---
title: OCSF Processor
description: Normalize security logs according to the Open Cybersecurity Schema Framework
breadcrumbs: Docs > Log Management > Log Configuration > Processors > OCSF Processor
---

# OCSF Processor

## Overview{% #overview %}

Use the OCSF processor to normalize your security logs according to the [Open Cybersecurity Schema Framework (OCSF)](https://docs.datadoghq.com/security/cloud_siem/ingest_and_enrich/open_cybersecurity_schema_framework.md). The OCSF processor creates custom mappings that remap your log attributes to OCSF schema classes and their corresponding attributes, including enumerated (ENUM) attributes.

The processor enables you to:

- Map source log attributes to OCSF target attributes
- Configure ENUM attributes with specific numerical values
- Create sub-pipelines for different OCSF target event classes
- Pre-process logs before OCSF remapping

For detailed setup instructions, configuration examples, and troubleshooting guidance, see [OCSF Processor](https://docs.datadoghq.com/security/cloud_siem/ingest_and_enrich/open_cybersecurity_schema_framework/ocsf_processor.md).

## Further reading{% #further-reading %}

- [Discover Datadog Pipelines](https://docs.datadoghq.com/logs/log_configuration/pipelines.md)
- [Learn about OCSF](https://docs.datadoghq.com/security/cloud_siem/ingest_and_enrich/open_cybersecurity_schema_framework.md)
- [OCSF Processor setup guide](https://docs.datadoghq.com/security/cloud_siem/ingest_and_enrich/open_cybersecurity_schema_framework/ocsf_processor.md)