Security teams face challenges due to the diverse and inconsistent log formats across various systems they defend, hindering their ability to efficiently correlate events and investigate incidents. Datadog Cloud SIEM addresses this by leveraging the Open Cybersecurity Schema Framework (OCSF) for normalizing security telemetry, recently expanding its coverage to include more sources such as AWS CloudTrail, Okta, and GitHub. The new OCSF processor offers self-service control, allowing teams to map any log source to OCSF without custom engineering, thus standardizing events for consistent analysis. This facilitates the creation of unified detection rules across multiple data sources, reducing operational overhead and enabling faster and clearer incident triage. The processor supports an open SIEM operating model, giving teams flexibility in data collection and routing, and reducing schema lock-in. By extending normalization to any log source, Datadog allows security teams to integrate new data sources seamlessly and manage growing environments with reduced complexity.