Published July 13, 2023 | Version v1
Conference paper Open

A Model for Automated Cybersecurity Threat Remediation and Sharing


This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.



Files (123.8 kB)

Name Size Download all
123.8 kB Preview Download

Additional details


PALANTIR – Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises 883335
European Commission
FISHY – A coordinated framework for cyber resilient supply chain systems over complex ICT infrastructures 952644
European Commission