An OASIS Work Product Repository
Members of the OASIS Open Command and Control (OpenC2) Technical Committee use this GitHub repository as part of the TC's chartered work. Contributors must be Members of the TC. Work is governed by the OASIS policies and is not done under typical open source licensing. For more details, see the Contributions and Licensing sections below.
Endpoint Detection and Response (EDR) technologies provide a means for continuous endpoint monitoring and analysis to more readily identify, detect, mitigate and remediate, or prevent advanced threats. This OpenC2 Actuator Profile defines the Actions, Targets, Specifiers and Options that are consistent with the version 1.0 of the OpenC2 Language Specification in the context of command and control of various endpoint response technologies.
OpenC2 work product repositories are organized a bit differently than typical open source software project repositories:
- The Published (default) branch represents the current, stable, approved version of the work product. If the product hasn't progressed past an OASIS Committee Specification Draft (CSD), this branch is essentially empty
- The Working branch is where all work-in-progress content is captured, and is the place to go for the current working version of this work product
More information about the TC's repository organizing conventions and branching strategy can be found in our Documentation Norms.
An Endpoint Detection and Response (EDR) system is a security mechanism which identifies malicious behaviours by recording system activities and comparing them to sets of signatures or heuristics. EDR systems facilitate in digital forensics and incident response by storing and indexing said events, as well as provide functionality to respond to security incidents as they pertain to actively exploited, infected or vulnerable endpoints.
OpenC2 has elected to separate the endpoint response (ER) portion of EDR from other aspects. This Actuator profile specifies the set of Actions, Targets, Specifiers, and Command Arguments that integrates ER functionality with the OpenC2 Command set. Through this Command set, cyber security orchestrators may gain visibility into and provide control over the ER functionality in a manner that is independent of the instance of the EDR implementation.
As stated in this repository's CONTRIBUTING file, contributors to this repository are expected to be Members of the OASIS OpenC2 TC, for any substantive change requests. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License.
Please see the LICENSE file for description of the license terms and OASIS policies applicable to the TC's work in this GitHub project. Content in this repository is intended to be part of the OpenC2 TC's permanent record of activity, visible and freely available for all to use, subject to applicable OASIS policies, as presented in the repository LICENSE file.
Members of the OASIS Open Command and Control (OpenC2) TC create and manage technical content in this TC GitHub repository ( https://github.com/oasis-tcs/openc2-ap-er ) as part of the TC's chartered work (i.e., the program of work and deliverables described in its charter).
OASIS TC GitHub repositories, as described in GitHub Repositories for OASIS TC Members' Chartered Work, are governed by the OASIS TC Process, IPR Policy, and other policies, similar to TC Wikis, TC JIRA issues tracking instances, TC SVN/Subversion repositories, etc. While they make use of public GitHub repositories, these TC GitHub repositories are distinct from OASIS Open Repositories, which are used for development of open source licensed content.
Please send questions or comments about OASIS TC GitHub repositories to the OASIS TC Administrator. For questions about content in this repository, please contact the TC Chair or Co-Chairs as listed on the the TC's home page.