Re: [openc2-imple] Example of CACAO with OpenC2

[Vasileios Mavroeidis <vasileim@ifi.uio.no>]

We are going to update the examples for the CACAO CS2 in addition to some extra things that we want to integrate. I have already noted adding a simple OpenC2 example.

We have an old one presented at the plugfest here: https://github.com/Vasileios-Mavroeidis/openc2-plugfest/blob/master/2020-October/cacao_playbook_openc2.json , but im going to include one based on the APs that we have available before summer.

-Vasileios

On Jan 15, 2021, at 9:17 PM, duncan sfractal.com <duncan@sfractal.com> wrote:

The CACAO TC recently published a Committee Specification on Playbooks (https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.html). Of interest to OpenC2 is the OpenC2-json is one of the 5 allowed command types (along with manual, http-api, ssh, bash â see section 6.2).

 

I think the document is of interest to the IC-SC. The document contains several examples, but unfortunately none of them are OpenC2 examples. We may want to consider adding their examples to the OpenC2 use cases â after translating the appropriate commands into OpenC2. We also may want to consider submitting an additional example or two (that do make use of OpenC2) for addition to a future  version of their playbook spec.

 

Volunteers to help with this would be welcome.

 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/