SOCCRATES Vision Paper

Continuous innovation and investment in automation is needed in SOCs and CSIRTs to stay ahead of the threats. The SOCCRATES Vision Paper provides a vision and concrete next steps on innovative security automation and answers questions such as ‘Why should we invest in automated security and how do you start?’, ‘What does the Next Generation SOC looks like?’ and ‘How can we integrate automation into our way of working?’.

D6.3 SOCCRATES testing and verification report

This deliverable describes the approach and re-sults of the testing and verification of the SOCCRATES Platform. It includes a description of the testing environments, the tests and results.

D6.2 Initial version of the SOCCRATES platform

This deliverable describes the initial version of the SOCCRATES Platform prototype with the integration of the different components through the SOCCRATES Orchestrator and Integration Engine.

D5.3 Business Logic Modelling and Impact Analyser & Response Planner – Final prototype

This deliverable describes the final prototype of the Business Impact Analyser, Business Logic Modelling and Response Planner components. It describes their functionalities, their integration with the SOCCRATES platform, as well as the final version of the graphical interfaces.

D4.5 Report on the Threat of Adversarial Examples on AI for Cyber Security

This deliverable presents the results from two studies on adversarial machine learning (ML). Their goal is to examine the nature of this risk for cybersecurity-related applications of ML and to highlight the importance of training models in adversarial settings.

D4.4 Tactical Threat Intelligence for Attack Defence Graphs

This deliverable describes the developed demonstrator to enable automatic generation of Adversary Emulation Plans (AEPs). Furthermore, we show how this is integrated in the SOCCRATES Threat Intelligence Platform (TIP), and how the AEPs can be used by the SOCCRATES Attack Defence Graph (ADG) Analyser.

D4.3 Threat Identification and Threat Trend prediction – Final Prototype

This deliverable provides an overview of the prototyping work carried out as part of Task T4.2 in WP4: Threat Identification and Threat Trend Prediction.
It provides an overview of the platform developed for DNS/DGA threat identification and trend prediction. It goes in depth into DGA research with a focus on machine learning algorithms and their effectiveness at identifying DGA based threats.

D3.2 Final ADG based Attack prototypes

The overall objective of Work Package 3 is to develop the Infrastructure Modelling and Attack Defence Graph analyser & Course of Action Generator components of the SOCCRATES Platform. This deliverable describes the final versions of the Infrastructure Modelling Component, Attack Defence Graph analyser and Course of Action generator components.

D2.4 SOCCRATES Vision, Roadmap & Guidance for SOC

This deliverable will describe the vision and provide a roadmap with further developments of the SOCCRATES platform. It will also provide guidance for deployment of the SOCCRATES platform and on utilization of the SOC / CSIRT workforce in the near future.

D5.2 Business Logic Modelling and Impact Analyser & Response Planner – Initial prototype

This deliverable describes the initial prototype of the Business Impact Analyser, Business Logic Modelling and Response Planner components. It describes their functionalities, their integration with the SOCCRATES platform, as well as the cur-rent version of the graphical interfaces.

D3.3 Specification of the common ICT infrastructure reference meta model

The overall objective of Work Package 3 is to develop the Infrastructure Modelling and Attack De-fence Graph analyser & Course of Action Genera-tor components of the SOCCRATES Platform. This deliverable describes the concepts and structures of the infrastructure reference meta model which underpins these components.

D2.3 System Architecture and Interface Specification – Final version

This is the final version of the system architecture and interface specification. It describes all components of the full integrated version of the SOCCRATES platform, interfaces, and a description of how the platform is applied in each of the use cases.

D8.3 – SOCCRATES First dissemination report

This document is the intermediate report on dissemination activities and contains the progress of dissemination activities and standardization activities in the first half of the SOCCRATES project. We also have included the first ideas for exploitation of results during and after the project. Additionally, we report on the progress on the dissemination KPI’s as defined in the SOCCRATES Dissemination Plan.

D3.1 Initial ADG based Attack prototypes

The SOCCRATES platform consists of eleven components. This deliverable describes the initial prototype implementations of two of the components, the Infrastructure modelling component (IMC) and Attack Defence Graph.

D7.1 Pilot specification and plan

This deliverable presents the plan for the pilots in the SOCCRATES project: experiment design, use cases and scenarios, metrics, measurement methodologies, assumptions, pilot site requirements, and deployment. The goal of the pilots is to validate the SOCCRATES platform in a realistic environment.

This deliverable is classified as Project internal and therefore is not publicly published.

D6.1 Initial version of the SOCCRATES Platform Orchestration, Reconfiguration and Front-end

This deliverable details the initial results on the development of the SOCCRATES Orchestrator and Integration Engine and the plans for the development of the Reconfiguration capabilities and the SOCCRATES Web Front-end.

D5.1 Definition of the business model structure, inputs and interfaces

This deliverable describes the Business Logic modelling used for the Business Impact Analyser
of the SOCCRATES platform. It describes the model structure, inputs and interfaces.

D4.2 Threat Identification and Threat Trend Prediction – Initial Prototype

This deliverable provides an overview of the initial threat identification and trend prediction toolset prototyping carried out as part of Task 4.2 in WP4: Threat Identification and Threat Trend Prediction. A set of Dockerized tools utilizing ML and string similarity algorithms has been developed for the purpose of identifying and classifying DGA-based domains in large domain datasets derived from The Shadowserver Foundation’s malware sandbox.

D4.1 AI-based Attack Detection to Detect Advanced Threats

This deliverable provides an overview of all the algorithms and models to be used in the AI-based Attack Detection (AAD) component of the SOCCRATES platform. A set of intrusion detection tools and the over-arching reasoning engine used for correlating the produced alerts are described in detail. The efficiency of the pro-posed AAD component is illustrated by means of numerical experiments on the CIDDS public dataset. Integration and deployment matters are also addressed.

D2.2 System Architecture & Interface Specifications (Initial)

This deliverable describes the system architecture and interface specification of the SOCCRATES platform to support the SOCCRATES use cases.

This deliverable has been submitted to the EU, but please be aware that acceptance by the EU of this deliverable is outstanding.

D1.4 Data Management Plan

This document details the Voluntary DMP (VDMP) of the SOCCRATES project (deliverable D1.4) describing the chosen approach with regard to the management of the various categories of data processed by the project.

This deliverable has been submitted to the EU, but please be aware that acceptance by the EU of this deliverable is outstanding.

D8.2 Dissemination plan

This document contains the approach, activities, target groups, channels and high level planning for the dissemination of the SOCCRATES results to relevant stakeholders.

This deliverable has been submitted to the EU, but please be aware that acceptance by the EU of this deliverable is outstanding.

D2.1 Use cases definition & pilot sites requirements

This deliverable describes the five use cases that represent different security operations that the SOCCRATES platform should support, as well as the pilot site requirements for the Vattenfall, mnemonic and Shadowserver pilots.

This deliverable has been submitted to the EU, but please be aware that acceptance by the EU of this deliverable is outstanding.