|
|
|
|
@ -2,29 +2,26 @@
|
|
|
|
|
<html lang="en">
|
|
|
|
|
<head>
|
|
|
|
|
<meta charset="UTF-8">
|
|
|
|
|
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
|
|
|
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
|
<meta name="generator" content="Asciidoctor 1.5.8">
|
|
|
|
|
<meta name="generator" content="Asciidoctor 2.0.17">
|
|
|
|
|
<meta name="author" content="MISP Project">
|
|
|
|
|
<title>Best Practices in Threat Intelligence</title>
|
|
|
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
|
|
|
|
<style>
|
|
|
|
|
/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
|
|
|
|
|
/* Uncomment @import statement below to use as custom stylesheet */
|
|
|
|
|
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
|
|
|
|
|
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
|
|
|
|
|
audio,canvas,video{display:inline-block}
|
|
|
|
|
audio:not([controls]){display:none;height:0}
|
|
|
|
|
script{display:none!important}
|
|
|
|
|
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
|
|
|
|
|
a{background:transparent}
|
|
|
|
|
/*! Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */
|
|
|
|
|
/* Uncomment the following line when using as a custom stylesheet */
|
|
|
|
|
/* @import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700"; */
|
|
|
|
|
html{font-family:sans-serif;-webkit-text-size-adjust:100%}
|
|
|
|
|
a{background:none}
|
|
|
|
|
a:focus{outline:thin dotted}
|
|
|
|
|
a:active,a:hover{outline:0}
|
|
|
|
|
h1{font-size:2em;margin:.67em 0}
|
|
|
|
|
abbr[title]{border-bottom:1px dotted}
|
|
|
|
|
b,strong{font-weight:bold}
|
|
|
|
|
abbr{font-size:.9em}
|
|
|
|
|
abbr[title]{cursor:help;border-bottom:1px dotted #dddddf;text-decoration:none}
|
|
|
|
|
dfn{font-style:italic}
|
|
|
|
|
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
|
|
|
|
|
hr{height:0}
|
|
|
|
|
mark{background:#ff0;color:#000}
|
|
|
|
|
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
|
|
|
|
pre{white-space:pre-wrap}
|
|
|
|
|
@ -36,20 +33,22 @@ sub{bottom:-.25em}
|
|
|
|
|
img{border:0}
|
|
|
|
|
svg:not(:root){overflow:hidden}
|
|
|
|
|
figure{margin:0}
|
|
|
|
|
audio,video{display:inline-block}
|
|
|
|
|
audio:not([controls]){display:none;height:0}
|
|
|
|
|
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
|
|
|
|
legend{border:0;padding:0}
|
|
|
|
|
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
|
|
|
|
button,input{line-height:normal}
|
|
|
|
|
button,select{text-transform:none}
|
|
|
|
|
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
|
|
|
|
|
button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}
|
|
|
|
|
button[disabled],html input[disabled]{cursor:default}
|
|
|
|
|
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
|
|
|
|
|
input[type=checkbox],input[type=radio]{padding:0}
|
|
|
|
|
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
|
|
|
|
textarea{overflow:auto;vertical-align:top}
|
|
|
|
|
table{border-collapse:collapse;border-spacing:0}
|
|
|
|
|
*,*::before,*::after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
|
|
|
|
|
*,::before,::after{box-sizing:border-box}
|
|
|
|
|
html,body{font-size:100%}
|
|
|
|
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
|
|
|
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;line-height:1;position:relative;cursor:auto;-moz-tab-size:4;-o-tab-size:4;tab-size:4;word-wrap:anywhere;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
|
|
|
|
a:hover{cursor:pointer}
|
|
|
|
|
img,object,embed{max-width:100%;height:auto}
|
|
|
|
|
object,embed{height:100%}
|
|
|
|
|
@ -64,14 +63,12 @@ img{-ms-interpolation-mode:bicubic}
|
|
|
|
|
img,object,svg{display:inline-block;vertical-align:middle}
|
|
|
|
|
textarea{height:auto;min-height:50px}
|
|
|
|
|
select{width:100%}
|
|
|
|
|
.center{margin-left:auto;margin-right:auto}
|
|
|
|
|
.stretch{width:100%}
|
|
|
|
|
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
|
|
|
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
|
|
|
|
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0}
|
|
|
|
|
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
|
|
|
|
a:hover,a:focus{color:#1d4b8f}
|
|
|
|
|
a img{border:none}
|
|
|
|
|
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
|
|
|
|
a img{border:0}
|
|
|
|
|
p{line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
|
|
|
|
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
|
|
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
|
|
|
|
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
|
|
|
|
@ -80,14 +77,14 @@ h2{font-size:1.6875em}
|
|
|
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
|
|
|
|
h4,h5{font-size:1.125em}
|
|
|
|
|
h6{font-size:1em}
|
|
|
|
|
hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
|
|
|
|
|
hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em}
|
|
|
|
|
em,i{font-style:italic;line-height:inherit}
|
|
|
|
|
strong,b{font-weight:bold;line-height:inherit}
|
|
|
|
|
small{font-size:60%;line-height:inherit}
|
|
|
|
|
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
|
|
|
|
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
|
|
|
|
ul,ol,dl{line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
|
|
|
|
ul,ol{margin-left:1.5em}
|
|
|
|
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
|
|
|
|
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0}
|
|
|
|
|
