Outputs

June 30, 2022

STIX/MISP Security Playbook Object Conversion
(Type: Technical Deliverable)
This repository provides a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that make use of the Security Playbook extension and MISP Security Playbook objects.

Available: GitHub - security-playbook-stix-misp-exchange

June 16, 2022

Enhancing the STIX Representation of MITRE ATT&CK for Group Filtering and Technique Prioritization
(Type: Peer-Reviewed)
Zych, M., & Mavroeidis, V. (2022, June). Enhancing the STIX Representation of MITRE ATT&CK for Group Filtering and Technique Prioritization. In European Conference on Cyber Warfare and Security (Vol. 21, No. 1, pp. 385-391).

Available: ECCWS 2022 Proceedings

May 23, 2022

Structured ATT&CK Groups (SAG)
(Type: Technical Deliverable)
This repository provides enhanced STIX 2.1 representations of the MITRE ATT&CK Groups knowledge base, structurally extending the ones provided in the Official MITRE GitHub Repository. In particular, this project makes existing semi-structured information in the ATT&CK Groups knowledge base fully structured and programmatically accessible, allowing it to be queried upon and correlated with other sources and knowledge bases more easily. Additional information that is now structured includes: the suspected country of origin of a group, targeted sectors and countries, and their motivations.

Available: GitHub - SAG

May 18, 2022

MISP security-playbook Object Template
(Type: Technical Deliverable)
MISP security-playbook objects are used to characterize (describe the properties and the scope of a playbook), manage, store, and share cybersecurity playbooks/orchestration workflows and can also integrate with Cyber Threat Intelligence (CTI) to provide additonal context.

Available: MISP - Security Playbook

April 28, 2022

A Systematic Analysis of the Event-Stream Incident
(Type: Peer-Reviewed)
Arvanitis, I., Ntousakis, G., Ioannidis, S., & Vasilakis, N. (2022, April). A systematic analysis of the event-stream incident. In Proceedings of the 15th European Workshop on Systems Security (pp. 22-28).

Available: Proceedings of the 15th European Workshop on Systems Security

January 25, 2022

A STIX 2.1 Extension Definition for Sharing Machine-Readable Security Playbooks and Orchestration Workflows via the Course of Action SDO
(Type: Technical Deliverable)
This repository includes a STIX 2.1 nested property extension that augments the Course of Action (COA) STIX Domain Object (SDO) type to enable describing, embedding, storing, managing, and sharing cybersecurity playbooks and orchestration workflows.

Available: GitHub - stix2.1-coa-playbook-extension

January 22, 2022

Cybersecurity Playbook Sharing with STIX 2.1 - A Nested Property Extension for the Course of Action SDO
(Type: Technical Report)
Mavroeidis, V. & Zych, M. (2022, January). Cybersecurity Playbook Sharing with STIX 2.1 - A Nested Property Extension for the Course of Action SDO. arXiv:2203.04136.

Available: arXiv.org

January 13, 2022

On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence
(Type: Peer-Reviewed)
Mavroeidis, V., Eis, P., Zadnik, M., Caselli, M., & Jordan, B. (2021, December). On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence. In 2021 IEEE International Conference on Big Data (Big Data) (pp. 2104-2108). IEEE.

Available: IEEE Xplore, arXiv.org (Author's version)