• EnglishEspañol日本語한국어Português
  • Log inStart now

OCSF integration

Use New Relic to seamlessly monitor Open Cybersecurity Schema Framework (OCSF) data. You'll get comprehensive visibility into security-related data from multiple sources to facilitate threat detection, incident response, and compliance.

After setting up our OCSF integration, see your data in a dashboard right out of the box.

Set up the OCSF integration

Complete the following steps to set up the OCSF integration:

Install the infrastructure agent

To use the OCSF integration, you need to also install the infrastructure agent on the same host. The infrastructure agent monitors the host itself, while the integration you'll install in the next step extends your monitoring with OCSF-specific data.

Enable the OCSF integration with nri-flex

  1. Create a file named nri-ocsf.yml in the integrations directory:

    bash
    $
    touch /etc/newrelic-infra/integrations.d/nri-ocsf.yml
  2. Add the following snippet to your nri-ocsf.yml file to enable the agent to capture OCSF data:

    integrations:
    - name: nri-flex
    config:
    name: ocsfExample
    global:
    base_url: http://ip-address:PORT
    headers:
    accept: application/json
    apis:
    - event_type: ocsfSampleEvent # use this name to query the data
    url: /customEndpoint # endpoint with OCSF data
    - event_type: ocsfCustomEvent1
    url: /customEndpoint2

Restart the New Relic infrastructure agent

Use the instructions in our infrastructure agent docs to restart your infrastructure agent. This is command that should work for most people:

bash
$
sudo systemctl restart newrelic-infra.service

Find your data

You can use our pre-built dashboard template to monitor your OCSF application metrics. Follow these steps to use our pre-built dashboard template:

  1. Go to one.newrelic.com > All capabilities > + Integrations & Agents.

  2. Select Dashboards to access the pre-built resources.

  3. Search OCSF and select the dashboard.

To instrument the OCSF quickstart and to see metrics and alerts, you can also follow our OCSF quickstart page by clicking on the Install now button.

Here is an example NRQL query to view the OCSF master uptime:

SELECT * FROM ocsfSampleEvent

What's next?

To learn more about building NRQL queries and generating dashboards, check out these docs:

  • Introduction to the query builder to create basic and advanced queries.

  • Introduction to dashboards to customize your dashboard and carry out different actions.

  • Manage your dashboard to adjust your display mode, or to add more content to your dashboard.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.