Cybersecurity Playbook Sharing with STIX 2.1

Vasileios Mavroeidis; Mateusz Zych

arXiv:2203.04136·cs.CR·August 29, 2022·6 cites

Cybersecurity Playbook Sharing with STIX 2.1

Vasileios Mavroeidis, Mateusz Zych

PDF

Open Access 1 Repo

TL;DR

This paper presents an extension of STIX 2.1 to facilitate sharing of cybersecurity playbooks, including CACAO, aiming to improve attack detection and response through structured sharing.

Contribution

It introduces a novel extension to STIX 2.1 specifically designed for sharing security playbooks and CACAO, enhancing interoperability in cybersecurity operations.

Findings

01

Extended STIX 2.1 to include playbook sharing capabilities

02

Enabled automated sharing of CACAO playbooks

03

Facilitated structured exchange of security procedures

Abstract

Understanding that interoperable security playbooks will become a fundamental component of defenders' arsenal to decrease attack detection and response times, it is time to consider their position in structured sharing efforts. This report documents the process of extending Structured Threat Information eXpression (STIX) version 2.1, using the available extension definition mechanism, to enable sharing security playbooks, including Collaborative Automated Course of Action Operations (CACAO) playbooks.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

fovea-research/stix2.1-coa-playbook-extension
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsInformation and Cyber Security · Network Security and Intrusion Detection · Advanced Malware Detection Techniques