Skip to content

Santiago-Labs/go-ocsf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.github/workflows
.github/workflows
 
 
clients
clients
 
 
datastore
datastore
 
 
ocsf
ocsf
 
 
scripts
scripts
 
 
syncers
syncers
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation


Santiago-Labs/go-ocsf

Convert data from any of your security tools to OCSF. Developed by Telophase.

CI Go Report Card Go Reference License

go-ocsf is a Go library and CLI tool for converting security findings and events from your security tools (e.g., Snyk) into the Open Cybersecurity Schema Framework (OCSF) format, with output options in JSON or Parquet formats. Data can be stored locally or seamlessly uploaded to AWS S3.

Just plug in your API keys, and you're ready to go.

Features

  • πŸ”‘ Pre-built integrations with security tools.
  • πŸš€ Converts data from your security tools into OCSF-compliant format.
  • πŸ“¦ Output in JSON and Parquet formats.
  • ☁️ Direct integration with AWS S3 for cloud storage.
  • πŸ–₯️ Use as a CLI tool or Go library.

Installation

go get github.com/Santiago-Labs/go-ocsf

Quick Start

Set environment variables required for your data source (e.g., Snyk):

export SNYK_API_KEY="your-snyk-api-key"
export SNYK_ORGANIZATION_ID="your-snyk-org-id"

Run the CLI to convert data and store locally as Parquet:

go run main.go --parquet

Store data directly in AWS S3:

export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
export AWS_REGION="your-aws-region"

go run main.go --parquet --bucket-name="your-s3-bucket-name"

Library Usage

You can embed the functionality directly in your Go code:

package main

import (
	"context"
	"log"
	"os"

	"github.com/Santiago-Labs/go-ocsf/clients/snyk"
	"github.com/Santiago-Labs/go-ocsf/datastore"
	"github.com/Santiago-Labs/go-ocsf/syncers"
)

func main() {
	ctx := context.Background()

	snykClient, err := snyk.NewClient(ctx, os.Getenv("SNYK_API_KEY"), os.Getenv("SNYK_ORGANIZATION_ID"))
	if err != nil {
		log.Fatal(err)
	}

	storage, err := datastore.NewLocalParquetDatastore()
	if err != nil {
		log.Fatal(err)
	}

	syncer, err := syncers.NewSnykOCSFSyncer(ctx, snykClient, storage)
	if err != nil {
		log.Fatal(err)
	}

	if err := syncer.Sync(ctx); err != nil {
		log.Fatal(err)
	}
}

Supported Integrations

  • Snyk
  • AWS Inspector
  • Tenable
  • AWS GuardDuty (coming soon) – AWS Security Hub (coming soon)
  • Crowdstrike Spotlight (coming soon)
  • Google Workspace Logs (coming soon)
  • AWS CloudTrail (coming soon)

Contributing

We welcome contributions to improve or expand functionality.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/my-feature)
  3. Commit your changes (git commit -am 'Add my feature')
  4. Push to your branch (git push origin feature/my-feature)
  5. Open a pull request

License

go-ocsf is licensed under the MIT License.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

66 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 3

Languages