Cybersecurity Playbook Sharing with STIX 2.1

Understanding that interoperable machine-readable security playbooks will become a fundamental component of defenders' arsenal to decrease attack detection and response times, it is time to consider their position in sharing efforts. This report documents the process of extending Structured Threat Information eXpression (STIX) version 2.1, using the available extension definition mechanism, to enable sharing machine-readable security playbooks and, in particular, Collaborative Automated Course of Action Operations (CACAO) playbooks.