Cybersecurity Playbook Sharing with STIX 2.1. (arXiv:2203.04136v1 [cs.CR])

Understanding that interoperable machine-readable security playbooks will
become a fundamental component of defenders' arsenal to decrease attack
detection and response times, it is time to consider their position in sharing
efforts. This report documents the process of extending Structured Threat
Information eXpression (STIX) version 2.1, using the available extension
definition mechanism, to enable sharing machine-readable security playbooks
and, in particular, Collaborative Automated Course of Action Operations (CACAO)
playbooks.

cybersecurity playbook sharing stix