Your name:
  David Lemire
Project name:
  Open Command and Control (OpenC2)
Project email address:
  [1]openc2@lists.oasis-open.org
Work product title and version number:
  OpenC2 Actuator Profile for Threat Hunting v1.0
Work Product Abbreviation:
  ap-hunt
Track
  Standards Track work product
Abstract:
  This specification defines an actuator profile to automate management of cyber threat hunting activities using OpenC2. Threat hunting is the process of proactively and iteratively searching through networks and on endpoints to detect and isolate cyber observables that may indicate threats that evade existing security solutions. This actuator profile defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers invocation of stored hunting processes (e.g., “hunt books”), passing of hunt parameters, selection of analytics to apply to hunt data, and the expected type(s) and format(s) of information returned by hunting processes.
Format:
  Markdown
Chair(s):
  Duncan Sparrell (duncan@sfractal.com), sFractal Consulting LLC
Michael Rosa (mjrosa@nsa.gov), National Security Agency
Editor(s):
  David Lemire, National Security Agency, david.lemire@hii-tsd.com
Notes:
  A companion ticket will be submitted for a GitHub version control instance.
----------------------------------------------------------------------------------------
[1] openc2@lists.oasis-open.org