# `OCSF` [๐Ÿ”—](https://github.com/docjerem/ocsf/blob/v0.1.0/lib/ocsf.ex#L1) Elixir library modelling the Open Cybersecurity Schema Framework (OCSF 1.8). Provides structs, enums, and helpers that map to the [OCSF 1.8.0](https://schema.ocsf.io/1.8.0/) specification. Use this module as the top-level entry point for schema version information. Persistence-agnostic core with optional Postgres (`ocsf_ecto`) and ClickHouse (`ocsf_clickhouse`) sinks. See `OCSF.Category`, `OCSF.Class`, `OCSF.Activity`, `OCSF.Severity`, `OCSF.Status`, and `OCSF.Classification` for the core enums and taxonomy. # `from_map` ```elixir @spec from_map(map()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Reconstruct an `%OCSF.Event{}` from a nested OCSF map. Delegates to `OCSF.Event.from_map/1`. # `redact` ```elixir @spec redact(OCSF.Event.t(), OCSF.Policy.t()) :: OCSF.Event.t() ``` Apply a sink **policy** to an event, returning a **redacted** event. Delegates to `OCSF.Policy.apply/2`. # `to_json` ```elixir @spec to_json(OCSF.Event.t()) :: iodata() ``` Serialize an `%OCSF.Event{}` to OCSF-compliant JSON iodata. # `to_map` ```elixir @spec to_map(OCSF.Event.t()) :: map() ``` Convert an `%OCSF.Event{}` to an OCSF-compliant nested map. Nil fields are omitted. Integer UIDs are emitted as-is; their corresponding `_name` labels are added alongside per OCSF convention. Delegates to `OCSF.Serializer.to_map/1`. # `validate` ```elixir @spec validate(OCSF.Event.t()) :: {:ok, OCSF.Event.t()} | {:error, OCSF.Error.t()} ``` Validate an `%OCSF.Event{}` structurally. Runs a 12-step check (SPEC ยง10): metadata presence, version, product, category/class/type consistency, activity/status/severity validity, time format, and class-specific required fields. Returns `{:ok, event}` on success or `{:error, %OCSF.Error{}}` on the first failure. # `version` ```elixir @spec version() :: String.t() ``` Return the OCSF schema version this library targets. ## Examples iex> OCSF.version() "1.8.0" --- *Consult [api-reference.md](api-reference.md) for complete listing*