To defend against threat actors and their tactics, techniques, and procedures organizations need to detect, investigate, prevent, mitigate, and remediate threats in cyber relevant time. To do this, organizations need to identify, create, document, and test the orchestration steps needed to achieve these outcomes. These steps, when grouped together, form a cyber security playbook that can be used to protect organizational systems, networks, data, and users.
This specification defines the schema and taxonomy for Collaborative Automated Course of Action Operations (CACAO) for cyber security playbooks and describes how these playbooks can be created and shared in a structured and standardized way across organizational boundaries and technological solutions.
Views: 14
