Profile catalogue
Source profiles describe raw and structured formats, envelope boundaries, parsing expectations, timestamp handling, field semantics, and common routing decisions.
Open security content
SC4S Source Library
A shared catalogue for turning messy log sources into reviewable, testable profiles.
Current status
Public/community track under S6 stewardship.
The library is being structured for community contribution while keeping commercial embedding and redistribution conversations separate.
SC4S Source Library collects security data-source profiles, sample expectations, validation notes, and mapping guidance so teams can onboard logs with less folklore and fewer fragile one-off transforms.
Validation harness
Profiles are intended to carry enough test material and preflight checks to prove that a parser still understands the source after changes.
Contribution path
The community track favours useful, reviewable source knowledge over vendor gloss. Commercial redistribution remains a separate licensing conversation.
Boundaries
What it is being designed not to do
- Not a dump of proprietary customer logs or private detection content.
- Not a promise that every vendor format is supported on day one.
- Not a route around vendor, customer, or sovereign data obligations.
Brief
Next development questions
- Expand profile coverage where public samples and clear source evidence exist.
- Keep data dictionaries and noisy-field reduction notes close to each profile.
- Separate community contribution workflow from commercial/OEM use.