This Repository has been created in support of the upcoming Cybersecurity Automation Workshop to be held June 2, 2022.

Repository items will include sample Use Cases from open sources documenting actual exploits of vulnerabilities listed on the US DHS/CISA Top Vulnerabilities list for 2021. To the extent possible Use Cases will be based on:

Tactics, Techniques & Procedures (TTPs) used by the threat actors as characterized by the MITRE Corporation ATT&CK Framework STIX2.1 formatted data (STIX domain objects [SDOs] and STIX cyber observables [SCOs]) Additional relevant information from other published knowledge bases such as the Common Weakness Enumeration (CWE) (https://cwe.mitre.org/) A narrative that adds context to the Use Case for capture by workshop participants.

See Fileless-Socketless for a curated Use Case demonstrating interoperability of multiple security standards including:

• OpenC2
• Collaborative Automated Course of Action Operations (CACAO)
• Threat Actor Context (TAC)
• Cyber Threat Intelligence (CTI) [for STIX2.1 & TAXII2.1]
• Common Security Advisory Framework (CSAF)
• Open Security Alliance

See Ryuk for another curated Use Case for ransomware.

Return to Sweat Equity

return to Sweat Equity

Return to Agenda

return to Agenda

Return to Home

return to Home