Skip to main content

stave export ocsf

Export findings as OCSF 1.1 Compliance Finding events

Usage

stave export ocsf [flags]

Description

Convert assessment findings to OCSF 1.1 events (class_uid: 2003) for SIEM ingestion (Splunk, Sentinel, Elastic, Panther).

Output is NDJSON — one event per line.

Exit Codes: 0 Export complete 2 Invalid input

Flags

FlagTypeDescription
--assessmentstringstave apply JSON output (required)

Examples

stave export ocsf --assessment findings.json