OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Secu

  • 1.  Invitation to join plugest to showcase CACAO

    Posted 09-01-2020 20:26




    Congrats on reaching public review of CACAO. I would like to call your attention to the
    SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD /DBOM
    virtual Proof-of-Concept(Poc)/Plugfest/Hackathon that is open to all and I feel is a good opportunity to show the value of CACAO to a wider community. Since that name is too long, those of us participating to date have been calling it the SBOM PoC.
     
    The purpose is to show the value of automated cyber defense, which is best shown using usecases involving all aspects of the security infrastructure showcasing many concepts. More information may be found at

    https://github.com/oasis-tcs/openc2-usecases/blob/master/SBOM-PoC/README.md . I would like to use CACAO as the playbooks for the scenarios and use cases in the PoC, but I could use some help. And I suspect members of this community have some tools/products
    that could be showcases as part of the PoC.
     
     
    Duncan Sparrell
    sFractal Consulting LLC
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /
     






  • 2.  Re: Invitation to join plugest to showcase CACAO

    Posted 09-01-2020 20:28




    Oops accidently hit send. Here is a more complete version.
     
     
    Congrats on reaching public review of CACAO. I would like to call your attention to the
    SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD /DBOM
    virtual Proof-of-Concept(Poc)/Plugfest/Hackathon that is open to all and I feel is a good opportunity to show the value of CACAO to a wider community. Since that name is too long, those of us participating to date have been calling it the SBOM PoC.
     
    The purpose is to show the value of automated cyber defense, which is best shown using usecases involving all aspects of the security infrastructure showcasing many concepts. More information may be found at

    https://github.com/oasis-tcs/openc2-usecases/blob/master/SBOM-PoC/README.md . I would like to use CACAO as the playbooks for the scenarios and use cases in the PoC, but I could use some help. And I suspect members of this community have some tools/products
    that could be showcases as part of the PoC.
     

    Google has provided $60k of GCP credits in support of OpenC2 in the PoC. Participate in the plugfest and learn how to take advantage of this. There are currently 13 organizations participating. The previous

    OpenC2 plugfest/hackathon involved 28 organizations from 3 countries and the expectation is this will be larger. Note that the work is done transparently (e.g. no NDA s) which solves some problems and introduces
    others. I d be happy to talk details with anyone considering participating.
    Summer is drawing to a close and the plugfest is kicking into a higher gear. Work has started and will culminate in an all-day meetup on Oct-28th. For more information on how to participate, see

    https://github.com/oasis-tcs/openc2-usecases/blob/master/SBOM-PoC/README.md .

    Please consider participating.
     
    Duncan Sparrell
    sFractal Consulting LLC
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /