Hello!
This is my firstÂinquiry with the CACAO TC so I'd like to quickly introduce myself for context. I'm a Staff Engineer forÂa securityÂcompany and I'm working on standardizing my team's incident playbooks with regard to general site reliability, which led me to CACAO. Also, this is my first comment on an OASIS forum, so please bear with my verbosity :)
As I mentioned, I'm viewing an incident through the lens of the ITIL where "an incident is an unplanned interruption to a service, or reduction in the quality of service," opposed to an actual security incident, however the CACAO specification still offers value for my internal needs. With that, I was curious if there had been consideration given to abstracting out a general CACAO playbook specification (not security focused)? A more general schema may exclude "target" and the "workflow: attack" for instance. I know these aren't required but by creating a parent playbook spec, but this could expand application to a broad group, encouraging adoption and contribution long term.
Another item of interest for me is the Identifier specification. I understand the benefit and need for the Identifier, but it does add overhead for manual adoption since a simple template will necessitate a shell command to generate another uuid. This makes sense for a large shareable library spanning organizations, but it could add a hurdle for those considering adoption. With limited adoption, who will open source the GUI to support the data model?
This leads to my last question. Are there any efforts to develop a UI to visualize CACAO or manage CACAO data models? I understand this is likely outside the scope, but I imagine other members may have similar interests. My recent engineering track has been mostly backend/arch focused, but I would be willing to brush up and contribute if there's a group forming.
Thank you again for all of your support and contributions. Kind regards,
Chris Halbert