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
|
|
|
|
ul.square{list-style-type:square}
|
|
|
|
|
ul.circle{list-style-type:circle}
|
|
|
|
|
@ -95,36 +92,37 @@ ul.disc{list-style-type:disc}
|
|
|
|
|
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
|
|
|
|
dl dt{margin-bottom:.3125em;font-weight:bold}
|
|
|
|
|
dl dd{margin-bottom:1.25em}
|
|
|
|
|
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
|
|
|
|
|
abbr{text-transform:none}
|
|
|
|
|
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
|
|
|
|
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
|
|
|
|
|
blockquote cite::before{content:"\2014 \0020"}
|
|
|
|
|
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
|
|
|
|
|
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
|
|
|
|
@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
|
|
|
|
h1{font-size:2.75em}
|
|
|
|
|
h2{font-size:2.3125em}
|
|
|
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
|
|
|
|
h4{font-size:1.4375em}}
|
|
|
|
|
table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
|
|
|
|
|
table{background:#fff;margin-bottom:1.25em;border:1px solid #dedede;word-wrap:normal}
|
|
|
|
|
table thead,table tfoot{background:#f7f8f7}
|
|
|
|
|
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
|
|
|
|
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
|
|
|
|
table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
|
|
|
|
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
|
|
|
|
|
table tr.even,table tr.alt{background:#f8f8f7}
|
|
|
|
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{line-height:1.6}
|
|
|
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
|
|
|
|
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
|
|
|
|
.center{margin-left:auto;margin-right:auto}
|
|
|
|
|
.stretch{width:100%}
|
|
|
|
|
.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
|
|
|
|
|
.clearfix::after,.float-group::after{clear:both}
|
|
|
|
|
*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word}
|
|
|
|
|
*:not(pre)>code.nobreak{word-wrap:normal}
|
|
|
|
|
*:not(pre)>code.nowrap{white-space:nowrap}
|
|
|
|
|
pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
|
|
|
|
|
:not(pre).nobreak{word-wrap:normal}
|
|
|
|
|
:not(pre).nowrap{white-space:nowrap}
|
|
|
|
|
:not(pre).pre-wrap{white-space:pre-wrap}
|
|
|
|
|
:not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
|
|
|
|
|
pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed}
|
|
|
|
|
pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit}
|
|
|
|
|
pre>code{display:block}
|
|
|
|
|
pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal}
|
|
|
|
|
em em{font-style:normal}
|
|
|
|
|
strong strong{font-weight:400}
|
|
|
|
|
.keyseq{color:rgba(51,51,51,.8)}
|
|
|
|
|
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
|
|
|
|
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;border-radius:3px;box-shadow:0 1px 0 rgba(0,0,0,.2),inset 0 0 0 .1em #fff;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
|
|
|
|
.keyseq kbd:first-child{margin-left:0}
|
|
|
|
|
.keyseq kbd:last-child{margin-right:0}
|
|
|
|
|
.menuseq,.menuref{color:#000}
|
|
|
|
|
@ -136,7 +134,7 @@ b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
|
|
|
|
|
b.button::before{content:"[";padding:0 3px 0 2px}
|
|
|
|
|
b.button::after{content:"]";padding:0 2px 0 3px}
|
|
|
|
|
p a>code:hover{color:rgba(0,0,0,.9)}
|
|
|
|
|
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
|
|
|
|
#header,#content,#footnotes,#footer{width:100%;margin:0 auto;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
|
|
|
|
#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
|
|
|
|
|
#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
|
|
|
|
|
#content{margin-top:1.25em}
|
|
|
|
|
@ -144,7 +142,7 @@ p a>code:hover{color:rgba(0,0,0,.9)}
|
|
|
|
|
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
|
|
|
|
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf}
|
|
|
|
|
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px}
|
|
|
|
|
#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
|
|
|
|
|
#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:flex;flex-flow:row wrap}
|
|
|
|
|
#header .details span:first-child{margin-left:-.125em}
|
|
|
|
|
#header .details span.email a{color:rgba(0,0,0,.85)}
|
|
|
|
|
#header .details br{display:none}
|
|
|
|
|
@ -165,7 +163,7 @@ p a>code:hover{color:rgba(0,0,0,.9)}
|
|
|
|
|
#toctitle{color:#7a2518;font-size:1.2em}
|
|
|
|
|
@media screen and (min-width:768px){#toctitle{font-size:1.375em}
|
|
|
|
|
body.toc2{padding-left:15em;padding-right:0}
|
|
|
|
|
#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
|
|
|
|
#toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
|
|
|
|
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
|
|
|
|
|
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
|
|
|
|
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
|
|
|
|
@ -178,11 +176,11 @@ body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9
|
|
|
|
|
#toc.toc2>ul{font-size:.95em}
|
|
|
|
|
#toc.toc2 ul ul{padding-left:1.25em}
|
|
|
|
|
body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|
|
|
|
#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
|
|
|
|
#content #toc{border:1px solid #e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;border-radius:4px}
|
|
|
|
|
#content #toc>:first-child{margin-top:0}
