Skip to content

Santiago-Labs/go-ocsf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
clients/snyk
clients/snyk
 
 
datastore
datastore
 
 
ocsf
ocsf
 
 
syncers
syncers
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation


Santiago-Labs/go-ocsf

Convert data from any of your security tools to OCSF. Developed by Telophase.

CI Go Report Card Go Reference License

go-ocsf is a Go library and CLI tool for converting security findings and events from your security tools (e.g., Snyk) into the Open Cybersecurity Schema Framework (OCSF) format, with output options in JSON or Parquet formats. Data can be stored locally or seamlessly uploaded to AWS S3.

Features

  • 🚀 Converts security event data into OCSF-compliant format
  • 📦 Supports JSON and Parquet output formats
  • ☁️ Direct integration with AWS S3 for cloud storage
  • 🖥️ Use as a CLI tool or Go library

Installation

go get github.com/Santiago-Labs/go-ocsf

Quick Start

Set environment variables required for your data source (e.g., Snyk):

export SNYK_API_KEY="your-snyk-api-key"
export SNYK_ORGANIZATION_ID="your-snyk-org-id"

Run the CLI to convert data and store locally as Parquet:

go run main.go --parquet

Store data directly in AWS S3:

export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
export AWS_REGION="your-aws-region"

go run main.go --parquet --bucket-name="your-s3-bucket-name"

Library Usage

You can embed the functionality directly in your Go code:

package main

import (
	"context"
	"log"
	"os"

	"github.com/Santiago-Labs/go-ocsf/clients/snyk"
	"github.com/Santiago-Labs/go-ocsf/datastore"
	"github.com/Santiago-Labs/go-ocsf/syncers"
)

func main() {
	ctx := context.Background()

	snykClient, err := snyk.NewClient(ctx, os.Getenv("SNYK_API_KEY"), os.Getenv("SNYK_ORGANIZATION_ID"))
	if err != nil {
		log.Fatal(err)
	}

	storage, err := datastore.NewLocalParquetDatastore()
	if err != nil {
		log.Fatal(err)
	}

	syncer, err := syncers.NewSnykOCSFSyncer(ctx, snykClient, storage)
	if err != nil {
		log.Fatal(err)
	}

	if err := syncer.Sync(ctx); err != nil {
		log.Fatal(err)
	}
}

Supported Integrations

  • Snyk
  • AWS Inspector (coming soon)
  • AWS GuardDuty (coming soon)
  • Crowdstrike Falcon (coming soon)
  • Google Workspace Logs (coming soon)
  • Tenable (coming soon)
  • AWS CloudTrail (coming soon)

Contributing

We welcome contributions to improve or expand functionality.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/my-feature)
  3. Commit your changes (git commit -am 'Add my feature')
  4. Push to your branch (git push origin feature/my-feature)
  5. Open a pull request

License

go-ocsf is licensed under the AGPL-3.0 License.

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

12 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages