2021-09-18 10:27:03 +00:00
|
|
|
:PROPERTIES:
|
|
|
|
|
:ID: e3296579-2f2e-4f23-92e2-1ce9fef6fe04
|
|
|
|
|
:END:
|
|
|
|
|
#+TITLE: Cisco Team History
|
|
|
|
|
#+Author: Yann Esposito
|
|
|
|
|
#+Date: [2021-09-18]
|
|
|
|
|
|
|
|
|
|
- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
|
|
|
|
|
- source ::
|
|
|
|
|
|
|
|
|
|
I would like to add my view about the Incident merging.
|
|
|
|
|
|
2021-09-18 10:29:44 +00:00
|
|
|
I think it is important to keep in mind the history of this team.
|
|
|
|
|
This team was built to be "the future" of Cisco Security.
|
|
|
|
|
The idea was lead by Dean and Craig.
|
|
|
|
|
The central notion of the product was /Playbooks/.
|
2021-09-18 10:31:03 +00:00
|
|
|
|
2021-09-18 10:34:45 +00:00
|
|
|
To my understanding, the main idea behind Playbooks was to have a kind of
|
|
|
|
|
meta system built by domain experts.
|
2021-09-18 10:36:38 +00:00
|
|
|
The end goal being to have a "smart view" of the complexity of a threat.
|
|
|
|
|
Being able to discover complex links between different warnings from
|
|
|
|
|
different places in the system.
|
|
|
|
|
For example one of the first mission given to the rule engine (and also
|
|
|
|
|
Jyoti worked on part of it at the beginning of the creation of this team)
|
|
|
|
|
was to generate COAs (Course of Actions) from Sightings.
|
|
|
|
|
This give a better idea about the potential
|