|
|
|
|
|
#content #toc>:last-child{margin-bottom:0}
|
|
|
|
|
#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
|
|
|
|
|
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
|
|
|
|
|
#footer{max-width:none;background:rgba(0,0,0,.8);padding:1.25em}
|
|
|
|
|
#footer-text{color:hsla(0,0%,100%,.8);line-height:1.44}
|
|
|
|
|
#content{margin-bottom:.625em}
|
|
|
|
|
.sect1{padding-bottom:.625em}
|
|
|
|
|
@media screen and (min-width:768px){#content{margin-bottom:1.25em}
|
|
|
|
|
@ -194,55 +192,62 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|
|
|
|
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
|
|
|
|
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
|
|
|
|
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
|
|
|
|
.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
|
|
|
|
details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
|
|
|
|
details{margin-left:1.25rem}
|
|
|
|
|
details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;outline:none;-webkit-tap-highlight-color:transparent}
|
|
|
|
|
details>summary::-webkit-details-marker{display:none}
|
|
|
|
|
details>summary::before{content:"";border:solid transparent;border-left:solid;border-width:.3em 0 .3em .5em;position:absolute;top:.5em;left:-1.25rem;transform:translateX(15%)}
|
|
|
|
|
details[open]>summary::before{border:solid transparent;border-top:solid;border-width:.5em .3em 0;transform:translateY(15%)}
|
|
|
|
|
details>summary::after{content:"";width:1.25rem;height:1em;position:absolute;top:.3em;left:-1.25rem}
|
|
|
|
|
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
|
|
|
|
table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
|
|
|
|
|
.paragraph.lead>p,#preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
|
|
|
|
|
table.tableblock #preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:inherit}
|
|
|
|
|
.paragraph.lead>p,#preamble>.sectionbody>[class=paragraph]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
|
|
|
|
|
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
|
|
|
|
.admonitionblock>table td.icon{text-align:center;width:80px}
|
|
|
|
|
.admonitionblock>table td.icon img{max-width:none}
|
|
|
|
|
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
|
|
|
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6)}
|
|
|
|
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6);word-wrap:anywhere}
|
|
|
|
|
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
|
|
|
|
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
|
|
|
|
|
.exampleblock>.content{border:1px solid #e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;border-radius:4px}
|
|
|
|
|
.exampleblock>.content>:first-child{margin-top:0}
|
|
|
|
|
.exampleblock>.content>:last-child{margin-bottom:0}
|
|
|
|
|
.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
|
|
|
|
.sidebarblock{border:1px solid #dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;border-radius:4px}
|
|
|
|
|
.sidebarblock>:first-child{margin-top:0}
|
|
|
|
|
.sidebarblock>:last-child{margin-bottom:0}
|
|
|
|
|
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
|
|
|
|
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
|
|
|
|
.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
|
|
|
|
|
.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
|
|
|
|
|
.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;overflow-x:auto;padding:1em;font-size:.8125em}
|
|
|
|
|
@media screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}
|
|
|
|
|
@media screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}
|
|
|
|
|
.literalblock pre.nowrap,.literalblock pre.nowrap pre,.listingblock pre.nowrap,.listingblock pre.nowrap pre{white-space:pre;word-wrap:normal}
|
|
|
|
|
.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
|
|
|
|
|
.listingblock pre.highlightjs{padding:0}
|
|
|
|
|
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
|
|
|
|
|
.listingblock pre.prettyprint{border-width:0}
|
|
|
|
|
.literalblock pre,.listingblock>.content>pre{border-radius:4px;overflow-x:auto;padding:1em;font-size:.8125em}
|
|
|
|
|
@media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}}
|
|
|
|
|
@media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}}
|
|
|
|
|
.literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class=highlight],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8}
|
|
|
|
|
.literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)}
|
|
|
|
|
.listingblock>.content{position:relative}
|
|
|
|
|
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
|
|
|
|
|
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5}
|
|
|
|
|
.listingblock:hover code[data-lang]::before{display:block}
|
|
|
|
|
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:#999}
|
|
|
|
|
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5}
|
|
|
|
|
.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
|
|
|
|
|
table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
|
|
|
|
table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0;line-height:1.45}
|
|
|
|
|
table.pyhltable td.code{padding-left:.75em;padding-right:0}
|
|
|
|
|
pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #dddddf}
|
|
|
|
|
pre.pygments .lineno{display:inline-block;margin-right:.25em}
|
|
|
|
|
table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
