-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature/157 improve playbook execution speed by embedding the json sc…
…hemas (#199)
- Loading branch information
1 parent
c1217ec
commit 06f59c8
Showing
57 changed files
with
3,356 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
{ | ||
"$id": "agent-target", | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"title": "agent-target", | ||
"description": "In a CACAO playbook, agents are the entities that execute commands (see section 5) on or against targets. Agents are stored in a dictionary where the ID is the key and the value is an 'agent-target' object (see section 10.1). Targets are stored in a dictionary where the ID is the key and the value is an 'agent-target' object (see section 10.1). Common properties for agents and targets are defined in section 7.1. \n\nAgents can involve either manual or automated processing. For example, an individual may process a command manually, while a firewall may process a command automatically. An agent and target type vocabulary is defined in section 7.2, and each agent and target type is further defined in the rest of the sections. Types include security infrastructure such as firewalls, routers, and threat intelligence platforms, as well as specific network addressable agents like URLs and IPv4/IPv6/MAC addresses. \n\nAgents and targets can use and refer to variables just like other parts of the playbook. For any agent or target property value, the producer may define a variable substitution such that the actual property value is determined at runtime based on the variable assigned to the agent or target. In Example 7.1, an agent is referenced within a workflow step, but the agent's actual values are based on variables (e.g., name, email, phone, location) instead of being hard-coded by the agent itself. \n\nEach object (agent or target) contains base properties that are common across all objects. These properties are defined in the following table. The ID for each object is stored as the key in the agent_definitions dictionary or the target_definitions dictionary.", | ||
"type": "object", | ||
"properties": { | ||
"type": { | ||
"$ref": "#/$defs/agent-target-type-ov", | ||
"description": "The type of object being used. The value of this property SHOULD come from the 'agent-target-type-ov' vocabulary." | ||
}, | ||
"name": { | ||
"type": "string", | ||
"description": "The name that represents this object that is meant to be displayed in a user interface or captured in a log message. This property MUST be populated." | ||
}, | ||
"description": { | ||
"type": "string", | ||
"description": "More details, context, and possibly an explanation about this object. This property SHOULD be populated." | ||
}, | ||
"location": { | ||
"$ref": "../data-types/civic-location.json", | ||
"description": "Physical address information for this object." | ||
}, | ||
"agent_target_extensions": { | ||
"minProperties": 1, | ||
"type": "object", | ||
"patternProperties": { | ||
"^extension-definition--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$": { | ||
"type": "object" | ||
} | ||
}, | ||
"description": "This property declares the extensions that are in use on this action or target and contains any of the properties and values that are to be used by that extension. \n\nThe key for each entry in the dictionary MUST be an 'identifier' (see section 10.10 for more information on identifiers) that uniquely identifies the extension. The value for each key is a JSON object that contains the structure as defined in the extension definition's schema property. The actual step extension definition is located in the 'extension_definitions' property found at the Playbook level." | ||
} | ||
}, | ||
"required": [ | ||
"type", | ||
"name" | ||
], | ||
"$defs": { | ||
"agent-target-type-ov": { | ||
"anyOf": [ | ||
{ | ||
"type": "string" | ||
}, | ||
{ | ||
"type": "string", | ||
"enum": [ | ||
"group", | ||
"individual", | ||
"location", | ||
"organization", | ||
"sector", | ||
"http-api", | ||
"linux", | ||
"net-address", | ||
"security-category", | ||
"ssh" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"$id": "agent-target", | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"title": "group", | ||
"description": "This type defines a group object and is used for commands that need to be processed or executed by a group. This object inherits the common agent properties. In addition to the inherited properties, this section defines the following additional property that is valid for this type.", | ||
"type": "object", | ||
"allOf": [ | ||
{ | ||
"$ref": "agent-target.json" | ||
}, | ||
{ | ||
"properties": { | ||
"type": { | ||
"type": "string", | ||
"description": "The value of this property MUST be 'group'.", | ||
"enum": [ | ||
"group" | ||
] | ||
}, | ||
"contact": { | ||
"$ref": "../data-types/contact.json", | ||
"description": "Contact information for this agent." | ||
} | ||
} | ||
} | ||
] | ||
} |
Oops, something went wrong.