Hi All,
I agree and support this proposal.
Best,
Mateusz Zych
On 2 Nov 2022, at 16:52, aa tt <
atcyber1000@gmail.com> wrote:
Rich et al - I m supportive of this change provided the proposed text to explain the template concept vs executable is updated to describe the use of this new property.
I assume this property would be required (?) and therefore we should decide what the default value (false) would indicate. I suggest that the default value should be the likely majority playbook class/category.
So if most playbooks will be templates then is_executable would be a good name and default to false.
If most playbooks would be executable then is_template might be better to name the property and that way the default value of false would work nicely.
Allan
On Nov 2, 2022, at 6:47 AM, Rich Piazza <
rpiazza@mitre.org> wrote:
Hi All,
On the working call yesterday there was a discussion about section 1.3 of the CACAO working document. Some of the important points:
The difference between an executable playbook and a playbook template is mostly subjective. There are suggestions to the text to help clarify this.
There is no difference between an executable playbook and a playbook template in terms of their properties
The term paybook class is confusing, since it is specified using the type property of a playbook.
A suggested proposal is to remove the concept of playbook classes, and replace it by a new Boolean property, maybe called is_executable , to differentiate
between executable playbooks and playbook templates.
Rich
--
Rich Piazza
Lead Cyber Security Engineer
The MITRE Corporation
781-271-3760
MITRE - Solving Problems for a Safer World