Bret: Attached is a Word document with my proposed text for the Enrichment Playbook. I've also pasted the text below. 2.2.8 Enrichment Playbook A playbook that is primarily focused on the orchestration steps required to establish and maintain application interfaces (APIs) with threat intelligence platforms (TIPs) and other devices used in computer networks for cyber threat detection and hunting. Enrichment is used as a way to add related cyber observables to a threat intelligence feed and to map these observables to potential threat activity. By using Enrichment Playbooks network security operators can map data from their own logs to information shared from open sources and trust communities that has been flagged as potentially malicious. X-NONE X-NONE -- ********************************** R. Jane Ginn, MSIA, MRP OASIS, CTI TC Co-Secretary OASIS, TAC TC Secretary
jg@ctin.us ********************************** Attachment: EnrichmentPlaybookText.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document