Cybersecurity Playbook Sharing with STIX 2.1. (arXiv:2203.04136v4 [cs.CR] UPDATED)

Understanding that interoperable security playbooks will become a fundamental
component of defenders' arsenal to decrease attack detection and response
times, it is time to consider their position in structured sharing efforts.
This report documents the process of extending Structured Threat Information
eXpression (STIX) version 2.1, using the available extension definition
mechanism, to enable sharing security playbooks, including Collaborative
Automated Course of Action Operations (CACAO) playbooks.

cybersecurity playbook sharing stix