Good day,
First of all, congratulations for so amazing development, I am a CACAO Framework lover.
As expert on modelling languages and cybersecurity playbooks, I have analyzed the Cacao framework documents published and I see errors and good practices that should be integrated into the visual model presented.
Comments about the modelling language:
- I miss a convergence parallel (AND) gateway as it is expected to wait until the 2 tasks will be completed. As is now, it will generate 2 different flows when the “Update protection tools” tasks will be completed.
- A redundance tasks was included. The “Update protection tools” is just the name of the parallel gateway as it is not introducing any specific action, already developed in the next tasks.
- The diagram is not differentiating between automatic nor human tasks. This will facilitate the comprehension of the diagram.
- In terms of modeling language, the tasks are rectangles not squares. This is a good practice.
- I miss some of the necessary tasks to allocate objects into a visual modelling language. XPDL cold be a very good option to merge within CACAO. (Attached example developed by Bizagi free modeler)
Comments about the playbook developed: (Model below)
- The task “Open ticket” after the implementation of the IOC into the security tools is no justified. The regular way should be before those actions an “open ticket” and “close ticket” task when completed.
- Update the SIEM task should be allocated before the closing of the ticket.
