Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon extension for OCSF

OCSF schemas can be extended by adding new attributes, objects, categories, profiles and event classes. A schema is the aggregation of core schema entities and extensions.

Extensions to OCSF allow a particular vendor or customer to augment an existing schema by adding attributes to provide domain-specific customization, improve data interoperability, and add more detailed context for security analysis.

The Amazon Extension for Open Cybersecurity Schema Framework (OCSF) provides attribute definitions for cloud resources within OCSF events. This extension introduces a new cloud_resources profile that extends the standard OCSF resource_details object with comprehensive cloud-specific resource attributes, enabling security teams to gain deeper insights into resource configurations, potential vulnerabilities, and critical metadata essential for effective threat detection and investigation across cloud environments.

Extended resource_details object

The Amazon Extension extends the resource_details object with attributes mentioned in the list of attribute references below. These attributes ensure proper identification and classification of cloud resources across different providers within standardized event frameworks.

Amazon Extension for OCSF attribute reference

The Basic attributes and Resource specific objects sections provide examples of each of the attributes that are part of the Amazon OCSF extension to resource_details.

Each of the attribute definitions contains an OCSF status outlining its current relationship to the public OCSF schema: