Good day dear Bret,
CACAO is for me the answer for many years of own researches. For instance I presented some years ago the CAMN (Cyber Attack Modelling Notation) based on BPMN language.
There is a parallelism between the CACAO framework and other languages to develop procedures such BPEL (OASIS) or XPDL.
If need anything for me that I could provide to clarify, to review or whatever I can do to support the project please tell me.
Kind regards
From: Bret Jordan <bret.jordan@broadcom.com>
Sent: martes, 22 de marzo de 2022 18:36
To: flandres@ciso.es
Cc: cacao-comment@lists.oasis-open.org
Subject: Re: [cacao-comment] CACAO workflow
Thank you for taking the time to review CACAO and provide feedback. I would like to make sure I fully understand what you would like to see changed and how we can make CACAO better and more useful. Also, help us understand things we are missing that need to be addressed.
Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
On Tue, Mar 22, 2022 at 5:16 AM <flandres@ciso.es> wrote:
Good day,
First of all, congratulations for so amazing development, I am a CACAO Framework lover.
As expert on modelling languages and cybersecurity playbooks, I have analyzed the Cacao framework documents published and I see errors and good practices that should be integrated into the visual model presented.
Comments about the modelling language:
- I miss a convergence parallel (AND) gateway as it is expected to wait until the 2 tasks will be completed. As is now, it will generate 2 different flows when the âUpdate protection toolsâ tasks will be completed.
- A redundance tasks was included. The âUpdate protection toolsâ is just the name of the parallel gateway as it is not introducing any specific action, already developed in the next tasks.
- The diagram is not differentiating between automatic nor human tasks. This will facilitate the comprehension of the diagram.
- In terms of modeling language, the tasks are rectangles not squares. This is a good practice.
- I miss some of the necessary tasks to allocate objects into a visual modelling language. XPDL cold be a very good option to merge within CACAO. (Attached example developed by Bizagi free modeler)
Comments about the playbook developed: (Model below)
- The task âOpen ticketâ after the implementation of the IOC into the security tools is no justified. The regular way should be before those actions an âopen ticketâ and âclose ticketâ task when completed.
- Update the SIEM task should be allocated before the closing of the ticket.
---------------------------------------------------------------------
To unsubscribe, e-mail: cacao-comment-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: cacao-comment-help@lists.oasis-open.org
This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.