search

opencybersecurityalliance / cacao-roaster

A web application for generating, parsing and validating, manipulating, and visualizing CACAO v2.0 playbooks.
Other
18 stars 7 forks source link

Roaster agent-target type doesn't appear to match the CACAO spec #13

Open dlemire60 opened 3 months ago

dlemire60 commented 3 months ago

I played some more and the way Roaster creates agent definitions doesn't seem to match what's in the spec. I created a net-address agent in Roaster:

"agent_definitions": {
  "agent-target--f24ee4da-68d9-49ea-ab06-39075e73106b": {
    "type": "net-address",

But the example in the spec (section 7.10) looks rather different:

"agent_definitions": {
  "net-address--6f6f9814-5982-4322-9a9c-0ef25d33ef2a": {
    "type": "net-address",

In the spec, the object's identifier starts with the type of agent, rather than the generic agent-target. If I search the text for "agent-target", that's the name for the object type but I never see it used as a literal value in the JSON examples.

And since that type is an open-vocab, a proper fix should handle user-defined agent types as well:

"agent_definitions": {
  "openc2-mqtt--6f6f9814-5982-4322-9a9c-0ef25d33ef2a": {
    "type": "openc2-mqtt",