diff --git a/examples/caldera/basic-step.json b/examples/caldera/basic-step.json new file mode 100644 index 00000000..26f289a5 --- /dev/null +++ b/examples/caldera/basic-step.json @@ -0,0 +1,54 @@ +{ + "type": "playbook", + "spec_version": "cacao-2.0", + "id": "playbook--77bbe093-7e90-400c-a7c4-7b3a9396af15", + "name": "Caldera example playbook of a basic Caldera step", + "description": "This is a SOARCA TNO Red teaming example playbook.", + "created_by": "identity--0fc44117-48d3-41b8-8bd4-b8dc334f500d", + "created": "2024-10-08T07:49:16.348Z", + "modified": "2024-10-08T07:49:16.349Z", + "revoked": false, + "derived_from": [ + "playbook--879932d9-fea9-40c1-a5a4-3b3d2eec9835" + ], + "workflow_start": "start--025c407e-422e-4deb-8863-b3d4a8890f60", + "workflow": { + "start--025c407e-422e-4deb-8863-b3d4a8890f60": { + "on_completion": "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1", + "type": "start" + }, + "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1": { + "name": "Run some Caldera command", + "on_completion": "end--080de9ac-65c7-49f0-acd2-b21e92e34036", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command": "id: 36eecb80-ede3-442b-8774-956e906aff02" + } + ], + "agent": "soarca--00050001-1000-1000-a000-000100010001", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ] + }, + "end--080de9ac-65c7-49f0-acd2-b21e92e34036": { + "type": "end" + } + }, + "agent_definitions": { + "soarca--00050001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-caldera-cmd" + } + }, + "target_definitions": { + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e": { + "type": "security-category", + "name": "red", + "category": [ + "caldera" + ] + } + } +} \ No newline at end of file diff --git a/examples/caldera/consecutive-steps.json b/examples/caldera/consecutive-steps.json new file mode 100644 index 00000000..ad31eb1d --- /dev/null +++ b/examples/caldera/consecutive-steps.json @@ -0,0 +1,69 @@ +{ + "type": "playbook", + "spec_version": "cacao-2.0", + "id": "playbook--77bbe093-7e90-400c-a7c4-7b3a9396af15", + "name": "Caldera example playbook of two consecutive caldera steps being executed", + "description": "This is a SOARCA TNO Red teaming example playbook.", + "created_by": "identity--0fc44117-48d3-41b8-8bd4-b8dc334f500d", + "created": "2024-10-08T07:49:16.348Z", + "modified": "2024-10-08T07:49:16.349Z", + "revoked": false, + "derived_from": [ + "playbook--879932d9-fea9-40c1-a5a4-3b3d2eec9835" + ], + "workflow_start": "start--025c407e-422e-4deb-8863-b3d4a8890f60", + "workflow": { + "start--025c407e-422e-4deb-8863-b3d4a8890f60": { + "on_completion": "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1", + "type": "start" + }, + "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1": { + "name": "Run some Caldera command (check go)", + "on_completion": "action--3ad2d927-9480-4d05-bcbb-7d40b4da2266", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command": "id: 9849d956-37ea-49f2-a8b5-f2ca080b315d" + } + ], + "agent": "caldera--4801fe91-cd09-4da3-a67d-3d69cd9fec7c", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ] + }, + "action--3ad2d927-9480-4d05-bcbb-7d40b4da2266": { + "name": "Run another Caldera command (sleep)", + "on_completion": "end--080de9ac-65c7-49f0-acd2-b21e92e34036", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command": "id: 36eecb80-ede3-442b-8774-956e906aff02" + } + ], + "agent": "soarca--00050001-1000-1000-a000-000100010001", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ] + }, + "end--080de9ac-65c7-49f0-acd2-b21e92e34036": { + "type": "end" + } + }, + "agent_definitions": { + "soarca--00050001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-caldera-cmd" + } + }, + "target_definitions": { + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e": { + "type": "security-category", + "name": "red", + "category": [ + "caldera" + ] + } + } +} \ No newline at end of file diff --git a/examples/caldera/flow-control.json b/examples/caldera/flow-control.json