DBIS

The bachelor thesis project aims to automate the translation of unstructured or semi-structured cybersecurity playbooks into a standardized, machine-readable format (OASIS CACAO) using Large Language Models (LLMs). The research emphasizes ensuring the accuracy, reliability, and effectiveness of LLM-generated workflows during the translation process. This includes enabling security operators to convert unstructured text into structured workflows, supported by syntax checkers and playbook management components to ensure standard compliance and content accuracy. The thesis focuses on breaking down playbook translation tasks into instructions that are understandable by state-of-the-art LLMs, enhancing the existing CACAO syntax checker for syntax verification, and improving prompting. Additionally, a human feedback-driven approach is integrated to refine the results throughout different stages of information extraction and final playbook generation. This comprehensive approach aims to develop a robust methodology for effectively automating the translation of cybersecurity playbooks using LLMs.

* OASIS CACAO Specification: This document details the Collaborative Automated Course of Action Operations (CACAO) standard for cybersecurity playbooks: https://docs.oasis-open.org/cacao/security-playbooks/v2.0/security-playbooks-v2.0.html

* CACAO v2.0 syntax validator: https://github.com/opencybersecurityalliance/cacao-roaster/tree/main/src/diagram/modules/features/validator

* Playbook Examples:

1. The link to Phantom Cyber’s GitHub repository will provide simple practical examples of cybersecurity playbooks: https://github.com/phantomcyber/playbooks
2. https://github.com/luduslibrum/awesome-playbooks