From 91d3db4f7b3d22aa1804740d84191796644300ba Mon Sep 17 00:00:00 2001 From: toto Date: Mon, 2 Mar 2020 14:20:24 +0100 Subject: [PATCH] typos --- galaxy/README.md | 296 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 282 insertions(+), 14 deletions(-) diff --git a/galaxy/README.md b/galaxy/README.md index 2e4d7a4..836cd0f 100644 --- a/galaxy/README.md +++ b/galaxy/README.md @@ -53,7 +53,7 @@ Once this is done double check if you can still see the Galaxies in the Web UI. > [warning] This will impact the UI "Update MISP" functionality in administration. Your git head might get [detached](https://git-scm.com/docs/gitglossary#gitglossary-aiddefdetachedHEADadetachedHEAD) in your misp-galaxy repo. -### Adding a new Galaxy (WiP - notFuctional) +### Adding a new Galaxy #### Context @@ -73,8 +73,6 @@ Galaxies are represented by two json files stored in: The __/galaxies__ file contains metatdatas and galaxy structure. The __/clusters__ file contains actual data. -__WARNING__: files names are very important: they will be used to chain the files together. -The cluster file is linked to the galaxy file through a json property (__type__) which MUST equal the cluster file name (more later). #### The galaxy managment GUI @@ -113,7 +111,7 @@ For example: * __icon__: the icon used in the MISP interface (2) * __name__: the name of the galaxy (3) * __namespace__: the namespace where is stored the galaxy. Namespace are used to regroup similar galaxies (4) -* __type__: __IMPORTANT field__, it MUST match the cluster file name to actually chain both files together (5) +* __type__: __IMPORTANT field__, it MUST match the galaxy and cluster files name to actually chain both files together (5) * __uuid__: as any MISP object, it has a uuid. __IMPORTANT__, it MUST be repeated in the uuid property of the cluster file (6) * __version__: as usual in MISP, versioning, especially to force update (7) * __kill_chain_order__: a special and optionnal field: it will be used if you want to create a matrix-galaxy. In this field, you insert a named table (_fraud-tactics_ in the example above) containing the categories labels of you data. They will be used then in the cluster file (8) @@ -171,33 +169,36 @@ For example (Attck4fraud): * __values__: a table containing the actual values (8) * __data fileds__: fields used to describe single data are detailed here: https://tools.ietf.org/html/draft-dulaunoy-misp-galaxy-format-06#page-9 (9) * __kill_chain__: IMPORTANT, provide the column of the Matrix where the data will be displayed: (10) - __arg1__: MUST match /galaxy file's kill_chain arg (_fraud-tactics_ in the example) - __arg2__: name of the column of the data (_Initiation_ in the example) -*__version__: same as for galaxies + * __arg1__: MUST match /galaxy file's kill_chain arg (_fraud-tactics_ in the example) + * __arg2__: name of the column of the data (_Initiation_ in the example) +* __version__: same as for galaxies More details on /cluster fields can be found here: https://tools.ietf.org/html/draft-dulaunoy-misp-galaxy-format-06#page-9 #### Implementation * Once your files are ready, ALWAYS submit them in a json validator such as: -https://jsonformatter.curiousconcept.com/ - -Do it before putting them into your instance, your sanity is at stake. +https://jsonformatter.curiousconcept.com/ . Do it before putting them into your instance, your sanity is at stake. * Copy/paste your files in both folders (/galaxies and /clusters) * Go to Galaxies/List galaxies and clic on Update galaxies -w + * Your new galaxy should be displayed on the screen with the others +![GalaxyDisp](./figures/GalaxyDisp.png) + * Your galaxy is available in the events for selecting in the right namespace +![GalaxySelect](./figures/GalaxySelect.png) + #### Troubleshooting -* __The galaxy does not udpate, galaxy is empty__ +* __The galaxy does not update, galaxy is empty__ * Check json validation + * Remove commas on last items of any {} or [] * Update version of files * Check files names - * erase the galaxy in the GUI and update + * Delete the galaxy in the GUI and update * __Matrix is not displayed__ * Check the kill_chain_order array in the /galaxies json @@ -209,17 +210,20 @@ In this RPG, 2060's large megacorporations launch paramilitary actions against e - AAA: extraterritorial corporation and seating at the top-10 council; - AA: only extraterritorial compagnies; - A: nation-scale corporation. + A corporation can act in several fields: - energy - IT - biotechnology - cybertechnology (body enhancement) + It can work on several continent: - Europe; - Asia; - Africa; - Oceania; - America. + All these context elements are enough to build a galaxy. ##### Simple galaxy @@ -438,7 +442,8 @@ Keep the uuid and type, it will be necessary later. "version": 3 } ``` -IMPORTANT: + +__IMPORTANT: __ * the ""uuid": "7a956b4d-613c-4c08-b5d6-19974682aea8"," is the same in both files * the cluster filename is the same as the "type" field in the galaxy file * CHECK YOUR JSON (https://jsonformatter.curiousconcept.com/) AND SAVE YOUR SANITY! @@ -448,10 +453,12 @@ We check the thing by clicking on the update button in the galaxy GUI: We can test our work on the MISP GUI: + ![GalaxySelect](./figures/GalaxySelect.png) ![GalaxySelect2](./figures/GalaxySelect2.png) ![GalaxyFinal](./figures/GalaxyFinal.png) ![GalaxySelect3](./figures/GalaxySelect3.png) + Remark: we created a simple galaxy. We will later see how to create a Matrix-shaped one. ##### Matrix-shaped galaxy @@ -470,6 +477,28 @@ In the galaxy json, categories are listed: ] } ``` + +The final galaxy file: + +``` +{ + "description": "My Shadowrun test matrix galaxy", + "icon": "user-secret", + "kill_chain_order": { + "shadowrun": [ + "ranking", + "sector", + "area" + ] + }, + "name": "shadowrun_matrix", + "namespace": "RPG", + "type": "shadowrun", + "uuid": "1b013b10-5c6e-11ea-8881-0800275bbff6", + "version": 1 +} +``` + In the cluster json, reference to the categories are done: ``` "values": [ @@ -481,9 +510,248 @@ In the cluster json, reference to the categories are done: ], ``` +The final cluster file: + +``` +{ + "authors": [ + "myself" + ], + "category": "RPG", + "description": "Shadowrun matrix galaxy", + "name": "shadowrun corporations", + "source": "Internal", + "type": "shadowrun", + "uuid": "1b013b10-5c6e-11ea-8881-0800275bbff6", + "values": [ + { + "description": "extraterritorial corporation and seating at the top-10 council.", + "meta": { + "kill_chain": [ + "shadowrun:ranking" + ], + "Corporate council seat": "Yes", + "examples": [ + "Renraku", + "Shiawase", + "Aztechnology", + "Ares Macrotechnologies", + "Saeder Krupps" + ] + }, + "uuid": "43e1b900-5a03-11ea-9ad1-080027cbfd66", + "value": "AAA" + }, + { + "description": "only extraterritorial compagnies.", + "meta": { + "kill_chain": [ + "shadowrun:ranking" + ], + "Corporate council seat": "No", + "examples": [ + "Shibata", + "Monobe", + "Zeta Impchem", + "ESUS" + ] + }, + "uuid": "7aad2dd4-5a03-11ea-ad69-080027cbfd66", + "value": "AA" + }, + { + "description": "nation-scale corporation.", + "meta": { + "kill_chain": [ + "shadowrun:ranking" + ], + "Corporate council seat": "No", + "examples": [ + "Genom", + "KSAF", + "Seretech", + "Infocore", + "MicroDek (ex-Microsoft)", + "Tan Tien" + ] + }, + "uuid": "50c0d622-5c67-11ea-bd4b-0800275bbff6", + "value": "A" + }, + { + "description": "energy sector: exploitation, , refining, selling", + "meta": { + "kill_chain": [ + "shadowrun:sector" + ], + "examples": [ + "Saeder Krupps" + ], + "subsectors": [ + "petroleum", + "electricity", + "gas", + "bio" + ] + }, + "uuid": "293e7e5c-51a8-411f-9b47-d52ed62d4b78", + "value": "energy" + }, + { + "description": "cybertechnology sector: manufacturing, selling and implanting modifications.", + "meta": { + "kill_chain": [ + "shadowrun:sector" + ], + "Delta clinic (for implanting)": [ + "Yes", + "No" + ], + "examples": [ + "headware", + "bodyware", + "eyeware", + "earware", + "cyberlimbs" + ] + }, + "uuid": "7e962290-cba7-49ad-95c2-115575c8a9d2", + "value": "cybertechnology" + }, + { + "description": "Biotechnology: bioware, genetics, etc", + "meta": { + "kill_chain": [ + "shadowrun:sector" + ], + "examples": [ + "bioware", + "genetics", + "biodrones", + "biocosmetics" + ] + }, + "uuid": "c899564c-bfe4-460f-a2ed-aae98e1355a3", + "value": "biotechnology" + }, + { + "description": "IT: softwares, hardware, cybersec", + "meta": { + "kill_chain": [ + "shadowrun:sector" + ], + "examples": [ + "software dev", + "hardware manufacturing", + "intrusion countermeasrures" + ] + }, + "uuid": "16c49ba4-8a79-4f67-a98a-07cdc08f8a2d", + "value": "IT" + }, + { + "description": "Europe", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "France", + "Belgium", + "Luxembourg", + "Germany", + "Italy" + ] + }, + "uuid": "8e745c22-9b14-4334-887a-0000eda58f75", + "value": "Europe" + }, + { + "description": "Asia", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "China", + "Japan", + "Thailand" + ] + }, + "uuid": "95d4ff78-42f8-4fe8-bb63-af2c7e500ec8", + "value": "Asia" + }, + { + "description": "Russia and former USSR", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "Russia", + "kazakhstan" + ] + }, + "uuid": "87a3ac08-6ffc-45eb-826e-e8e0af392563", + "value": "Russia" + }, + { + "description": "Africa", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "Nigeria", + "Malia", + "Algeria" + ] + }, + "uuid": "aba705b7-fcb4-4bf4-81d4-b896314f53ed", + "value": "Africa" + }, + { + "description": "Oceania", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "Asutralia", + "Polynesia" + ] + }, + "uuid": "ae28830b-b90f-48d9-8b89-acda0864ff4e", + "value": "Oceania" + }, + { + "description": "America", + "meta": { + "kill_chain": [ + "shadowrun:area" + ], + "examples": [ + "UCAS", + "CAS", + "Pueblo Corporate COuncil", + "AZtlan" + ] + }, + "uuid": "d41c6222-4d10-43e9-9a8e-47d586eaf0e7", + "value": "America" + } + ], + "version": 4 +} + +``` + + The final result: ![MatrixDisp](./figures/MatrixDisp.png) +Done! Eventually! + #### Dependencies To create your own Galaxies the following tools are needed to run the validation scripts.