Overview

AppOmni Common Event Schema (ACES) is a specification that defines a common set of fields used when storing and evaluating event data in AppOmni.

ACES specifies field names, data types, required enums, and contextual information such as field descriptions, examples, and a JSONSchema specification.

The goal of ACES is to facilitate AppOmni users in their ability to analyze, visualize, correlate, and detect on event data being surfaced by SaaS applications.

Normalization to other schemas

ACES will, on a best-effort basis document suggested mappings for other event schemas such as the Open Cybersecurity Schema Framework (OCSF).

In its present form; ACES is largely compatible with Elastic Common Schema (ECS). However, there are some minor differences in field usage and the introduction of fields not present in ECS that may complicate 1:1 parity.

Maturity

ACES follows Semantic Versioning. The version of any given event blob can be found in the top-level version field.