Incident Response Methodologies 2022

Definition, description and relationship types of MISP objects

Cybersecurity Automation Workshop | 2-June-2022 | Washington DC

A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-readable security playbooks such as CACAO Security Playbooks

OASIS OpenC2 TC: This repository will focus on the use of OpenC2 to issue commands and parse responses to hardware or software that can control administrative policies regarding network packets. ht…

OASIS OpenC2 TC: A GitHub repository is to provide configuration management and to aid in the development of the first generation OpenC2 firewall profile

OASIS OpenC2 TC: GitHub repository used to propose and track changes to the OpenC2 Language Specification as new working draft level revisions are created and the associated CSDs mature

An elevated STIX representation for the MITRE ATT&CK Groups knowledge base

Collection of Cyber Threat Intelligence sources from the deep and dark web

MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)

OASIS Open Command and Control (OpenC2) TC: An OpenC2 Actuator Profile defining the Actions, Targets, Specifiers and Options that are consistent with version 1.0 of the OpenC2 Language Specificatio…

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

OASIS OpenC2 TC: Repository for submitting and reviewing OpenC2 use cases relevant to the work of the OpenC2 Language Subcommittee (LSC)

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.

Clusters and elements to attach to MISP events or attributes (like threat actors)

OASIS OpenC2 TC: Developing a standard architecture to guide all developers of Profiles. https://github.com/oasis-tcs/oc2arch