CSAF

Common Security Alerting Format

Format definition focusing on unification of alert message format that can be transferred from devices directly to incident response tools/platforms. It is cyber security alerting format, that can be utilized by devices like EDR, SIEM, NGFW, Anitivirus and many other detection and prevention tools to simplify integration and parsing of the alerts received by IRP from other devices. The ultimate goal is to automate the incident response tasks as much as possible and save time while keeping detailed alert information.

CSAF Schema

 

CSAF Description

 

CSAF Examples 

 

 

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.

Přihlásit se k odběru: Příspěvky (Atom)