CSNF Documentation - Spring 2023 Update
This page contains information on the Spring 2023 Cloud Security Notification Framework Splunk Technology Add-on release.
Purpose
The purpose of the CSNF Splunk Technology Add-on is to provide a set of common attribute mappings in support of multi-cloud enterprise security SIEM and SOAR operations.
Who is this app for?
The primary audiance for this application are security detection engineering teams who wish to integrate CSNF within their multi cloud security landing zone.
How does the app work?
It works by mapping keys and values provided by your configured cloud provider to a set of CSNF common properties. The CSNF’s canonical data model standardizes alerts received from multiple cloud and SaaS providers that can be used as inputs by the SOC for common security workflows.
This section and those that follow lay out the specifications for the ONUG Cloud Security Notification Framework that was established in the Winter and Spring of 2021. It addresses the CSNF project’s Scope and Use Cases, describes both the Provider and Consumer Experiences, introduces the Canonical Data Model, and explains the key “Decorator” concept.
What are the key components of the CSNF?
Details the current CSNF Steering Committee Membership
The CSNF demo-service is a typescript application that provides minimal functionality to allow security researchers and security developers to become familiar with the CSNF Decorator. The application can be easily deployed using Docker.
Last modified January 27, 2023:
updated docs page (47e38b3)