Cloud Security Notification Framework (CSNF) Project – ONUG Collaborative Update

Fall 2024

The ONUG Cloud Security Notification Framework (CSNF) is an open-source initiative launched by the ONUG Collaborative in 2021 to address a vexing challenge in cloud computing today: how to respond effectively to the disparate and growing array of non-standard, security-related alarms and notifications generated in multi-cloud operational contexts encompassing public cloud services and private cloud infrastructure. The CSNF team has developed a canonical data model that normalizes the Tower of Babel of security notifications generated by a myriad of cloud services and systems by defining a universal log message format that can be easily interpreted by SOC analysts.

In 2023, the two-year effort of the CSNF team culminated in the integration of CSNF’s normalized, canonical data model message mappings into Splunk’s industry-leading SIEM platform as a CSNF Splunk TA (technology add-on). Building upon this success, in 2024 the project moved into go-to-market mode to realize the goal of getting CSNF widely adopted by security operations teams within large enterprise IT organizations.

The team has focused its efforts in three areas:

  • Enlisting security vendors and cloud service providers to add log message mappings for their products and services into CSNF’s canonical data model.
  • Engaging with SOC team managers and practitioners at large enterprises to conduct CSNF workshops with the goal of directly reaching potential users and spurring adoption.
  • Educating security-oriented industry organizations on the benefits of adopting CSNF and standardizing its canonical data model for log message notifications.

Attend this session to learn more about these CSNF project initiatives from the team leaders and how your company can benefit by adopting the canonical data model.


Josh Hammer is a Field CISO with Oracle. In this role, he works with customers to help them build innovative cloud security architectures and strategies that standardize and accelerate the secure adoption of Oracle Cloud Infrastructure (OCI).  Before returning to Oracle, he was a Security Partner Solutions Architect with Amazon Web Services.  In this role, he works closely with various strategic security partners to build cloud-optimized architecture and develop strategies with business development teams.  Before this, he was a Security Architect in the AWS Professional Services organization, where he helped large enterprises adopt AWS.

Richard Julian is a principal consultant in cloud and Kubernetes security, primarily focused on security engineering automation and incident response preparation.

Register Today

Related events