Easily Map Logs to OCSF with Datadog Observability Pipelines

Normalizing security logs into the Open Cybersecurity Schema Framework (OCSF) is often complex, manual, and time-consuming. With Datadog Observability Pipelines, you can easily transform logs into OCSF format—right in your own environment—before routing them to destinations like Splunk, CrowdStrike, and AWS Security Lake.

This video show how Security teams can use Observability Pipelines to:

Collect, process, and transform logs into OCSF format automatically

Use prebuilt mappings for popular vendors like AWS, Microsoft, and Palo Alto Networks

Create custom OCSF mappings with full schema control

Optimize logs with processors for enrichment, redaction, and volume control

Forward OCSF-normalized logs anywhere, without vendor lock-in

With Datadog Observability Pipelines, security teams gain a common language for detection and response, reduce operational overhead, and strengthen compliance—all while keeping logs on-prem.

Explore the blog for more details: https://www.datadoghq.com/blog/observability-pipelines-stream-logs-in-ocsf-format/