DeepAI AI Chat
Log In Sign Up

On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence

10/20/2021
by   Vasileios Mavroeidis, et al.
Broadcom
Siemens AG
UNIVERSITETET I OSLO
0

Motivated by the introduction of CACAO, the first open standard that harmonizes the way we document courses of action in a machine-readable format for interoperability, and the benefits for cybersecurity operations derived from utilizing, and coupling and sharing course of action playbooks with cyber threat intelligence, we introduce a uniform metadata template that supports the management and integration of course of action playbooks into knowledge representation and knowledge management systems. We demonstrate the applicability of our approach through two use-case implementations where the proposed playbook metadata template is utilized to introduce and integrate course of action playbooks, such as CACAO, into the MISP threat intelligence platform and the OASIS Threat Actor Context ontology.

READ FULL TEXT

page 4

page 5

03/03/2021

Threat Actor Type Inference and Characterization within Cyber Threat Intelligence

As the cyber threat landscape is constantly becoming increasingly comple...
06/30/2022

Efficient Collective Action for Tackling Time-Critical Cybersecurity Threats

The latency reduction between the discovery of vulnerabilities, the buil...
04/21/2021

Evidential Cyber Threat Hunting

A formal cyber reasoning framework for automating the threat hunting pro...
02/16/2022

CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

Ability to effectively investigate indicators of compromise and associat...
12/11/2018

Intelligence-based Cybersecurity Awareness Training- an Exploratory Project

Cybersecurity training should be adaptable to evolving the cyber threat ...
11/17/2022

Towards Effective Cybercrime Intervention

Cybercrimes are on the rise, in part due to technological advancements, ...