There's a few options.
We could just add ansible collections as a standard set of playbooks with different entry points for each of the command supported in each of the playbooks. Those playbooks would be checked into GitHub repo so that people could use them as necessary with versioning...etc.
So you would have playbooks for ansible.builtin.command, ansible.kubernetes...etc.
Where each of the actions invokes the specific command supported in the collection identified by the caller.
Frankly, I think looking at the reference you sent shows a bunch of examples that would seem ansible.builtin.command takes a set of arguments (argv), names a command (in this example it seemed like shell commands for the most part), names output (either what is created or where an output list is generated) and returns.
That sounds very like what we already have defined just without the ansible.buildin.command prefix. Frankly everything else already exists in CACAO.
It seems to me ansible has defined the raw set of commands per technology (similar to what we already have for security technologies in CACAO list) but not the playbook itself.
Option B: Add Ansible Collection Commands Directly
------------------------------------------------------------------------
Alternative option is just add the underlying collections required to add to CACAO (like Kubernetes, Openvswitch, Splunk....etc) directy as commands.
We already did this for other technologies that are the mainstay of cybersecurity. Ansible expands that to all other IT technologies involved in management of the IT environment.
Option C: Ansible Collection Command Extensions
---------------------------------
A variation on Option B.
It might be better to consider defining extensions for each sub-technology of Ansible as commands sets in CACAO to avoid delaying the next update that much.
Allan
docs.ansible.com/ansible/latest/collections/ansible/... This is also why I think we should look at OpenC2 and see if it could be evolved into... -posted to the "OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security" community