Expand description
OCSF v1.4.0 compliant event types and converters for ClawdStrike.
This crate provides strongly-typed OCSF event classes, objects, and conversion
utilities. It has no dependency on the clawdstrike engine crate to keep it
lightweight and avoid circular dependencies. Wiring code in hushd or hunt-query
maps internal types to these OCSF structures.
§Supported OCSF classes
| Class | class_uid | Category |
|---|---|---|
| Detection Finding | 2004 | Findings (2) |
| Process Activity | 1007 | System Activity (1) |
| File Activity | 1001 | System Activity (1) |
| Network Activity | 4001 | Network Activity (4) |
Re-exports§
pub use base::ActionId;pub use base::CategoryUid;pub use base::ClassUid;pub use base::DispositionId;pub use base::SeverityId;pub use base::StatusId;pub use classes::detection_finding::DetectionFinding;pub use classes::file_activity::FileActivity;pub use classes::network_activity::NetworkActivity;pub use classes::process_activity::ProcessActivity;pub use objects::metadata::Metadata;pub use objects::metadata::Product;pub use severity::map_severity;pub use validate::validate_ocsf_json;pub use validate::OcsfValidationError;
Modules§
- base
- Base OCSF enumerations and types shared across all event classes.
- classes
- OCSF event class structs.
- convert
- Conversion functions from ClawdStrike internal types to OCSF events.
- decision
- Shared decision-object parsing helpers used by OCSF converters.
- objects
- OCSF object types embedded within event classes.
- severity
- Severity mapping from ClawdStrike severity levels to OCSF severity IDs.
- validate
- Runtime validation of OCSF required fields on serialized JSON.
Constants§
- OCSF_
VERSION - OCSF schema version this crate targets.