https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/4837738#M1100487 <P>I have some Cisco ASA and Firepower logs, and I am attempting to ingest these into the Amazon data lake. To ingest these logs into the Amazon Data lake they must be converted to the Open Cybersecurity Schema Framework (OCSF) format.&nbsp;There Great blog here on the Cisco and Amazon partnership with more background:&nbsp;<A href="https://blogs.cisco.com/security/cisco-joins-amazon-web-services-aws-for-the-launch-of-security-lake" target="_blank" rel="noopener">https://blogs.cisco.com/security/cisco-joins-amazon-web-services-aws-for-the-launch-of-security-lake</A>.&nbsp;</P><P>To ingest these into the Amazon data lake, they first must be converted into the OCSF log format which has definitions defined here:&nbsp;<A href="https://schema.ocsf.io/" target="_blank" rel="noopener">https://schema.ocsf.io/</A>&nbsp;. The OCSF log is a JSON based log and the organization has provided a sample log for an Amazon VPC Log.&nbsp;<A href="https://github.com/ocsf/examples/blob/main/Network%20Activity/Network%20Activity/AWS/VPC%20Flowlogs/vpcflowlog.json" target="_blank" rel="noopener">https://github.com/ocsf/examples/blob/main/Network%20Activity/Network%20Activity/AWS/VPC%20Flowlogs/vpcflowlog.json</A></P><P>The problem is I do not have any examples of a Firepower and ASA log converted into the OCSF format. Does anyone have any examples/field mappings/schemas of what a Cisco ASA/Firepower log would look like when converted into OCSF?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 17 May 2023 15:04:25 GMT Bronette 2023-05-17T15:04:25Z https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/4837738#M1100487 <P>I have some Cisco ASA and Firepower logs, and I am attempting to ingest these into the Amazon data lake. To ingest these logs into the Amazon Data lake they must be converted to the Open Cybersecurity Schema Framework (OCSF) format.&nbsp;There Great blog here on the Cisco and Amazon partnership with more background:&nbsp;<A href="https://blogs.cisco.com/security/cisco-joins-amazon-web-services-aws-for-the-launch-of-security-lake" target="_blank" rel="noopener">https://blogs.cisco.com/security/cisco-joins-amazon-web-services-aws-for-the-launch-of-security-lake</A>.&nbsp;</P><P>To ingest these into the Amazon data lake, they first must be converted into the OCSF log format which has definitions defined here:&nbsp;<A href="https://schema.ocsf.io/" target="_blank" rel="noopener">https://schema.ocsf.io/</A>&nbsp;. The OCSF log is a JSON based log and the organization has provided a sample log for an Amazon VPC Log.&nbsp;<A href="https://github.com/ocsf/examples/blob/main/Network%20Activity/Network%20Activity/AWS/VPC%20Flowlogs/vpcflowlog.json" target="_blank" rel="noopener">https://github.com/ocsf/examples/blob/main/Network%20Activity/Network%20Activity/AWS/VPC%20Flowlogs/vpcflowlog.json</A></P><P>The problem is I do not have any examples of a Firepower and ASA log converted into the OCSF format. Does anyone have any examples/field mappings/schemas of what a Cisco ASA/Firepower log would look like when converted into OCSF?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 17 May 2023 15:04:25 GMT https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/4837738#M1100487 Bronette 2023-05-17T15:04:25Z https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/5023145#M1109383 <P>Hello,&nbsp;</P><P>Did you ever come to any conclusion on this?</P> Fri, 23 Feb 2024 02:40:15 GMT https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/5023145#M1109383 bsaurusrex 2024-02-23T02:40:15Z https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/5333449#M1122889 <P><A href="https://github.com/ocsf/examples/tree/main/mappings/markdown/Cisco/v1.3.0/ASA" target="_blank">https://github.com/ocsf/examples/tree/main/mappings/markdown/Cisco/v1.3.0/ASA</A></P> Thu, 25 Sep 2025 13:02:15 GMT https://community.cisco.com/t5/network-security/open-cybersecurity-schema-framework-ocsf-firepower-asa-log/m-p/5333449#M1122889 lrypl 2025-09-25T13:02:15Z