|
|
|
|
|
.listingblock pre.highlightjs{padding:0}
|
|
|
|
|
.listingblock pre.highlightjs>code{padding:1em;border-radius:4px}
|
|
|
|
|
.listingblock pre.prettyprint{border-width:0}
|
|
|
|
|
.prettyprint{background:#f7f7f8}
|
|
|
|
|
pre.prettyprint .linenums{line-height:1.45;margin-left:2em}
|
|
|
|
|
pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0}
|
|
|
|
|
pre.prettyprint li code[data-lang]::before{opacity:1}
|
|
|
|
|
pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
|
|
|
|
|
table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
|
|
|
|
table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
|
|
|
|
|
table.linenotable td.code{padding-left:.75em}
|
|
|
|
|
table.linenotable td.linenos,pre.pygments .linenos{border-right:1px solid;opacity:.35;padding-right:.5em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}
|
|
|
|
|
pre.pygments span.linenos{display:inline-block;margin-right:.75em}
|
|
|
|
|
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
|
|
|
|
.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
|
|
|
|
|
.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
|
|
|
|
|
.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
|
|
|
|
.quoteblock blockquote{margin:0;padding:0;border:0}
|
|
|
|
|
.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
|
|
|
|
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
|
|
|
|
.quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right}
|
|
|
|
|
.verseblock{margin:0 1em 1.25em}
|
|
|
|
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
|
|
|
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans-serif;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
|
|
|
|
.verseblock pre strong{font-weight:400}
|
|
|
|
|
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
|
|
|
|
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
|
|
|
|
@ -252,25 +257,25 @@ table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
|
|
|
|
|
.quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0}
|
|
|
|
|
.quoteblock.abstract{margin:0 1em 1.25em;display:block}
|
|
|
|
|
.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
|
|
|
|
|
.quoteblock.excerpt,.quoteblock .quoteblock{margin:0 0 1.25em;padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
|
|
|
|
|
.quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
|
|
|
|
|
.quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0}
|
|
|
|
|
.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem}
|
|
|
|
|
.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;text-align:left;margin-right:0}
|
|
|
|
|
table.tableblock{max-width:100%;border-collapse:separate}
|
|
|
|
|
.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;font-size:.85rem;text-align:left;margin-right:0}
|
|
|
|
|
p.tableblock:last-child{margin-bottom:0}
|
|
|
|
|
td.tableblock>.content{margin-bottom:-1.25em}
|
|
|
|
|
td.tableblock>.content{margin-bottom:1.25em;word-wrap:anywhere}
|
|
|
|
|
td.tableblock>.content>:last-child{margin-bottom:-1.25em}
|
|
|
|
|
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
|
|
|
|
table.grid-all>thead>tr>.tableblock,table.grid-all>tbody>tr>.tableblock{border-width:0 1px 1px 0}
|
|
|
|
|
table.grid-all>tfoot>tr>.tableblock{border-width:1px 1px 0 0}
|
|
|
|
|
table.grid-cols>*>tr>.tableblock{border-width:0 1px 0 0}
|
|
|
|
|
table.grid-rows>thead>tr>.tableblock,table.grid-rows>tbody>tr>.tableblock{border-width:0 0 1px}
|
|
|
|
|
table.grid-rows>tfoot>tr>.tableblock{border-width:1px 0 0}
|
|
|
|
|
table.grid-all>*>tr>.tableblock:last-child,table.grid-cols>*>tr>.tableblock:last-child{border-right-width:0}
|
|
|
|
|
table.grid-all>tbody>tr:last-child>.tableblock,table.grid-all>thead:last-child>tr>.tableblock,table.grid-rows>tbody>tr:last-child>.tableblock,table.grid-rows>thead:last-child>tr>.tableblock{border-bottom-width:0}
|
|
|
|
|
table.grid-all>*>tr>*{border-width:1px}
|
|
|
|
|
table.grid-cols>*>tr>*{border-width:0 1px}
|
|
|
|
|
table.grid-rows>*>tr>*{border-width:1px 0}
|
|
|
|
|
table.frame-all{border-width:1px}
|
|
|
|
|
table.frame-ends{border-width:1px 0}
|
|
|
|
|
table.frame-sides{border-width:0 1px}
|
|
|
|
|
table.frame-topbot,table.frame-ends{border-width:1px 0}
|
|
|
|
|
table.stripes-all tr,table.stripes-odd tr:nth-of-type(odd){background:#f8f8f7}
|
|
|
|
|
table.stripes-none tr,table.stripes-odd tr:nth-of-type(even){background:none}
|
|
|
|
|
table.frame-none>colgroup+*>:first-child>*,table.frame-sides>colgroup+*>:first-child>*{border-top-width:0}
|
|
|
|
|
table.frame-none>:last-child>:last-child>*,table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}
|
|
|
|
|
table.frame-none>*>tr>:first-child,table.frame-ends>*>tr>:first-child{border-left-width:0}
|
|
|
|
|
table.frame-none>*>tr>:last-child,table.frame-ends>*>tr>:last-child{border-right-width:0}
|
|
|
|
|
table.stripes-all>*>tr,table.stripes-odd>*>tr:nth-of-type(odd),table.stripes-even>*>tr:nth-of-type(even),table.stripes-hover>*>tr:hover{background:#f8f8f7}
|
|
|
|
|
th.halign-left,td.halign-left{text-align:left}
|
|
|
|
|
th.halign-right,td.halign-right{text-align:right}
|
|
|
|
|
th.halign-center,td.halign-center{text-align:center}
|
|
|
|
|
@ -278,23 +283,23 @@ th.valign-top,td.valign-top{vertical-align:top}
|
|
|
|
|
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
|
|
|
|
th.valign-middle,td.valign-middle{vertical-align:middle}
