chg: [security-playbook] jq all the things

objects/security-playbook/definition.json

@@ -1,34 +1,100 @@
 {
-  "attributes":{
-    "description":{
-      "description":"An explanation, details, and more context about what this playbook does and tries to accomplish.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
+  "attributes": {
+    "description": {
+      "description": "An explanation, details, and more context about what this playbook does and tries to accomplish.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
-    "playbook-id":{
-      "description":"A value that uniquely identifies the playbook. If the playbook itself embeds an identifier then the playbook-id SHOULD use the same identifier (value). If not, the producer MAY generate a unique identifier for the playbook.",
-      "disable_correlation":false,
-      "misp-attribute":"text",
-      "ui-priority":1
+    "labels": {
+      "description": "Labels for this playbook (e.g., adversary persona names, associated groups, malware family/variant/name that this playbook is related to). Another option is to use MISP tags, taxonomies, and galaxies.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
     },
-    "revoked":{
-      "description":"A boolean that identifies if the playbook is no longer valid (revoked).",
-      "disable_correlation":true,
-      "misp-attribute":"boolean",
-      "sane_default":[
-        "True",
-        "False"
-      ],
-      "ui-priority":1
+    "organization-type": {
+      "description": "The type of organization that the playbook is intended for. This can be an industry sector. Another option is to use MISP tags, taxonomies, and galaxies.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
     },
-    "playbook-type":{
-      "description":"The security-related functions the playbook supports. A playbook may account for multiple types (e.g., detection and investigation). The listed options are based on the CACAO standard and NIST SP 800-61 rev2. Another option is to use MISP tags, taxonomies, and galaxies.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "multiple":true,
-      "ui-priority":1,
-      "values_list":[
+    "playbook-abstraction": {
+      "description": "The playbook’s level of abstraction (with regards to consumption).",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1,
+      "values_list": [
+        "template",
+        "executable"
+      ]
+    },
+    "playbook-base64": {
+      "description": "The entire playbook file/document encoded in base64.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-creation-time": {
+      "description": "The date and time at which the playbook was originally created.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "playbook-creator": {
+      "description": "The entity that created the playbook. It can be a natural person or an organization. It may be represented using a unique identifier that identifies the creator.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-file": {
+      "description": "The entire playbook file/document in its native format (e.g., CACAO JSON or BPMN).",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "playbook-id": {
+      "description": "A value that uniquely identifies the playbook. If the playbook itself embeds an identifier then the playbook-id SHOULD use the same identifier (value). If not, the producer MAY generate a unique identifier for the playbook.",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-impact": {
+      "description": "From 0 to 100, a value representing the impact the playbook has on the organization. A value of 0 means specifically undefined. Impact values range from 1, the lowest impact, to a value of 100, the highest. For example, a purely investigative playbook that is non-invasive could have a low impact value of 1. In contrast, a playbook that performs changes such as adding rules into a firewall should have a higher impact value.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-modification-time": {
+      "description": "The date and time at which the playbook was last modified.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "playbook-priority": {
+      "description": "From 0 to 100, a value representing the priority of this playbook relative to other defined playbooks. A value of 0 means specifically undefined. Priority values range from 1, the highest priority, to a value of 100, the lowest.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-severity": {
+      "description": "From 0 to 100, a value representing the seriousness of the conditions that this playbook addresses. A value of 0 means specifically undefined. Severity values range from 1, the lowest severity, to a value of 100, the highest.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-standard": {
+      "description": "The standard/format/notation the playbook conforms to (e.g., CACAO, BPMN).",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "playbook-type": {
+      "description": "The security-related functions the playbook supports. A playbook may account for multiple types (e.g., detection and investigation). The listed options are based on the CACAO standard and NIST SP 800-61 rev2. Another option is to use MISP tags, taxonomies, and galaxies.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1,
+      "values_list": [
         "notification",
         "detection",
         "investigation",
