Zenodo is a general-purpose open repository developed under the European OpenAIRE program and operated by CERN. It allows researchers to deposit research papers, data sets, research software, reports, and any other research related digital artefacts.
All work related to JCOP performed by the consortium e.g., scientific publication, conferences, journals, and technical work is published on Zenodo in the JCOP Community.
STIX/MISP Security Playbook Object Conversion
(Type: Technical Deliverable)
This repository provides a mapping table and a reference process
that allows converting between STIX 2.1 Course of Action objects
that make use of the Security Playbook extension and MISP Security
Playbook objects.
Enhancing the STIX Representation of MITRE ATT&CK for Group
Filtering and Technique Prioritization
(Type: Peer-Reviewed)
Zych, M., & Mavroeidis, V. (2022, June). Enhancing the STIX
Representation of MITRE ATT&CK for Group Filtering and Technique
Prioritization. In European Conference on Cyber Warfare and
Security (Vol. 21, No. 1, pp. 385-391).
Available: ECCWS 2022 Proceedings
Structured ATT&CK Groups (SAG)
(Type: Technical Deliverable)
This repository provides enhanced
STIX 2.1
representations of the
MITRE ATT&CK Groups
knowledge base, structurally extending the ones provided in the
Official MITRE GitHub Repository. In particular, this project makes existing semi-structured
information in the ATT&CK Groups knowledge base fully structured
and programmatically accessible, allowing it to be queried upon
and correlated with other sources and knowledge bases more easily.
Additional information that is now structured includes: the
suspected country of origin of a group, targeted sectors and
countries, and their motivations.
Available: GitHub - SAG
MISP security-playbook Object Template
(Type: Technical Deliverable)
MISP security-playbook objects are used to characterize (describe
the properties and the scope of a playbook), manage, store, and
share cybersecurity playbooks/orchestration workflows and can also
integrate with Cyber Threat Intelligence (CTI) to provide
additonal context.
Available: MISP - Security Playbook
A Systematic Analysis of the Event-Stream Incident
(Type: Peer-Reviewed)
Arvanitis, I., Ntousakis, G., Ioannidis, S., & Vasilakis, N.
(2022, April). A systematic analysis of the event-stream incident.
In Proceedings of the 15th European Workshop on Systems Security
(pp. 22-28).
Available: Proceedings of the 15th European Workshop on Systems Security
A STIX 2.1 Extension Definition for Sharing Machine-Readable
Security Playbooks and Orchestration Workflows via the Course of
Action SDO
(Type: Technical Deliverable)
This repository includes a STIX 2.1 nested property extension
that augments the Course of Action (COA) STIX Domain Object (SDO)
type to enable describing, embedding, storing, managing, and
sharing cybersecurity playbooks and orchestration workflows.
Available: GitHub - stix2.1-coa-playbook-extension
Cybersecurity Playbook Sharing with STIX 2.1 - A Nested Property
Extension for the Course of Action SDO
(Type: Technical Report)
Mavroeidis, V. & Zych, M. (2022, January). Cybersecurity Playbook
Sharing with STIX 2.1 - A Nested Property Extension for the Course
of Action SDO. arXiv:2203.04136.
Available: arXiv.org
On the Integration of Course of Action Playbooks into Shareable
Cyber Threat Intelligence
(Type: Peer-Reviewed)
Mavroeidis, V., Eis, P., Zadnik, M., Caselli, M., & Jordan, B.
(2021, December). On the Integration of Course of Action
Playbooks into Shareable Cyber Threat Intelligence. In 2021 IEEE
International Conference on Big Data (Big Data) (pp. 2104-2108).
IEEE.
Available: IEEE Xplore, arXiv.org (Author's version)