Cybersecurity Playbook Sharing with STIX 2.1
This work addresses the need for structured sharing of security playbooks among defenders, but it is incremental as it builds on existing standards.
The paper tackled the problem of sharing cybersecurity playbooks by extending the STIX 2.1 standard to include them, enabling interoperability to potentially reduce attack detection and response times.
Understanding that interoperable security playbooks will become a fundamental component of defenders' arsenal to decrease attack detection and response times, it is time to consider their position in structured sharing efforts. This report documents the process of extending Structured Threat Information eXpression (STIX) version 2.1, using the available extension definition mechanism, to enable sharing security playbooks, including Collaborative Automated Course of Action Operations (CACAO) playbooks.