|
|
|
|
|
table thead th,table tfoot th{font-weight:bold}
|
|
|
|
|
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
|
|
|
|
|
tbody tr th{background:#f7f8f7}
|
|
|
|
|
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
|
|
|
|
p.tableblock>code:only-child{background:none;padding:0}
|
|
|
|
|
p.tableblock{font-size:1em}
|
|
|
|
|
td>div.verse{white-space:pre}
|
|
|
|
|
ol{margin-left:1.75em}
|
|
|
|
|
ul li ol{margin-left:1.5em}
|
|
|
|
|
dl dd{margin-left:1.125em}
|
|
|
|
|
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
|
|
|
|
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
|
|
|
|
li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
|
|
|
|
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
|
|
|
|
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
|
|
|
|
ul.unstyled,ol.unstyled{margin-left:0}
|
|
|
|
|
ul.checklist{margin-left:.625em}
|
|
|
|
|
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
|
|
|
|
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{margin-right:.25em}
|
|
|
|
|
ul.inline{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
|
|
|
|
|
li>p:empty:only-child::before{content:"";display:inline-block}
|
|
|
|
|
ul.checklist>li>p:first-child{margin-left:-1em}
|
|
|
|
|
ul.checklist>li>p:first-child>.fa-square-o:first-child,ul.checklist>li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
|
|
|
|
ul.checklist>li>p:first-child>input[type=checkbox]:first-child{margin-right:.25em}
|
|
|
|
|
ul.inline{display:flex;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
|
|
|
|
|
ul.inline>li{margin-left:1.25em}
|
|
|
|
|
.unstyled dl dt{font-weight:400;font-style:normal}
|
|
|
|
|
ol.arabic{list-style-type:decimal}
|
|
|
|
|
@ -308,11 +313,12 @@ ol.lowergreek{list-style-type:lower-greek}
|
|
|
|
|
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
|
|
|
|
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
|
|
|
|
|
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
|
|
|
|
|
td.hdlist2{word-wrap:anywhere}
|
|
|
|
|
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
|
|
|
|
.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
|
|
|
|
|
.colist td:not([class]):first-child img{max-width:none}
|
|
|
|
|
.colist td:not([class]):last-child{padding:.25em 0}
|
|
|
|
|
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
|
|
|
|
|
.thumb,.th{line-height:0;display:inline-block;border:4px solid #fff;box-shadow:0 0 0 1px #ddd}
|
|
|
|
|
.imageblock.left{margin:.25em .625em 1.25em 0}
|
|
|
|
|
.imageblock.right{margin:.25em 0 1.25em .625em}
|
|
|
|
|
.imageblock>.title{margin-bottom:0}
|
|
|
|
|
@ -332,8 +338,6 @@ sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
|
|
|
|
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
|
|
|
|
|
#footnotes .footnote:last-of-type{margin-bottom:0}
|
|
|
|
|
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
|
|
|
|
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
|
|
|
|
.gist .file-data>table td.line-data{width:99%}
|
|
|
|
|
div.unbreakable{page-break-inside:avoid}
|
|
|
|
|
.big{font-size:larger}
|
|
|
|
|
.small{font-size:smaller}
|
|
|
|
|
@ -341,37 +345,37 @@ div.unbreakable{page-break-inside:avoid}
|
|
|
|
|
.overline{text-decoration:overline}
|
|
|
|
|
.line-through{text-decoration:line-through}
|
|
|
|
|
.aqua{color:#00bfbf}
|
|
|
|
|
.aqua-background{background-color:#00fafa}
|
|
|
|
|
.aqua-background{background:#00fafa}
|
|
|
|
|
.black{color:#000}
|
|
|
|
|
.black-background{background-color:#000}
|
|
|
|
|
.black-background{background:#000}
|
|
|
|
|
.blue{color:#0000bf}
|
|
|
|
|
.blue-background{background-color:#0000fa}
|
|
|
|
|
.blue-background{background:#0000fa}
|
|
|
|
|
.fuchsia{color:#bf00bf}
|
|
|
|
|
.fuchsia-background{background-color:#fa00fa}
|
|
|
|
|
.fuchsia-background{background:#fa00fa}
|
|
|
|
|
.gray{color:#606060}
|
|
|
|
|
.gray-background{background-color:#7d7d7d}
|
|
|
|
|
.gray-background{background:#7d7d7d}
|
|
|
|
|
.green{color:#006000}
|
|
|
|
|
.green-background{background-color:#007d00}
|
|
|
|
|
.green-background{background:#007d00}
|
|
|
|
|
.lime{color:#00bf00}
|
|
|
|
|
.lime-background{background-color:#00fa00}
|
|
|
|
|
.lime-background{background:#00fa00}
|
|
|
|
|
.maroon{color:#600000}
|
|
|
|
|
.maroon-background{background-color:#7d0000}
|
|
|
|
|
.maroon-background{background:#7d0000}
|
|
|
|
|
.navy{color:#000060}
|
|
|
|
|
.navy-background{background-color:#00007d}
|
|
|
|
|
.navy-background{background:#00007d}
|
|
|
|
|
.olive{color:#606000}
|
|
|
|
|
.olive-background{background-color:#7d7d00}
|
|
|
|
|
.olive-background{background:#7d7d00}
|
|
|
|
|
.purple{color:#600060}
|
|
|
|
|
.purple-background{background-color:#7d007d}
|
|
|
|
|
.purple-background{background:#7d007d}
|
|
|
|
|
.red{color:#bf0000}
|
|
|
|
|
.red-background{background-color:#fa0000}
|
|
|
|
|
.red-background{background:#fa0000}
|
|
|
|
|
.silver{color:#909090}
|
|
|
|
|
.silver-background{background-color:#bcbcbc}
|
|
|
|
|
.silver-background{background:#bcbcbc}
|
|
|
|
|
.teal{color:#006060}
|
|
|
|
|
.teal-background{background-color:#007d7d}
|
|
|
|
|
.teal-background{background:#007d7d}
|
|
|
|
|
.white{color:#bfbfbf}
|
|
|
|
|
.white-background{background-color:#fafafa}
|
|
|
|
|
.white-background{background:#fafafa}
|
|
|
|
|
.yellow{color:#bfbf00}
|
|
|
|
|