new file mode 100644 index 00000000..96d9fffe --- /dev/null +++ b/examples/caldera/flow-control.json @@ -0,0 +1,110 @@ +{ + "type": "playbook", + "spec_version": "cacao-2.0", + "id": "playbook--a92fc24f-4adb-4ac2-8846-31968c23699a", + "name": "Caldera example playbook of control flow steps being used alongside Calders steps", + "description": "This is a SOARCA TNO Red teaming example playbook.", + "created_by": "identity--7f497236-2aa5-431b-b704-d7b26b319163", + "created": "2024-11-08T09:44:35.226Z", + "modified": "2024-11-08T09:44:53.904Z", + "revoked": false, + "derived_from": [ + "playbook--879932d9-fea9-40c1-a5a4-3b3d2eec9835", + "playbook--77bbe093-7e90-400c-a7c4-7b3a9396af15" + ], + "playbook_variables": { + "__should.execute.true__": { + "type": "string", + "description": "Some variable returned by caldera", + "value": "no", + "constant": false, + "external": false + } + }, + "workflow_start": "start--025c407e-422e-4deb-8863-b3d4a8890f60", + "workflow": { + "start--025c407e-422e-4deb-8863-b3d4a8890f60": { + "on_completion": "action--a7bfa1f8-bbcf-4cf6-b5df-605c8b27a479", + "type": "start" + }, + "action--a7bfa1f8-bbcf-4cf6-b5df-605c8b27a479": { + "name": "Get some information using a caldera ability (will always set __should.execute.true__ to yes)", + "on_completion": "if-condition--f00f0acb-a2ad-4832-b7c2-27d12506c6d7", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command_b64": "aWQ6IDA2NjRhZTQxLTg0NzktNDRlOC04NTRjLWE3MDRjNmFmYmM0MgpuYW1lOiBUZXN0IEFiaWxpdHkKZGVzY3JpcHRpb246IFNhbXBsZSBhYmlsaXR5CnRhY3RpYzogZGlzY292ZXJ5CnRlY2huaXF1ZV9pZDogVDEwMTYKdGVjaG5pcXVlX25hbWU6IFN5c3RlbSBOZXR3b3JrIENvbmZpZ3VyYXRpb24gRGlzY292ZXJ5CmJ1Y2tldHM6IFtdCnJlcXVpcmVtZW50czogW10KZXhlY3V0b3JzOgogIC0gcGxhdGZvcm06IGxpbnV4CiAgICBuYW1lOiBzaAogICAgY29tbWFuZDogZWNobyAtZW4gInllc1xuIgogICAgcGF5bG9hZHM6IFtdCiAgICB1cGxvYWRzOiBbXQogICAgY2xlYW51cDogW10KICAgIHZhcmlhdGlvbnM6IFtdCiAgICB0aW1lb3V0OiA2MAogICAgcGFyc2VyczoKICAgICAgLSBtb2R1bGU6IHBsdWdpbnMuc3RvY2twaWxlLmFwcC5wYXJzZXJzLmJhc2ljCiAgICAgICAgcGFyc2VyY29uZmlnczoKICAgICAgICAgIC0gc291cmNlOiBzaG91bGQuZXhlY3V0ZS50cnVl" + } + ], + "agent": "soarca--00050001-1000-1000-a000-000100010001", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ], + "out_args": [ + "__should.execute.true__" + ] + }, + "if-condition--f00f0acb-a2ad-4832-b7c2-27d12506c6d7": { + "on_completion": "end--32964690-69a0-4fb3-8124-0ce63c0e09b9", + "type": "if-condition", + "condition": "__should.execute.true__:value = yes", + "on_true": "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1", + "on_false": "action--3ad2d927-9480-4d05-bcbb-7d40b4da2266" + }, + "action--623a0a80-a4ac-4989-b1da-5e3660b2e4f1": { + "name": "Run some Caldera command if true (sleep)", + "on_completion": "end--080de9ac-65c7-49f0-acd2-b21e92e34036", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command": "id: 36eecb80-ede3-442b-8774-956e906aff02" + } + ], + "agent": "soarca--00050001-1000-1000-a000-000100010001", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ] + }, + "action--3ad2d927-9480-4d05-bcbb-7d40b4da2266": { + "name": "Run some Caldera command if false (enumerate python)", + "on_completion": "end--080de9ac-65c7-49f0-acd2-b21e92e34036", + "type": "action", + "commands": [ + { + "type": "caldera-cmd", + "command": "id: b18e8767-b7ea-41a3-8e80-baf65a5ddef5" + } + ], + "agent": "soarca--00050001-1000-1000-a000-000100010001", + "targets": [ + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e" + ] + }, + "end--32964690-69a0-4fb3-8124-0ce63c0e09b9": { + "type": "end" + }, + "end--080de9ac-65c7-49f0-acd2-b21e92e34036": { + "type": "end" + }, + "end--48d7d487-3c8a-4651-bbc2-40c519e2b9f7": { + "type": "end" + } + }, + "agent_definitions": { + "soarca--00050001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-caldera-cmd" + } + }, + "target_definitions": { + "security-category--b1ead715-d565-48f8-a6a4-0d5c4a3e643e": { + "type": "security-category", + "name": "red", + "category": [ + "caldera" + ] + } + } +}