惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
B
Blog RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
博客园 - Franky
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Last Week in AI
Last Week in AI
NISL@THU
NISL@THU
T
Tailwind CSS Blog
博客园 - 【当耐特】
P
Privacy International News Feed
I
InfoQ
L
LINUX DO - 热门话题
H
Help Net Security
博客园 - 叶小钗
aimingoo的专栏
aimingoo的专栏
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Forbes - Security
Forbes - Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
T
Troy Hunt's Blog
Spread Privacy
Spread Privacy
V
V2EX
Cloudbric
Cloudbric
Security Latest
Security Latest
H
Heimdal Security Blog
S
Securelist
I
Intezer
F
Full Disclosure
V2EX - 技术
V2EX - 技术
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
Security Archives - TechRepublic
Security Archives - TechRepublic
L
Lohrmann on Cybersecurity
S
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Securing customer logins with breach intelligence Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Normalize any logs for Cloud SIEM with Datadog's OCSF processor
2025-12-30 · via Datadog | The Monitor blog
Vera Chan

Vera Chan

Eitan Moriano

Eitan Moriano

JC Mackin

JC Mackin

Security teams need visibility across every system they defend, including cloud platforms, SaaS applications, security controls, identity providers, and custom services. But those systems all produce logs in different formats, with inconsistent field names and structures. That lack of standardization makes it harder to correlate events, write reusable detections, and investigate incidents quickly.

Datadog Cloud SIEM already helps address this challenge by basing its default common data model on the Open Cybersecurity Schema Framework (OCSF), an open standard for normalizing security telemetry. Recently, we also announced prebuilt OCSF normalization pipelines for common sources like AWS CloudTrail, Okta, and GitHub. Since that announcement, our OCSF coverage has expanded to include more sources, spanning network, endpoint, device, collaboration, and more. These supported OCSF pipelines help analysts see consistent, standardized events in Datadog Cloud SIEM right out of the box.

Now, we’re extending OCSF normalization to any log source. Datadog’s new OCSF processor gives you full self-service control over normalization so that you can bring any log data, map it to OCSF, and analyze it in Datadog Cloud SIEM alongside your other security telemetry.

Bring any logs into a common security language

As environments grow more complex, security teams increasingly rely on internal applications, niche SaaS tools, or partner integrations that don’t necessarily come with predefined OCSF mappings. Datadog’s OCSF processor lets teams close those gaps by mapping any log source to OCSF, without requiring any custom engineering work.

Built into Datadog Log Management pipelines, the OCSF processor allows teams to normalize logs into a specific OCSF event class, such as authentication or detection activity. It offers a guided experience to help you normalize logs and ensure that mappings align with the OCSF schema, so normalized events are consistent, accurate, and ready for downstream analysis in Cloud SIEM.

Once processed, custom logs look and behave like native Datadog OCSF events, making them immediately usable for detections, dashboards, and investigations. The post-processor then automatically applies OCSF semantics, enriching events with standard classification fields, and constructing the observables array. As a result, custom data benefits from the same processing, enrichment, and analytics as all other logs and events in the system.

Creating an OCSF processor with specified attribute mappings.

Standardize detections and investigations across multiple data sources

By providing a standard data format for all log sources, OCSF normalization helps teams handle ingestion and analytics at scale. When events share a common schema, security teams can write detection rules once and apply them across multiple sources, reducing the operational overhead and maintenance required for source-specific logic.

For example, with Datadog’s OCSF processor, fields like user.uid, src_endpoint.ip, and activity metadata are consistently populated. This normalization of log data allows analysts to easily correlate related activity across cloud, identity, and custom systems. The result is faster triage, clearer context, and fewer blind spots caused by inconsistent log formats.

Support a flexible, open SIEM operating model

The OCSF processor is part of Datadog’s broader approach to a modern SIEM operating model, one built on flexibility, openness, and customer control. By aligning Cloud SIEM with open standards like OCSF, Datadog helps security teams unify their data around a transparent, extensible schema that works across tools, teams, and environments.

Datadog’s OCSF processor gives teams the flexibility to decide what data to collect, how to normalize it, and where to route it—whether the destination is Cloud SIEM, a long-term archive, or an external data lake. This open approach helps teams reduce schema lock-in, simplify SIEM migrations, and apply analytics and detections consistently as their environments evolve.

Normalize everything without compromise

With its new OCSF processor, Datadog Cloud SIEM extends normalization beyond prebuilt integrations, giving security teams a practical way to bring any log source into a shared security data model without needing to rely on external tools. By making OCSF normalization self-service and consistent, teams can scale as their environments evolve, onboard new data sources with less effort, and reduce operational complexity.

To learn more, view our latest prebuilt OCSF pipelines, or get started with our documentation to create a log pipeline and configure the OCSF processor for your needs. And if you’re not yet a Datadog customer, sign up for a 14-day free trial.