STAR: Structured Threat Automated Response

Automates response actions for cybersecurity threats by executing STIX Course of Action objects in Python.
Technology No. CW-20-10
Structured Threat Automated Response (STAR) is a script that creates a Python run-time for automated response actions included in the Structure Threat Information Expression (STIX) Course of Action object. This script can parse a valid STIX JSON file and execute the included Course of Action.

STAR supports the Validation and Measurement of Automated Response (VMAR) project by providing a limited, yet novel, automated response capability to protect the electric grid. Currently, no complete automated response technique exists for the electric sector. However, this software will contribute to solving that problem by providing part of the solution.

STAR is platform agnostic, lightweight, and flexible. It introduces new methods for parsing and executing automated response techniques associated with indicators of compromise. Through custom Python parsing, STAR enables the execution of tailored courses of action. While STAR has its limitations, it serves as a foundation for advancing automated response technologies using the STIX standard.
This software is open source and available at no cost. Download now by visiting the product's GitHub page.

  • swap_vertical_circlemode_editAuthors (4)
    Bryce McClurg
    Aaron Cowley
    Bryan Beckman
    Rita Foster
  • swap_vertical_circlecloud_downloadSupporting documents (1)
    Product brochure
    STAR: Structured Threat Automated Response.pdf
    DOWNLOAD
Questions about this technology?
Contact us