"description":"An explanation, details, and more context about what this playbook does and tries to accomplish.",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"labels":{
"description":"Labels for this playbook (e.g., adversary persona names, associated groups, malware family/variant/name that this playbook is related to). Another option is to use MISP tags, taxonomies, and galaxies.",
"disable_correlation":true,
"misp-attribute":"text",
"multiple":true,
"ui-priority":1
},
"organization-type":{
"description":"The type of organization that the playbook is intended for. This can be an industry sector. Another option is to use MISP tags, taxonomies, and galaxies.",
"disable_correlation":true,
"misp-attribute":"text",
"multiple":true,
"ui-priority":1
},
"playbook-abstraction":{
"description":"The playbook’s level of abstraction (with regards to consumption).",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1,
"values_list":[
"template",
"executable"
]
},
"playbook-base64":{
"description":"The entire playbook file/document encoded in base64.",
"misp-attribute":"text",
"ui-priority":1
},
"playbook-creation-time":{
"description":"The date and time at which the playbook was originally created.",
"disable_correlation":true,
"misp-attribute":"datetime",
"ui-priority":1
},
"playbook-creator":{
"description":"The entity that created the playbook. It can be a natural person or an organization. It may be represented using a unique identifier that identifies the creator.",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"playbook-file":{
"description":"The entire playbook file/document in its native format (e.g., CACAO JSON or BPMN).",
"description":"A value that (uniquely) identifies the playbook. If the playbook itself embeds an identifier then the playbook-id SHOULD use the same identifier (value) for correlation purposes.",
"description":"From 0 to 100, a value representing the impact the playbook has on the organization. A value of 0 means specifically undefined. Impact values range from 1, the lowest impact, to a value of 100, the highest. For example, a purely investigative playbook that is non-invasive could have a low impact value of 1. In contrast, a playbook that performs changes such as adding rules into a firewall should have a higher impact value.",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"playbook-modification-time":{
"description":"The date and time at which the playbook was last modified.",
"disable_correlation":true,
"misp-attribute":"datetime",
"ui-priority":1
},
"playbook-priority":{
"description":"From 0 to 100, a value representing the priority of this playbook relative to other defined playbooks. A value of 0 means specifically undefined. Priority values range from 1, the highest priority, to a value of 100, the lowest.",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"playbook-severity":{
"description":"From 0 to 100, a value representing the seriousness of the conditions that this playbook addresses. A value of 0 means specifically undefined. Severity values range from 1, the lowest severity, to a value of 100, the highest.",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"playbook-standard":{
"description":"The standard/format/notation the playbook conforms to (e.g., CACAO, BPMN).",
"disable_correlation":true,
"misp-attribute":"text",
"ui-priority":1
},
"playbook-type":{
"description":"The security-related functions the playbook supports. A playbook may account for multiple types (e.g., detection and investigation). The listed options are based on the CACAO standard and NIST SP 800-61 rev2. Another option is to use MISP tags, taxonomies, and galaxies.",