.yellow-background{background-color:#fafa00}
|
|
|
|
|
.yellow-background{background:#fafa00}
|
|
|
|
|
span.icon>.fa{cursor:default}
|
|
|
|
|
a span.icon>.fa{cursor:inherit}
|
|
|
|
|
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
|
|
|
|
@ -380,7 +384,7 @@ a span.icon>.fa{cursor:inherit}
|
|
|
|
|
.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
|
|
|
|
|
.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
|
|
|
|
|
.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
|
|
|
|
|
.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
|
|
|
|
.conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);border-radius:50%;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
|
|
|
|
.conum[data-value] *{color:#fff!important}
|
|
|
|
|
.conum[data-value]+b{display:none}
|
|
|
|
|
.conum[data-value]::after{content:attr(data-value)}
|
|
|
|
|
@ -388,25 +392,27 @@ pre .conum[data-value]{position:relative;top:-.125em}
|
|
|
|
|
b.conum *{color:inherit!important}
|
|
|
|
|
.conum:not([data-value]):empty{display:none}
|
|
|
|
|
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
|
|
|
|
|
h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
|
|
|
|
|
h1,h2,p,td.content,span.alt,summary{letter-spacing:-.01em}
|
|
|
|
|
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
|
|
|
|
|
p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
|
|
|
|
|
p,blockquote,dt,td.content,span.alt,summary{font-size:1.0625rem}
|
|
|
|
|
p{margin-bottom:1.25rem}
|
|
|
|
|
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
|
|
|
|
.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
|
|
|
|
.exampleblock>.content{background:#fffef7;border-color:#e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
|
|
|
|
.print-only{display:none!important}
|
|
|
|
|
@page{margin:1.25cm .75cm}
|
|
|
|
|
@media print{*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
|
|
|
|
|
@media print{*{box-shadow:none!important;text-shadow:none!important}
|
|
|
|
|
html{font-size:80%}
|
|
|
|
|
a{color:inherit!important;text-decoration:underline!important}
|
|
|
|
|
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
|
|
|
|
a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
|
|
|
|
abbr[title]{border-bottom:1px dotted}
|
|
|
|
|
abbr[title]::after{content:" (" attr(title) ")"}
|
|
|
|
|
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
|
|
|
|
|
thead{display:table-header-group}
|
|
|
|
|
svg{max-width:100%}
|
|
|
|
|
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
|
|
|
|
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
|
|
|
|
#header,#content,#footnotes,#footer{max-width:none}
|
|
|
|
|
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
|
|
|
|
#toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important}
|
|
|
|
|
body.book #header{text-align:center}
|
|
|
|
|
@ -423,7 +429,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
|
|
|
|
.print-only{display:block!important}
|
|
|
|
|
.hide-for-print{display:none!important}
|
|
|
|
|
.show-for-print{display:inherit!important}}
|
|
|
|
|
@media print,amzn-kf8{#header>h1:first-child{margin-top:1.25rem}
|
|
|
|
|
@media amzn-kf8,print{#header>h1:first-child{margin-top:1.25rem}
|
|
|
|
|
.sect1{padding:0!important}
|
|
|
|
|
.sect1+.sect1{border:0}
|
|
|
|
|
#footer{background:none}
|
|
|
|
|
@ -449,7 +455,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
|
|
|
|
<li><a href="#_intelligence_tagging">Intelligence Tagging</a></li>
|
|
|
|
|
<li><a href="#_expressing_confidenceestimative_probability_in_an_analysis">Expressing confidence/estimative probability in an analysis</a></li>
|
|
|
|
|
<li><a href="#_how_to_track_and_keep_the_state_of_an_analysis">How to track and keep the state of an analysis</a></li>
|
|
|
|
|
<li><a href="#_how_to_classify_information">How to classify information</a></li>
|
|
|
|
|
<li><a href="#_how_to_classify_label_information">How to classify (label) information</a></li>
|
|
|
|
|
</ul>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="#_authors_and_contributors">Authors and Contributors</a></li>
|
|
|
|
|
@ -581,7 +587,7 @@ Valuable information is a moving concept and depends highly on the goal of the u
|
|
|
|
|
<p>False-positive or false-negative reporting</p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p>Asking for contribution or support from the community (such as "have you seen this threat?" or "do you have more samples?")</p>
|
|
|
|
|
<p>Asking for contribution or support from the community (such as "have you seen this threat?" or "do you have more samples?" as described in <a href="https://www.misp-project.org/taxonomies.html#_collaborative_intelligence">collaborative intelligence</a> taxonomy)</p>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</div>
|
|
|
|
|
@ -609,6 +615,18 @@ When asking for the support of the community, using a specific taxonomy such as
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="admonitionblock tip">
|
|
|
|
|
<table>
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="icon">
|
|
|
|
|
<i class="fa icon-tip" title="Tip"></i>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="content">
|
|
|
|
|
MISP allows to extend an existing event without touching the original event. This feature can be used to enhance analysis without affecting the original ones and creating new distribution levels.
