The Cybersecurity resource CATalogue (CyCAT.org) #

CyCAT.org or the Cybersecurity Resource Catalogue aims at mapping and documenting, in a single formalism and catalogue all the community cybersecurity tools, rules, playbooks, processes and controls. CyCAT.org is positioned as a readily accessible catalogue for and by the community, distributed and non-commercial. Some level of moderation will be organised to assure the quality and reliability of the content.

Building on the success of existing initiatives such as CVE for vulnerabilities and elegant solutions such as the UUID used by MISP to uniquely identify and link events (e.g. which events extend or share attributes with one another), CyCAT.org provides mechanisms to programmatically attribute a unique identifier to:

  • Cybersecurity tools
  • Rules and rule sets (such as Sigma, YARA, Snort/Zeek/Suricata)
  • Fingerprinting rules (such as ja3, jarm)
  • Playbooks
  • Notebooks
  • Taxonomies
  • Vulnerabilities
  • Proof-of-concepts to validate such vulnerabilities
  • Data models (MISP Objects, STIX extension)
  • Mitigating controls

By making an API call, authors can reserve a unique identifier for their contributions, while providing simple metadata to describe their entry in the catalogue.

CYCAT will also provide a simple way for authors and contributors to suggest updates to the metadata of the entries in the library, flag links, overlaps between them, etc.

In addition, authors can query the library to identify whether the problem they are trying to tackle has already been solved elsewhere and avoid, if they so prefer, duplication of work.

CYCAT will offer users a web UI to query its content as well as CLI tools and API endpoints to interact with it and tag content that they are currently using or would like to experiment with in the future to have a holistic view of what they are using at a certain point in time in their operations, which rules, TTPs of IOC collections should be deprecated or replaced, which tools should be superseded by new ones, etc.

The aim is not to replace any existing initiative in cybersecurity but to link and offer better visibility to all project owners and user communities. CYCAT is a non-profit initiative runs by a team of motivated people to catalogue and crosslink cybersecurity resources.