Overview

AlphaSOC maps source events to their Open Cybersecurity Schema Framework (OCSF) representations. These mappings are utilized in AlphaSOC Sigma rules, allowing you to write source agnostic detections that work across different log formats and platforms.

This documentation lists all OCSF fields that might be available to use in Sigma rules.