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div style="page-break-after: always;"></div>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="sect2">
|
|
|
|
|
@ -739,7 +757,7 @@ sharing platform. The list below is in order of importance.</p>
|
|
|
|
|
<i class="fa icon-tip" title="Tip"></i>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="content">
|
|
|
|
|
The full list of available taxonomies can be found <strong><a href="https://github.com/MISP/misp-taxonomies">here</a></strong>.
|
|
|
|
|
The full list of available taxonomies can be found <strong><a href="https://github.com/MISP/misp-taxonomies">misp-taxonomies</a></strong>.
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
@ -761,13 +779,16 @@ Expressing the confidence or the lack of it in an analysis is a critical step to
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>Analysis or reports are often shared together with technical details, but often lack the associated overall confidence level.
|
|
|
|
|
To ascertain this confidence level you can use for example the MISP <a href="#MISPTaxonomies">MISP Taxonomies</a> called <a href="https://www.misp-project.org/taxonomies.html#_admiralty_scale">admiralty-scale</a> and/or <a href="https://www.misp-project.org/taxonomies.html#_estimative_language">estimative-language</a>.
|
|
|
|
|
This is a very human way to describe either globally an event or individual indicators of an event, with a set of easy to read human tags. (e.g: admiralty-scale:source-reliability="a/b/c…​", estimative-language:likelihood-probability="almost-no-chance", estimative-language:confidence-in-analytic-judgment="moderate")
|
|
|
|
|
Generally it is good practice to do this globally for the event as this will enrich the trust/value if set.
|
|
|
|
|
Using this in an automated way is also possible but without human intervention, or AI that actually works, not recommended.
|
|
|
|
|
Also, on events with hundreds of attributes this is cumbersome and perhaps unfeasible and will just frustrate operators.
|
|
|
|
|
The obvious side-effect of this approach is that automation will be the overall benefactor too upping the trust on that level too.</p>
|
|
|
|
|
<p>Analysis or reports are often shared together with technical details, but often lack the associated overall confidence level.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>To ascertain this confidence level you can use for example the MISP <a href="#MISPTaxonomies">MISP Taxonomies</a> called <a href="https://www.misp-project.org/taxonomies.html#_admiralty_scale">admiralty-scale</a> and/or <a href="https://www.misp-project.org/taxonomies.html#_estimative_language">estimative-language</a>.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>This is a very human way to describe either globally an event or individual indicators of an event, with a set of easy to read human tags. (e.g: <code>admiralty-scale:source-reliability="a/b/c…​"</code>, <code>estimative-language:likelihood-probability="almost-no-chance"</code>, <code>estimative-language:confidence-in-analytic-judgment="moderate"</code>).</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>Generally it is good practice to do this globally for the event as this will enrich the trust/value if set. If it’s a specific attribute, then the confidence can be described at more granular levels.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>Thus, adding confidence or estimative probability has multiple advantages such as:</p>
|
|
|
|
|
@ -784,7 +805,7 @@ The obvious side-effect of this approach is that automation will be the overall
|
|
|
|
|
<p>Support counter analyses and competitive analyses to validate hypotheses expressed in original reporting</p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p>Depending on source organisation, have an affirmative that some HumInt has one into the sharing process</p>
|
|
|
|
|
<p>Expressing confidence allows the use of in the <a href="https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html/">decaying indicators feature</a> in MISP to lower or increase the lifetime of an information</p>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</div>
|
|
|
|
|
@ -840,6 +861,9 @@ Having a workflow to follow, and be able to refer to, is something useful for th
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>For instance the MISP Workflow <a href="#Taxonomy">[Taxonomy]</a> allows the user to describe the state of an analysis, as <code>complete</code> or <code>incomplete</code>. Moreover, it can be used to clearly specify what still needs to be done using the <code>todo</code> tags. The workflow taxonomy is separated into two parts. One part is related to the actions to be done (<code>todo</code>) and the other part is about the current state of the analysis(<code>state</code>) such as <code>incomplete</code>, <code>draft</code> or <code>complete</code>.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>The MISP Workflow <a href="#Taxonomy">[Taxonomy]</a> can be expanded with local or global values. There are many existing todo such as <code>workflow:todo="check-passive-dns-for-shared-hosting"</code> or action related to the analysis <code>workflow:todo="preserve-evidence"</code>.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="admonitionblock tip">
|
|
|
|
|
<table>
|
|
|
|
|
<tr>
|
|
|
|
|
@ -852,10 +876,22 @@ For more information on the MISP Workflow Taxonomy, feel free to read the <a hre
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="admonitionblock tip">
|
|
|
|
|
<table>
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="icon">
|
|
|
|
|
<i class="fa icon-tip" title="Tip"></i>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="content">
|
|
|
|
|
To not confuse, MISP also includes a <a href="https://www.misp-project.org/2022/08/08/MISP.2.4.160.released.html/">workflow feature</a> which allows MISP users to create workflow based on MISP triggers.
