Cybersecurity threats are growing increasingly sophisticated, necessitating standardized, automated incident response via playbooks; however, the emerging CACAO (Cyber Automation and Coordination Application Ontology) standard lacks mature tooling—particularly a knowledge management system (KMS) supporting its full lifecycle—hindering operational adoption. To address this gap, we design and implement the first open-source, CACAO-compliant KMS. Our system adopts a modular microservices architecture and integrates JSON Schema validation, semantic versioning, RESTful APIs, and an extensible execution engine to enable standardized, scalable playbook governance. It is the only publicly available, fully documented CACAO KMS implementation to date. Empirical evaluation demonstrates significant improvements in playbook development velocity and cross-platform collaboration, while enhancing interoperability and engineering readiness of security orchestration, automation, and response (SOAR) workflows.

Modern cybersecurity threats are growing in complexity, targeting increasingly intricate&interconnected systems. To effectively defend against these evolving threats, security teams utilize automation&orchestration to enhance response efficiency and consistency. In that sense, cybersecurity playbooks are key enablers, providing a structured, reusable, and continuously improving approach to incident response, enabling organizations to codify requirements, domain expertise, and best practices and automate decision-making processes to the extent possible. The emerging Collaborative Automated Course of Action Operations (CACAO) standard defines a common machine-processable schema for cybersecurity playbooks, facilitating interoperability for their exchange and ensuring the ability to orchestrate and automate cybersecurity operations. However, despite its potential and the fact that it is a relatively new standardization work, there is a lack of tools to support its adoption and, in particular, the management&lifecycle development of CACAO playbooks, limiting their practical deployment. Motivated by the above, this work presents the design, development, and evaluation of a Knowledge Management System (KMS) for managing CACAO cybersecurity playbooks throughout their lifecycle, providing essential tools to streamline playbook management. Using open technologies&standards, the proposed approach fosters standards-based interoperability&enhances the usability of state-of-the-art cybersecurity orchestration&automation primitives. To encourage adoption, the resulting implementation is released as open-source, which, to the extent of our knowledge, comprises the first publicly available&documented work in this domain, supporting the broader uptake of CACAO playbooks&promoting the widespread use of interoperable automation and orchestration mechanisms in cybersecurity operations.