Concord engine vocabulary
Universal Adapter
The connectivity layer that ingests events from any source and hands clean, canonical OCSF events to the rest of the engine.
Definition
The Universal Adapter inside Concord by IaxaI is the connectivity boundary. Receivers terminate syslog, webhooks, and API pulls from the source. Schema-shape hashing fingerprints the incoming field-path set. A deterministic vendor-pack lookup maps the event into OCSF if a known mapping exists; unknown shapes get parked for analyst review. No machine learning runs in the live ingest path. Language-model-assisted mapping inference runs only during onboarding for new vendors and during drift-triggered repair cycles, never on the hot path between event arrival and OCSF emission. Concord ships with 30+ vendor mappings and 6 production-ready connectors today: CrowdStrike, Okta, Microsoft Graph, Splunk, Palo Alto, and Cisco. The Universal Adapter is the door every event walks through. Everything downstream (entity resolution, drift detection, audit ledger, dedup, detection portability, compliance auto-packets) assumes the canonical event shape this layer produces.
See also
Related capabilities and terms
OCSF (Open Cybersecurity Schema Framework)
The vendor-neutral event schema that won the schema war. Concord by IaxaI sits above OCSF, not parallel to it.
Reverse Transpiler
Compiles OCSF detections back into vendor-native query languages so one rule runs across every tool in the stack.
Schema Drift
When a vendor silently renames or reshapes a field. The failure mode that quietly breaks every static mapping in your stack.
Drift Detection
Streaming statistical tests on input, output, and schema-shape that catch silent vendor changes before they break detection coverage.
Stop reconciling. Start trusting one timeline.
30-minute walkthrough. Your tools. Your tenants. Your audit cycle. We will show you exactly where Concord earns its keep.