CSNF Documentation - Spring 2023 Update

This page contains information on the Spring 2023 Cloud Security Notification Framework Splunk Technology Add-on release.

CSNF Splunk Technology Add-on


The purpose of the CSNF Splunk Technology Add-on is to provide a set of common attribute mappings in support of multi-cloud enterprise security SIEM and SOAR operations.

Who is this app for?

The primary audiance for this application are security detection engineering teams who wish to integrate CSNF within their multi cloud security landing zone.

How does the app work?

It works by mapping keys and values provided by your configured cloud provider to a set of CSNF common properties. The CSNF’s canonical data model standardizes alerts received from multiple cloud and SaaS providers that can be used as inputs by the SOC for common security workflows.

Cloud Security Notification Framework Specification

This section and those that follow lay out the specifications for the ONUG Cloud Security Notification Framework that was established in the Winter and Spring of 2021. It addresses the CSNF project’s Scope and Use Cases, describes both the Provider and Consumer Experiences, introduces the Canonical Data Model, and explains the key “Decorator” concept.

Core Components

What are the key components of the CSNF?

Contribution Guidelines

CSNF Steering Committee Membership

Details the current CSNF Steering Committee Membership

CSNF birthday-cake

CSNF demo-service (archived)

The CSNF demo-service is a typescript application that provides minimal functionality to allow security researchers and security developers to become familiar with the CSNF Decorator. The application can be easily deployed using Docker.

Last modified January 27, 2023: updated docs page (47e38b3)