llowinge commented on code in PR #8730:
URL: https://github.com/apache/camel-quarkus/pull/8730#discussion_r3357228826
##########
extensions/ocsf/runtime/src/main/doc/configuration.adoc:
##########
@@ -0,0 +1,3 @@
+Beyond the standard Camel OCSF DataFormat options, the Quarkus extension does
not add any additional configuration options.
+
+Refer to the xref:{cq-camel-components}:dataformats:ocsf-dataformat.adoc[Camel
OCSF DataFormat documentation] for all available options.
Review Comment:
Removed.
##########
extensions/ocsf/runtime/src/main/doc/usage.adoc:
##########
@@ -0,0 +1,86 @@
+The OCSF (Open Cybersecurity Schema Framework) extension provides support for
marshalling and unmarshalling security events following the OCSF specification.
+
+== Basic Usage
+
+=== Marshalling OCSF Events
+
+[source,java]
+----
+from("direct:start")
+ .marshal().ocsf()
+ .to("kafka:security-events");
+----
+
+=== Unmarshalling OCSF Events
+
+[source,java]
+----
+from("kafka:security-events")
+ .unmarshal().ocsf()
+ .to("direct:process");
+----
+
+=== Unmarshalling to a Specific Event Class
+
+[source,java]
+----
+from("kafka:security-events")
+ .unmarshal().ocsf(DetectionFinding.class)
+ .to("direct:process");
+----
+
+== Supported OCSF Event Classes
+
+This extension includes support for 34 OCSF event classes including:
+
+* *Findings*: `DetectionFinding`, `SecurityFinding`, `VulnerabilityFinding`,
`ComplianceFinding`
+* *System Activity*: `FileActivity`, `ProcessActivity`, `KernelActivity`,
`MemoryActivity`
+* *Network Activity*: `NetworkActivity`, `HttpActivity`, `DnsActivity`,
`SshActivity`
+* *IAM*: `Authentication`, `AuthorizeSession`, `AccountChange`,
`GroupManagement`
+* *Application Activity*: `ApiActivity`, `DatastoreActivity`,
`WebResourcesActivity`
+
+All event classes extend `OcsfEvent` which provides common attributes like
`time`, `severity_id`, `class_uid`, and `metadata`.
+
+== Example: Creating a Detection Finding
+
+[source,java]
+----
+import org.apache.camel.dataformat.ocsf.model.DetectionFinding;
+import org.apache.camel.dataformat.ocsf.model.FindingInfo;
+import org.apache.camel.dataformat.ocsf.OcsfConstants;
+
+DetectionFinding finding = new DetectionFinding();
+finding.setActivityId(OcsfConstants.ACTIVITY_CREATE);
+finding.setSeverityId(OcsfConstants.SEVERITY_HIGH);
+finding.setTime(System.currentTimeMillis());
+finding.setIsAlert(true);
+
+FindingInfo info = new FindingInfo();
+info.setTitle("Malware Detection");
+info.setDesc("Potential malware detected on endpoint");
+finding.setFindingInfo(info);
+
+from("direct:start")
+ .setBody(constant(finding))
+ .marshal().ocsf()
+ .to("splunk-hec:...");
+----
+
+== Native Mode Support
+
+The OCSF extension fully supports native mode compilation. All OCSF model
classes are automatically registered for reflection during the build process.
+
+== Using with AWS Security Hub
Review Comment:
Removed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
