            \"version\": \"1.0.0\"\n        },\n        \"version\": \"1.0.0-rc.3\" # OCSF Schema version this event conforms to\n    },\n    \"severity_id\": 1,\n    \"severity\": \"Informational\",\n    \"start_time\": \"2023-10-27T10:00:00Z\",\n    \"time\": \"2023-10-27T10:00:00Z\",\n    \"type_uid\": 100101,\n    \"type_name\": \"Process Activity: Create\",\n    \"process\": {\n        \"pid\": 1234,\n        \"name\": \"example_process\",\n        \"command_line\": \"/usr/bin/example --flag\"\n    }\n}\n\ntry:\n    # 1. Load the OCSF schema\n    # By default, it loads the latest recommended version. \n    # You can specify a version, e.g., OCSFSchema(version=\"1.0.0-rc.3\")\n    schema = OCSFSchema()\n    print(f\"Successfully loaded OCSF Schema version: {schema.version}\")\n\n    # 2. Validate an OCSF event against the loaded schema\n    print(f\"\\nAttempting to validate event:\\n{json.dumps(example_event, indent=2)}\")\n    schema.validate(example_event)\n    print(\"\\nSUCCESS: The example event is valid according to the OCSF schema.\")\n\nexcept ValidationError as e:\n    print(f\"\\nVALIDATION ERROR: The event is NOT valid.\")\n    print(f\"  Message: {e.message}\")\n    print(f\"  Path: {list(e.path)}\")\n    print(f\"  Validator: {e.validator} (value: {e.validator_value})\")\nexcept Exception as e:\n    print(f\"\\nAn unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to load the OCSF schema and validate an example OCSF event against it. It highlights the primary use case of the `ocsf-lib` for ensuring OCSF event compliance.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}