Orchestrating and Automating Course of Action Operations
With the increased complexity of computer networks today, it becomes more and more challenging to mitigate cyberattacks. The need for automating response to efficiently defend against attacks becomes a vital part of cyber defense. Security Orchestration, Automation, and Response (SOAR) solutions exist for enterprises that wish to automate their cyber defense. However, these solutions are not standardized, and creating Security Playbooks for one solution, may not work for another.
OASIS Collaborative Automated Course of Action Operations (CACAO) provides a standard for implementing course of action playbooks for cybersecurity operations . Having open-source tools for these playbooks can significantly increase efficiency in smaller organizations that may not have the human resources or knowledge to efficiently respond to security incidents.
Master Thesis Topic
This research will focus on developing a SOAR platform that will consume CACAO security playbooks and perform a course of actions using OpenC2 language.
Scope of Work:
The thesis pertains to a project to develop an orchestrator that can run course of action playbooks as defined in the OASIS CACAO Security Playbook specification. This will be a part of an open-source SOAR solution based on the OASIS standards. The thesis itself will be focused on solving security-related issues and architectural problems that arise in such an implementation. The student needs to keep being updated with the CACAO specification.