OASIS Unveils CACAO v2.0 Webinar
Tuesday, March 19th | 11:00 EST

In the ever-evolving realm of organizational cybersecurity, the imperative for resilience has never been more crucial. The intricate interplay of cyber threats demands a proactive and adaptive approach to safeguarding information assets. Join us in this enlightening webinar where OASIS, at the forefront of cybersecurity innovation, reveals the latest advancements in Collaborative Automated Course of Actions Operations (CACAO), Version 2.0. This unveiling marks a significant leap forward in equipping IT/Security organizations with a standardized framework that not only streamlines the creation, execution, and sharing of cybersecurity playbooks but also ushers in a new era of heightened preparedness.

CACAO, enhanced with its  2.0 iteration, stands as a robust solution that empowers organizations to navigate the intricate landscape of cyber threats seamlessly. Beyond traditional intrusion detection, it introduces advanced techniques like threat deception, presenting a transformative paradigm for responding to contemporary cyber threats. As we delve into the key benefits and elements  of CACAO 2.0, anticipate gaining comprehensive insights that will embolden  your cybersecurity strategies, learn how playbook creation and sharing has taken a significant step forward, and elevate your organization’s defensive capabilities from your own playbooks and ones from your sharing communities.


Core Technological Tenets of CACAO

  • Organizing, Searching & Sharing Playbooks
  • Defining the modular, highly scalable playbook Process, Logic, and Knowledge broken down by workflow
  • Deploying Playbooks to today’s cybersecurity Systems against the latest threats

Elements to Consider When Designing CACAO Playbooks

Making Playbooks Searchable, Understandable and Shareable

  • Playbook Type: Defines the primary purpose of the playbook.
  • Playbook Activities & Playbook Processing: Details of the playbook’s operational features.
  • Versioning: Enables tracking changes over time.
  • Labels: Facilitates powerful playbook organization and categorization.

Designing in Modularity with Workflow Steps

  • Sequential, Parallel, Conditional, and Loop Steps.
  • Specific Action Steps tailored to operational and automation needs.

Key elements of playbook deployment using Agents & Targets

  • Agents execute actions; targets receive those actions.
  • Promotes modularity, reusability, and flexibility in execution.

Advanced Topics while using  CACAO

Ensuring Playbook Integrity in a sharing ecosystem

  • Incorporates digital signatures for authenticity and integrity.
  • Signature mechanism standardized as X.590, providing trust and trackability.

Relating playbooks to threat intelligence easily

  • Seamless connection with the STIX Version 2.1 standard.
  • Leverages shared identifiers, versioning, and core metadata for effective CTI integration.
  • Enhancing CACAO adoption: Introducing additional capabilities: Supplementing CACAO with extra features and specification for graphically representing playbooks consistently across implementations.

By attending this webinar, you’ll gain insights from CACAO designers and cybersecurity experts that have applied years of practical experience and knowledge to the design of the CACAO standard. They’ll discuss how harnessing the capabilities of CACAO will undoubtedly fortify your cybersecurity operations. From orchestrating incident responses to conducting thorough threat assessments, CACAO emerges as a pivotal component in disseminating advanced defensive tradecraft.

The webinar will be presented by the leadership of the OASIS Collaborative Automated Course of Action Operations Technical Committee (CACAO), including Co-Chairs Allan Thomson and Bret Jordan, along with TC Secretary Vasileios Mavroeidis.