Re: [openc2-imple] Example of CACAO with OpenC2

[Bret Jordan <bret.jordan@broadcom.com>]

We would love to add some openc2 examples into the spec.Â

Thanks,

Bret

PGP Fingerprint:Â63B4 FC53 680A 6B7D 1447 ÂF2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

On Sat, Jan 16, 2021 at 2:46 AM Vasileios Mavroeidis <vasileim@ifi.uio.no> wrote:

We are going to update the examples for the CACAO CS2 in addition to some extra things that we want to integrate. I have already noted adding a simple OpenC2 example.

We have an old one presented at the plugfest here:Âhttps://github.com/Vasileios-Mavroeidis/openc2-plugfest/blob/master/2020-October/cacao_playbook_openc2.jsonÂ, but im going to include one based on the APs that we have available before summer.

-Vasileios

On Jan 15, 2021, at 9:17 PM, duncan sfractal.com <duncan@sfractal.com> wrote:

The CACAO TC recently published a Committee Specification on Playbooks (https://docs.oasis-open.org/cacao/security-playbooks/v1.0/cs01/security-playbooks-v1.0-cs01.html). Of interest to OpenC2 is the OpenC2-json is one of the 5 allowed command types (along with manual, http-api, ssh, bash â see section 6.2).

Â

I think the document is of interest to the IC-SC. The document contains several examples, but unfortunately none of them are OpenC2 examples. We may want to consider adding their examples to the OpenC2 use cases â after translating the appropriate commands into OpenC2. We also may want to consider submitting an additional example or two (that do make use of OpenC2) for addition to a future version of their playbook spec.

Â

Volunteers to help with this would be welcome.

Â

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more atÂhttp://vsre.info/

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature