University of Twente Student Theses

Login
As of Friday, 8 August 2025, the current Student Theses repository is no longer available for thesis uploads. A new Student Theses repository will be available starting Friday, 15 August 2025.

Translating Incident Response Playbooks from Enterprise-Specific Format to the CACAO standard

Visnausks, Arturs (2025) Translating Incident Response Playbooks from Enterprise-Specific Format to the CACAO standard.

[img] PDF
1MB
Abstract:With the sophistication and scale of cybersecurity attacks at an all-time high, many organisations use incident response playbooks. Playbooks are structured sets of instructions that guide security personnel in preventing, detecting and remediating cyberattacks. They also provide a way to automate repetitive processes, further reinforcing the security defence mechanism of a company. The Collaborative Automated Course of Action Operation (CACAO) is an ongoing project that aims to standardize incident response playbook format to enhance interoperability and collaboration between security teams. Since the CACAO standard was introduced only recently, many vendors still use their own playbook formats, and there is a lack of publicly available tools to translate them to the new standard. This research focuses on exploring possible approaches to translate proprietary playbook formats to the CACAO standard. We conduct an extensive analysis to identify the key components of the most common playbook formats. Then, we develop a proof of concept utilizing mapping files to transform vendor-specific playbooks to valid playbooks of the CACAO format. Finally, we evaluate the translation accuracy of the developed prototype tool.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:https://purl.utwente.nl/essays/107377
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page