mirror of https://github.com/MISP/MISP
Make the documentation "brand-neutral" to be able to develop it in a community.
parent
73e87f31e0
commit
ebec1d7f26
|
@ -4,8 +4,8 @@
|
|||
<hr/>
|
||||
<h2>Layout and features</h2>
|
||||
<h3>Main page:</h3>
|
||||
<p>The main page lists the events stored in the
|
||||
CyDefSIG site. See data structure section for further details.</p>
|
||||
<p>The main page lists the events stored on the
|
||||
site. See data structure section for further details.</p>
|
||||
<p>The <b>site PGP public key</b> and <b>log-out
|
||||
button</b> are at the bottom of the page and will be accessible in
|
||||
any page of the site.</p>
|
||||
|
@ -13,7 +13,7 @@ any page of the site.</p>
|
|||
<p>The left menu allows the user navigating to the different features/pages of the site:</p>
|
||||
<ul>
|
||||
<li><em>New Event:</em>
|
||||
<p>Allow user to create a new event. See How to share a malware signatures in CyDefSIG
|
||||
<p>Allow user to create a new event. See How to share a malware signatures
|
||||
section for further details.</p></li>
|
||||
<li><em>List Events: </em>
|
||||
<p>List all events and allows users to </p>
|
||||
|
@ -47,10 +47,16 @@ any page of the site.</p>
|
|||
<p></p></li>
|
||||
<li><em>Member List</em>
|
||||
<p>Provide statstics about the site.</p></li>
|
||||
<li><em>User Guide</em>
|
||||
<p>Displays this document.</p></li>
|
||||
<li><em>Terms & Conditions</em>
|
||||
<p>Defines terms of use of this platform.</p></li>
|
||||
<li><em>List Servers</em>
|
||||
<p>Displays a list of servers that the user synchronizes his account to.</p></li>
|
||||
</ul>
|
||||
|
||||
|
||||
<h2><a name="how_to_share"></A>How to share a malware/attack attributes in CyDefSIG</h2>
|
||||
<h2><a name="how_to_share"></A>How to share a malware/attack attributes</h2>
|
||||
<h3>Data structure</h3>
|
||||
<p>The following diagram depicts the data structure to store malware signatures.</p>
|
||||
<p><img src="/img/doc/data-structure.gif"></p>
|
||||
|
@ -77,7 +83,8 @@ events with same attributes.</p>
|
|||
<li>Fill-in the form:
|
||||
<ul>
|
||||
<li><em>Date*:</em> date of the malware was discovered</li>
|
||||
<li><em>Risk*:</em> estimated risk level related to the malware.<br/>
|
||||
<li><em>Private*:</em> is the event sharable with other servers. <small>(only in sync-mode)</small></li>
|
||||
<li><em>Risk*:</em> estimated risk level related to the malware.<br/>
|
||||
Guideline for risk level:
|
||||
<ul>
|
||||
<li>Undefined (default)</li>
|
||||
|
@ -86,8 +93,7 @@ events with same attributes.</p>
|
|||
<li>High - Very sophisticated APT (e.g. including 0-day)</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><em>Private*:</em> is the event sharable with other CyDefSIG servers. <small>(only in sync-mode)</small></li>
|
||||
<li><em>Info*:</em> High level information that can help to understand the malware/attack,
|
||||
<li><em>Info*:</em> High level information that can help to understand the malware/attack,
|
||||
like title and high level behavior.<br/>
|
||||
This field should remain as short as possible (recommended max 50 words).
|
||||
The full description of the malware behavior and its artifacts must
|
||||
|
@ -106,7 +112,7 @@ events with same attributes.</p>
|
|||
<ul>
|
||||
<li><em>Category*</em>: see Category section below</li>
|
||||
<li><em>Type*:</em> see Type section below</li>
|
||||
<li><em>Private*:</em> prevent upload of this specific Attribute to other CyDefSIG servers. <small>(only in sync-mode)</small></li>
|
||||
<li><em>Private*:</em> prevent upload of this specific Attribute to other servers. <small>(only in sync-mode)</small></li>
|
||||
<li><em>IDS Signature?</em>: Check this box if you want
|
||||
the attribute to be part of the IDS signature generated by the site.
|
||||
Make sure that the information in value is usable in an IDS
|
||||
|
@ -138,7 +144,7 @@ events with same attributes.</p>
|
|||
<li>Click <em>Publish Event</em> once all attributes are uploaded.<br/>
|
||||
<p>The application will then send the event with all uploaded information
|
||||
to all users of the site.<br/>
|
||||
In sync-mode the event will also be uploaded to other CyDefSIG servers users have configured in their profile.</p>
|
||||
In sync-mode the event will also be uploaded to other servers users have configured in their profile.</p>
|
||||
<p>You can modify, delete or add new attributes after publishing. In that case, any
|
||||
change will be accessible by other users via the GUI and only
|
||||
released by email to all users once you re-Publish the event.</p>
|
||||
|
@ -207,13 +213,13 @@ $attr = new Attribute();
|
|||
|
||||
<hr/>
|
||||
<h2>Export and Import</h2>
|
||||
<p>CyDefSIG has full support for automated data export and import.</p>
|
||||
<p>The platform has full support for automated data export and import.</p>
|
||||
<h3>IDS and script export</h3>
|
||||
<p>First of all you can export data in formats that are suitable for NIDS or scripts (text, xml,...).<br/>
|
||||
All details about this export can be found on the <?php echo $this->Html->link(__('Export', true), array('controller' => 'events', 'action' => 'export')); ?> page.
|
||||
</p>
|
||||
<h3>REST API</h3>
|
||||
<p>CydefSIG is also <a href="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTfull</a>, so this means you can use structured format (XML) to access Events data.</p>
|
||||
<p>The platform is also <a href="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTfull</a>, so this means you can use structured format (XML) to access Events data.</p>
|
||||
<h4>Requests</h4>
|
||||
<p>Use any HTTP compliant library to perform requests. However to make clear you are doing a REST request you need to either specify the <code>Accept</code> type to <code>application/xml</code>, or append <code>.xml</code> to the url.</p>
|
||||
<p>The following table shows the relation of the request type and the resulting action:</p>
|
||||
|
@ -321,13 +327,13 @@ Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</pre>
|
|||
<private>0</private>
|
||||
<attribute/>
|
||||
</Event></pre>
|
||||
<p>The response you're going to get is the following data:</p>
|
||||
<h2>FIXME </h2>
|
||||
<!-- <p>The response you're going to get is the following data:</p>
|
||||
<h2>FIXME </h2> -->
|
||||
|
||||
|
||||
|
||||
<h4>Example - Requesting an invalid page</h4>
|
||||
<h2>FIXME </h2>
|
||||
<!-- <h4>Example - Requesting an invalid page</h4>
|
||||
<h2>FIXME </h2> -->
|
||||
|
||||
|
||||
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 53 KiB |
Binary file not shown.
Before Width: | Height: | Size: 107 KiB After Width: | Height: | Size: 47 KiB |
Loading…
Reference in New Issue