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div style="page-break-after: always;"></div>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="sect2">
|
|
|
|
|
<h3 id="_how_to_classify_information">How to classify information</h3>
|
|
|
|
|
<h3 id="_how_to_classify_label_information">How to classify (label) information</h3>
|
|
|
|
|
<div class="admonitionblock note">
|
|
|
|
|
<table>
|
|
|
|
|
<tr>
|
|
|
|
|
@ -863,7 +899,7 @@ For more information on the MISP Workflow Taxonomy, feel free to read the <a hre
|
|
|
|
|
<i class="fa icon-note" title="Note"></i>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="content">
|
|
|
|
|
Classifying information is something that has proven being very useful in lots of domains, including Threat Intelligence, as it helps assessing the main information very quickly. Moreover, it can help to build correlations between events or reports, allowing analysts to better understand threat actors.
|
|
|
|
|
Classifying (labelling) information is something that has proven being very useful in lots of domains, including Threat Intelligence, as it helps assessing the main information very quickly. Moreover, it can help to build correlations between events or reports, allowing analysts to better understand threat actors.
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
@ -871,10 +907,13 @@ Classifying information is something that has proven being very useful in lots o
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>The first tool we can use to classify information are tags and taxonomies</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="olist arabic">
|
|
|
|
|
<ol class="arabic">
|
|
|
|
|
<div class="ulist">
|
|
|
|
|
<ul>
|
|
|
|
|
<li>
|
|
|
|
|
<p>Tags can be used to describe how the information can be shared, using the tlp (Traffic Light Protocol) taxonomy, in order to prevent information leaks.</p>
|
|
|
|
|
<p>Tags can be used to describe how the information can be shared, using the TLP (Traffic Light Protocol) <a href="https://www.misp-project.org/taxonomies.html#_tlp_2">taxonomy</a>, in order to prevent information leaks.</p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p>Specific taxonomy such as <a href="https://www.misp-project.org/taxonomies.html#_pap">PAP</a> is designed to how information can be used and how far.</p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p>They can also be used to describe the source where information came from.</p>
|
|
|
|
|
@ -882,18 +921,26 @@ Classifying information is something that has proven being very useful in lots o
|
|
|
|
|
<li>
|
|
|
|
|
<p>Many taxonomies allow the user to further explain the kind of threat.</p>
|
|
|
|
|
</li>
|
|
|
|
|
</ol>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="ulist">
|
|
|
|
|
<ul>
|
|
|
|
|
<li>
|
|
|
|
|
<p><a href="#MISPGalaxies">[MISPGalaxies]</a> (ATT&CK matrix)</p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p>Comments</p>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>Using tags allow users to proper filter information from an automation perspective. If the <a href="https://www.misp-project.org/openapi/">API</a> is used, the tags can be used to filter in or out the information expected.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="paragraph">
|
|
|
|
|
<p>When more complete information is required to label a specific event or attribute in MISP, <a href="https://www.misp-project.org/galaxy.html">MISP galaxy</a> comes to the rescue. MISP galaxy can express complex knowledge base of information. MITRE ATT&CK is described using a MISP galaxy. By default, MISP comes with multiple knowledge bases including Threat Actor databases, ransomware groups and many others.</p>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="admonitionblock tip">
|
|
|
|
|
<table>
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="icon">
|
|
|
|
|
<i class="fa icon-tip" title="Tip"></i>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="content">
|
|
|
|
|
Review existing MISP galaxy by browsing all of those on your MISP instances. Many include relationships (e.g. MISP Threat Actor database with MITRE ATT&CK groups).
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<div style="page-break-after: always;"></div>
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
@ -912,6 +959,9 @@ Classifying information is something that has proven being very useful in lots o
|
|
|
|
|
<li>
|
|
|
|
|
<p><a href="https://github.com/SteveClement">Steve Clement</a></p>
|
|
|
|
|
</li>
|
|
|
|
|
<li>
|
|
|
|
|
<p><a href="https://github.com/neok0">Tobias Mainka</a></p>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
@ -1006,7 +1056,7 @@ In case you use any CCBYSA licensed content, or other pieces that are subject to
|
|
|
|
|
</div>
|
|
|
|
|
<div id="footer">
|
|
|
|
|
<div id="footer-text">
|
|
|
|
|
Last updated 2019-02-15 19:47:34 +0800
|
|
|
|
|
Last updated 2022-11-06 16:48:13 +0100
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
</body>
|
|
|
|
|
|
