From cfefeb4c398cad604c27478516e0473a99cad6ee Mon Sep 17 00:00:00 2001 From: Rajas <89877409+floydtree@users.noreply.github.com> Date: Wed, 8 Nov 2023 14:07:04 -0500 Subject: [PATCH] Cleaning up README.md Removing stale references to extensions, adding references to the white paper. Signed-off-by: Rajas <89877409+floydtree@users.noreply.github.com> --- README.md | 32 +++++--------------------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 05751f3a6..70e344bf8 100644 --- a/README.md +++ b/README.md @@ -18,32 +18,10 @@ The schema framework definition files and the resulting schema are written as JS OCSF is intended to be used by both products and devices which produce log events, analytic systems, and logging systems which retain log events. -## Extending the Schema - -Extensions are additional categories, event classes, attributes, objects or profiles. The Open -Cybersecurity Schema Framework can be extended by adding new attributes, objects, categories -and event classes. A schema is the aggregation of core schema entities and extensions. -Extensions allow a particular vendor or customer to create a new schema or augment an existing -schema. Extensions can also be used to factor out non-essential schema domains keeping a -schema small. Extensions use the framework in the same way as a new schema, optionally -creating categories, profiles or event classes from the dictionary. Extensions can add new -attributes to the dictionary, including new objects. As with categories, event classes and profiles, -extensions have unique IDs within the framework as well as versioning. - -To extend the schema, create a new directory with same structure the top level schema directory. -The directory may contain the following optional files and subdirectories. - -| Name | Description | -|-------------------|---------------------------------------------------------------------------| -| `categories.json` | Create it to define new categories. Note, to avoid collisions with the categories defined in the core schema, the category IDs must be greater than or equal to 30. | -| `dictionary.json` | Create it to define new attributes. | -| `enums` | Create it to define new enumerations. | -| `events` | Create it to define new event classes. | -| `includes` | Create it to define new shared data. | -| `objects` | Create it to define new objects. | - -For more information on extending the schema, please refer to the contribution guide, -[CONTRIBUTING.md](https://github.com/ocsf/ocsf-schema/blob/main/CONTRIBUTING.md) +For more information about concepts in OCSF, please refer to the OCSF White paper, [Understanding OCSF](https://github.com/ocsf/ocsf-docs/blob/main/Understanding%20OCSF.pdf). + +Looking to contribute? Please refer to the contribution guide, +[CONTRIBUTING.md](https://github.com/ocsf/ocsf-schema/blob/main/CONTRIBUTING.md). ## Versioning @@ -51,4 +29,4 @@ Updates to OCSF follow [semantic versioning](https://semver.org/). ## License -This software is licensed under the Apache License, version 2 ("ALv2"). +This software is licensed under the [Apache License](https://github.com/ocsf/ocsf-schema/blob/main/LICENSE)https://github.com/ocsf/ocsf-schema/blob/main/LICENSE, version 2 ("ALv2").