2-June-2022 DC CAW
University of Oslo (UiO) briefed about the CACAO security playbooks “standard” and presented use cases on how CACAO can orchestrate and automate cyberspace defense, also by utilizing STIX and TAXII, OpenC2, Kestrel, and the TAC ontology.
An emphasis was given in demonstrating how CACAO can utilize OpenC2 for command and control of cyber defense systems and components.
Finally, UiO discussed and demonstrated how we can share (and couple with CTI) CACAO security playbooks using STIX 2.1. They presented a STIX 2.1 property extension for the Course of Action object type. The STIX 2.1 “Extension” is available on GitHub. For further reading they provided a technical report that explains the aforementioned STIX 2.1 extension.