From Legacy to Standard: LLM-Assisted Transformation of Cybersecurity Playbooks into CACAO Format
摘要
Existing cybersecurity playbooks are often written in heterogeneous, non-machine-readable formats, which limits their automation and interoperability across Security Orchestration, Automation, and Response platforms. This paper explores the aptitude of Large Language Models with Prompt Engineering to automatically translate legacy incident response playbooks into the standardized, machine-readable CACAO format. We systematically examine various Prompt Engineering techniques and design prompts aimed at maximizing syntactic accuracy and semantic fidelity for control flow preservation. Our transformation pipeline integrates a syntax checker to ensure syntactic correctness, and it features an iterative refinement mechanism that progressively reduces syntactic errors. We evaluate our approach on a custom-generated dataset comprising diverse legacy playbooks paired with manually created CACAO references. The results demonstrate that our method significantly improves the accuracy of playbook transformation over baseline models, effectively captures complex workflow structures, and substantially reduces errors. It highlights the potential for practical deployment in automated cybersecurity playbook transformation tasks.