An OASIS Work Product Repository
Members of the OASIS Open Command and Control (OpenC2) Technical Committee use this GitHub repository as part of the TC's chartered work. Contributors must be Members of the TC. Work is governed by the OASIS policies and is not done under typical open source licensing. For more details, see the Contributions and Licensing sections below.
This repository support development of a specification defining an actuator profile (AP) to automate management of cyber threat hunting activities using OpenC2.
OpenC2 work product repositories are organized a bit differently than typical open source software project repositories:
- The Published (default) branch represents the current, stable, approved version of the work product. If the product hasn't progressed past an OASIS Committee Specification Draft (CSD), this branch is essentially empty.
- The Working branch is where all work-in-progress content is captured, and is the place to go for the current working version of this work product.
More information about the TC's repository organizing conventions and branching strategy can be found in our Documentation Norms.
This specification defines an actuator profile to automate management of cyber threat hunting activities using OpenC2. Threat hunting is the process of proactively and iteratively searching through networks and on endpoints to detect and isolate cyber observables that may indicate threats that evade existing security solutions. This actuator profile defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers invocation of stored hunting processes (e.g., โhunt booksโ), passing of hunt parameters, selection of analytics to apply to hunt data, and the expected type(s) and format(s) of information returned by hunting processes.
As stated in this repository's CONTRIBUTING file, contributors to this repository are expected to be Members of the OASIS OpenC2 TC, for any substantive change requests. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License.
Please see the LICENSE file for description of the license terms and OASIS policies applicable to the TC's work in this GitHub project. Content in this repository is intended to be part of the OpenC2 TC's permanent record of activity, visible and freely available for all to use, subject to applicable OASIS policies, as presented in the repository LICENSE file.
This repository is designed to support TC members' work on a formal specification that describes the OpenC2 Actuator Profile for Threat Hunting. This GitHub repository supports development of the content and change tracking for the OpenC2 Actuator Profile for Threat Hunting as new working draft level revisions are created and the associated CSDs mature.
Members of the OASIS Open Command and Control (OpenC2) TC create and manage technical content in this TC GitHub repository ( https://github.com/oasis-tcs/openc2-ap-hunt ) as part of the TC's chartered work (i.e., the program of work and deliverables described in its charter).
OASIS TC GitHub repositories, as described in GitHub Repositories for OASIS TC Members' Chartered Work, are governed by the OASIS TC Process, IPR Policy, and other policies, similar to TC Wikis, TC JIRA issues tracking instances, TC SVN/Subversion repositories, etc. While they make use of public GitHub repositories, these TC GitHub repositories are distinct from OASIS Open Repositories, which are used for development of open source licensed content.
Please send questions or comments about OASIS TC GitHub repositories to the OASIS TC Administrator. For questions about content in this repository, please contact the TC Chair or Co-Chairs as listed on the the OpenC2 TC's OASIS home page.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent