eiyuki
commented
5 years ago Intrusion Set names are free text. There's no specific meaning to having "[Playbook]" in the STIX2 name field. Whoever was working on the Playbook at the time added it as a note.
I can see why the this might be confusing if it is in some Playbooks and not in others. I will take a look at removing this from the Intrusion Set names for all Playbooks and push it along with some additional cleanup for certain pattern. This should be done shortly.
borgendorf
Hi there, I'm curious why some IntrusionSet names are prepended with "[Playbook]" and others aren't. Examples include Muddy Water, Cobalt Gang, and Chafer. Will all of the names be normalized at some point so they all either include that string or don't? Thanks!