add examples to adoc

extension-definition-specifications/incident-core/Incident Extension Suite.adoc

@@ -97,6 +97,13 @@ The Incident object should have sufficient properties to represent the current s
 
 The properties and additional types within the Incident Core Extension are defined below. As this is an extension of a top-level object, fields such as identifier are not present.  This extension *MUST* use [stixliteral]#extension-definition--ef765651-680c-498d-9894-99799f2fa126# as its extension ID.
 
+*2.1 Example*
+
+[source,json]
+----
+include::examples/example_2.1.json[]
+----
+
 <<<
 
 [width="100%",cols="37%,23%,40%",options="header"]
@@ -246,6 +253,14 @@ This can be used to supplement the created_by_ref in cases where external author
 === 2.2. Event
 
 This new sdo extension *MUST* use [stixliteral]#extension-definition--4ca6de00-5b0d-45ef-a1dc-ea7279ea910e# as its extension ID.
+
+*2.2 Example*
+
+[source,json]
+----
+include::examples/example_2.2.json[]
+----
+
 [width="100%",cols="100%",stripes=odd]
 |===
 ^|[stixtr]*Required Common Properties*
@@ -433,6 +448,13 @@ For example, a dropper running allowed a ransomware tool to be downloaded and ru
 === 2.3. Impact
 This new sdo extension *MUST* use [stixliteral]#extension-definition--7cc33dd6-f6a1-489b-98ea-522d351d71b9# as its extension ID.
 
+*2.3 Example*
+
+[source,json]
+----
+include::examples/example_2.3.json[]
+----
+
 [width="100%",cols="100%",stripes=odd]
 |===
 ^|[stixtr]*Required Common Properties*
@@ -777,6 +799,13 @@ The value of this property *MUST* come from the [stixtype]#<<traceability-enum,t
 [[task]]
 === 2.4. Task
 
+*2.4 Example*
+
+[source,json]
+----
+include::examples/example_2.4.json[]
+----
+
 [width="100%",cols="100%",stripes=odd]
 |===
 ^|[stixtr]*Required Common Properties*
@@ -1043,6 +1072,13 @@ _0 individuals_
 [[event-entry]]
 === 3.2. Event Entry Object Type
 
+*3.2 Example*
+
+[source,json]
+----
+include::examples/example_3.2.json[]
+----
+
 *Type Name:* [stixtype]#event-entry#
 
 [width="100%",cols="37%,23%,40%",options="header",]
@@ -1077,6 +1113,13 @@ Default value is [stixliteral]#true#.
 Event sequence entries store references to subsequent steps for an event entry.
 As these are always stored in an array of steps within an array of event entries validation rules for *event_ref* *MUST* be performed against the entire array of event entries.
 
+*3.3 Example*
+
+[source,json]
+----
+include::examples/example_3.3.json[]
+----
+
 *Type Name:* [stixtype]#event-sequence-entry#
 
 [width="100%",cols="37%,23%,40%",options="header",]
@@ -1112,6 +1155,13 @@ The values of this property *MUST* come from the [stixtype]#<<activity-transitio
 [[incident-score]]
 === 3.4. Incident Score Object Type
 
+*3.4 Example*
+
+[source,json]
+----
+include::examples/example_3.4.json[]
+----
+
 *Type Name:* [stixtype]#incident-score#
 [width="100%",cols="37%,23%,40%",options="header",]
 |===
@@ -1137,6 +1187,13 @@ The values of this property *MUST* come from the [stixtype]#<<activity-transitio
 [[state-change]]
 === 3.5. State Change Object Type
 
+*3.5 Example*
+
+[source,json]
+----
+include::examples/example_3.5.json[]
+----
+
 *Type Name:* [stixtype]#state-change#
 
 The *initial_ref* or *result_ref* *MUST* be populated.
@@ -1183,6 +1240,13 @@ If the *initial_ref* is populated this *MUST* reference the same type of SDO.
 [[task-entry]]
 === 3.6. Task Entry Object Type
 
+*3.6 Example*
+
+[source,json]
+----
+include::examples/example_3.6.json[]
+----
+
 *Type Name:* [stixtype]#task-entry#
 
 [width="100%",cols="37%,23%,40%",options="header",]
@@ -1217,6 +1281,13 @@ Default value is [stixliteral]#true#.
 Task sequence entries store references to subsequent steps for a task entry.
 As these are always stored in an array of steps within an array of task entries validation rules for *task_ref* *MUST* be performed against the entire array of task entries.
 
+*3.7 Example*
+
+[source,json]
+----
+include::examples/example_3.7.json[]
+----
+
 *Type Name:* [stixtype]#task-sequence-entry#
 
 [width="100%",cols="37%,23%,40%",options="header",]