Informace o publikaci
CRUSOE 1.1: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling Inspired by the OODA Loop
| Autoři | |
|---|---|
| Rok publikování | 2024 |
| Druh | Software |
| Fakulta / Pracoviště MU | |
| www | https://github.com/CSIRT-MU/CRUSOE |
| Popis | The growing size and complexity of today's computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. The cybersecurity teams and operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. The CRUSOE toolset supports the cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act) and achieving cyber situational awareness in a large and heterogeneous environment. CRUSOE toolset in the 1.1 version composes of the tools developed in the project of the same name, but was extended with novel features. The first public version used a combination of active and passive network monitoring to enumerate cyber assets and discover their vulnerabilities, visualize the collected data in a dashboard, conduct a risk assessment to recommend the most resilient infrastructure configuration, and facilitate attack mitigation. It also used novel approaches, such as a graph database for storing the data on cyber assets, which essentially became a knowledge graph for network security management. In the recent development, additional recommender systems and attack impact assessment capabilities and their visualizations were implemented. Further, the deployment was automated and several sample datasets were created to facilitate the demonstration of the toolset. |
| Související projekty: |