Instagram Linkedin Twitter Youtube
Search
  • Home
  • Pentesting Tools
  • Vulnerability Analysis
  • Information Gathering
  • Web Application Security
  • Forensics
  • Malware
  • OSINT
Instagram Linkedin Twitter Youtube
Kali Linux Tutorials Kali Linux Tutorials
Advertisement
Kali Linux Tutorials Kali Linux Tutorials
Home Kali Linux OSSEM : Open Source Security Events Metadata
  • Kali Linux

OSSEM : Open Source Security Events Metadata

By
R K
-
April 13, 2020
OSSEM : Open Source Security Events Metadata

The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems.

Security events are documented in a dictionary format and can be used as a reference for projects like the ThreatHunter-Playbook while mapping data sources to data analytics used to validate the detection of adversarial techniques.

In addition, the project provides a common information model (CIM) that can be used for data engineers during data normalization procedures to allow security analysts to query and analyze data across diverse data sources.

Finally, the project also provides documentation about the structure and relationships identified in specific data sources to facilitate the development of data analytics.

Goals

  • Define and share a common information model in order to improve the data standardization and transformation of security event logs
  • Define and share data structures and relationships identified in security events logs
  • Provide detailed information in a dictionary format about several security event logs to the community
  • Learn more about security event logs (Windows, Linux & MacOS)
  • Have fun and think more about the data structure in your SIEM when it comes down to detection!!

Project Structure

There are four main folders:

  • Common Information Model (CIM):
    • Facilitates the normalization of data sets by providing a standard way to parse security event logs
    • It is organized by specific entities associated with event logs and defined in more details by Data Dictionaries
    • The definitions of each entity and its respective field names are mostly general descriptions that could help and expedite event logs parsing procedures.
  • Data Dictionaries:
    • Contains specific information about several security event logs organized by operating system and their respective data sets
    • Each dictionary describes a single event log and its corresponding event field names
    • The difference between the Common Information Model folder and the data dictionaries is that in the CIM the field definitions are more general whereas in a data dictionary, each field name definition is unique to the specific event log.
  • Detection Data Model:
    • Focuses on defining the required data in form of data objects and the relationships among each other needed to facilitate the creation of data analytics and validate the detection of adversary techniques
    • This is inspired by the awesome work of MITRE with their project CAR Analytics
    • The information needed for each data object is pulled from the entities defined in the Common Information Model
  • ATTACK Data Sources:
    • Focuses on the documentation of data sources suggested or associated with techniques defined in the Enterprise Matrix
    • In addition, here is where data sources will be mapped with specific data objects defined in the Detection Data Model part of the project with the main goal of creating a link between techniques, data sources and data analytics

Current Status: Alpha

The project is currently in an alpha stage, which means that the content is still changing. We welcome any feedback and suggestions to improve the project.

Projects Using OSSEM

  • HELK currently updating its pipeline configs

Credit: @Cyb3rWard0g

Download

Related

  • TAGS
  • Metadata
  • Open Source
  • OSSEM
Facebook
Twitter
Pinterest
WhatsApp
    Previous articleAngrgDB : Use Angr Inside GDB
    Next articleDNSteal : DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
    R K
    R K

    RELATED ARTICLESMORE FROM AUTHOR

    file command
    Kali Linux

     The file Command – Quickly Identify File Contents in Linux

    touch command
    Kali Linux

    How to Use the touch Command in Linux

    find command
    Kali Linux

    How to Search Files and Folders in Linux Using the find Command

    MCP

    Understanding the Model Context Protocol (MCP) and How It Works

    0xSnow - October 1, 2025 0
    Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open standard that enables AI applications, such as large language models,...
    file command

     The file Command – Quickly Identify File Contents in Linux

    0xSnow - October 1, 2025 0
    While file extensions in Linux are optional and often misleading, the file command helps decode what a file truly is. This powerful utility analyzes the actual...
    touch command

    How to Use the touch Command in Linux

    0xSnow - October 1, 2025 0
    The touch command is one of the quickest ways to create new empty files or update timestamps for existing files in Linux. It’s widely used by...
    find command

    How to Search Files and Folders in Linux Using the find Command

    0xSnow - October 1, 2025 0
    Handling large numbers of files is routine for Linux users, and that’s where the find command shines. It’s a dynamic tool that helps you search for...
    mv command

    How to Move and Rename Files in Linux with the mv Command

    0xSnow - October 1, 2025 0
    Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy to relocate or rename items without hassle. Whether organizing...
    KALI LINUX TUTORIALS
    Contact us: admin@kalilinuxtutorials.com
    Instagram Linkedin Twitter Youtube

    EVEN MORE NEWS

    MCP

    Understanding the Model Context Protocol (MCP) and How It Works

    October 1, 2025
    file command

     The file Command – Quickly Identify File Contents in Linux

    October 1, 2025
    touch command

    How to Use the touch Command in Linux

    October 1, 2025

    POPULAR CATEGORY

    • Kali Linux2943
    • Cyber security912
    • Hacking Tools300
    • Pentesting Tools197
    • Exploitation Tools144
    • TECH135
    • Vulnerability Analysis116
    • Privacy Policy
    • About
    • Contact US
    © Kalilinuxtutorials.com 2025
    MORE STORIES

    SocialFish To Easily And Quickly Create Phishing Sites

    June 4, 2018

    Top 5 DDoS Attacking Tools For Linux,Windows & Android

    February 19, 2019

    EvilnoVNC – Ready To Go Phishing Platform

    October 14, 2022