@@ -42,105 +108,39 @@
         "attack"
       ]
     },
-    "organization-type":{
-      "description":"The type of organization that the playbook is intended for. This can be an industry sector. Another option is to use MISP tags, taxonomies, and galaxies.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "multiple":true,
-      "ui-priority":1
+    "playbook-valid-from": {
+      "description": "The date and time from which the playbook is considered valid and the steps that it contains can be executed.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
     },
-    "labels":{
-      "description":"Labels for this playbook (e.g., adversary persona names, associated groups, malware family/variant/name that this playbook is related to). Another option is to use MISP tags, taxonomies, and galaxies.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "multiple":true,
-      "ui-priority":1
+    "playbook-valid-until": {
+      "description": "The date and time from which the playbook should no longer be considered a valid playbook to be executed.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
     },
-    "playbook-standard":{
-      "description":"The standard/format/notation the playbook conforms to (e.g., CACAO, BPMN).",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
-    },
-    "playbook-abstraction":{
-      "description":"The playbook’s level of abstraction (with regards to consumption).",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1,
-      "values_list":[
-        "template",
-        "executable"
-      ]
-    },
-    "playbook-creator":{
-      "description":"The entity that created the playbook. It can be a natural person or an organization. It may be represented using a unique identifier that identifies the creator.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
-    },
-    "playbook-creation-time":{
-      "description":"The date and time at which the playbook was originally created.",
-      "disable_correlation":true,
-      "misp-attribute":"datetime",
-      "ui-priority":1
-    },
-    "playbook-modification-time":{
-      "description":"The date and time at which the playbook was last modified.",
-      "disable_correlation":true,
-      "misp-attribute":"datetime",
-      "ui-priority":1
-    },
-    "playbook-impact":{
-      "description":"From 0 to 100, a value representing the impact the playbook has on the organization. A value of 0 means specifically undefined. Impact values range from 1, the lowest impact, to a value of 100, the highest. For example, a purely investigative playbook that is non-invasive could have a low impact value of 1. In contrast, a playbook that performs changes such as adding rules into a firewall should have a higher impact value.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
-    },
-    "playbook-priority":{
-      "description":"From 0 to 100, a value representing the priority of this playbook relative to other defined playbooks. A value of 0 means specifically undefined. Priority values range from 1, the highest priority, to a value of 100, the lowest.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
-    },
-    "playbook-severity":{
-      "description":"From 0 to 100, a value representing the seriousness of the conditions that this playbook addresses. A value of 0 means specifically undefined. Severity values range from 1, the lowest severity, to a value of 100, the highest.",
-      "disable_correlation":true,
-      "misp-attribute":"text",
-      "ui-priority":1
-    },
-    "playbook-valid-from":{
-      "description":"The date and time from which the playbook is considered valid and the steps that it contains can be executed.",
-      "disable_correlation":true,
-      "misp-attribute":"datetime",
-      "ui-priority":1
-    },
-    "playbook-valid-until":{
-      "description":"The date and time from which the playbook should no longer be considered a valid playbook to be executed.",
-      "disable_correlation":true,
-      "misp-attribute":"datetime",
-      "ui-priority":1
-    },
-    "playbook-file":{
-      "description":"The entire playbook file/document in its native format (e.g., CACAO JSON or BPMN).",
-      "misp-attribute":"attachment",
-      "ui-priority":1
-    },
-    "playbook-base64":{
-      "description":"The entire playbook file/document encoded in base64.",
-      "misp-attribute":"text",
-      "ui-priority":1
+    "revoked": {
+      "description": "A boolean that identifies if the playbook is no longer valid (revoked).",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "sane_default": [
+        "True",
+        "False"
+      ],
+      "ui-priority": 1
     }
   },
-  "description":"The security-playbook object provides meta-information and allows managing, storing, and sharing cybersecurity playbooks and orchestration workflows.",
-  "meta-category":"misc",
-  "name":"security-playbook",
-  "required":[
+  "description": "The security-playbook object provides meta-information and allows managing, storing, and sharing cybersecurity playbooks and orchestration workflows.",
+  "meta-category": "misc",
+  "name": "security-playbook",
+  "required": [
     "playbook-id"
   ],
-  "requiredOneOf":[
+  "requiredOneOf": [
     "playbook-file",
     "playbook-base64"
   ],
-  "uuid":"48894c92-447b-4abe-b093-360c4d823e9d",
-  "version":3
-}
+  "uuid": "48894c92-447b-4abe-b093-360c4d823e9d",
+  "version": 3
+}