Metadata-Version: 2.4
Name: timeplus-ocsf-simulator
Version: 0.1.0
Summary: A generator for simulated OCSF (Open Cybersecurity Schema Framework) event streams
Author-email: Gang Tao <gang@timeplus.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/timeplus-io/OCSF-Simulator
Project-URL: Repository, https://github.com/timeplus-io/OCSF-Simulator
Project-URL: Issues, https://github.com/timeplus-io/OCSF-Simulator/issues
Keywords: ocsf,cybersecurity,event-simulation,streaming
Classifier: Programming Language :: Python :: 3
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: faker>=20.0.0
Provides-Extra: ocsf
Requires-Dist: ocsf-lib>=0.10.3; extra == "ocsf"
Provides-Extra: kafka
Requires-Dist: kafka-python>=2.0.0; extra == "kafka"
Provides-Extra: all
Requires-Dist: ocsf-lib>=0.10.3; extra == "all"
Requires-Dist: kafka-python>=2.0.0; extra == "all"
Dynamic: license-file

# OCSF Simulator

A Python library and CLI that generates simulated [OCSF](https://schema.ocsf.io/)
(Open Cybersecurity Schema Framework) event streams. Useful for testing
streaming pipelines, security analytics tools, SIEMs, and detection rules with
realistic synthetic data.

## Install

```bash
pip install .
```

Optional extras:

```bash
pip install ".[ocsf]"    # use the real ocsf-lib schema
pip install ".[kafka]"   # enable Kafka output
pip install ".[all]"
```

## Use as a CLI

By default, events are written as JSON lines to stdout:

```bash
ocsf-sim --interval 1.0 --batch-size 5 --max-events 20
```

Send events to Kafka instead:

```bash
ocsf-sim --enable-kafka --kafka-servers localhost:9092 --kafka-topic ocsf-events
```

Common flags:

| Flag | Description |
| --- | --- |
| `--interval` | Seconds between batches (default `1.0`) |
| `--batch-size` | Events per batch (default `10`) |
| `--max-events` | Stop after generating N events |
| `--duration` | Stop after N minutes |
| `--event-classes` | OCSF class UIDs to generate (default `3002 4001 1007 2001`) |
| `--profiles` | OCSF profiles to apply (default `cloud security_control`) |
| `--ocsf-version` | OCSF schema version (default `1.1.0`) |
| `--enable-kafka` | Publish events to Kafka |

Run `ocsf-sim --help` for the full list.

## Use as a library

```python
from ocsf_simulator import JSONSchemaFaker, stream_ocsf_events

# One-shot event generation
faker = JSONSchemaFaker(ocsf_version="1.1.0")
event = faker.generate_ocsf_event(3002, profiles=["host", "security_control"])

# Streaming generator (yields events forever)
for event in stream_ocsf_events(event_classes=[3002, 4001], interval=1.0):
    print(event)
```

## Supported event classes

The simulator can generate events for any OCSF class, with richer dedicated
generators for these commonly-used ones:

| UID | Class |
| --- | --- |
| 1001 | File System Activity |
| 1007 | Process Activity |
| 2001 | Security Finding |
| 3002 | Authentication |
| 4001 | Network Activity |

## License

Apache-2.0
