From b51993c6a6de115d59800d7b123c760dfc0aaa00 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Mon, 26 Nov 2018 13:21:40 +0900
Subject: [PATCH 1/5] chg: [doc] Added hardning pointer

---
 faq/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/faq/README.md b/faq/README.md
index 4b19e45..3792440 100644
--- a/faq/README.md
+++ b/faq/README.md
@@ -19,6 +19,11 @@ This means that the main repository has an update available.
 
 If you want to play it safer or want to integrate it in your Weekly/Bi-Monthly update routine you can track our [Changelog](https://www.misp-project.org/Changelog.txt) a more up to date version is available [here](https://misp.github.io/MISP/Changelog/)
 
+## Hardening
+
+### How do I harden my MISP instance?
+
+You can check the [hardening section](https://misp.github.io/MISP/generic/hardening/) in the install guide.
 
 ## Maintenance mode
 

From 0ad440c58ced3f1f4d9d8bb750d4b415a5450783 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Mon, 26 Nov 2018 14:57:28 +0900
Subject: [PATCH 2/5] chg: [doc] Updated the relevant sections as per
 misp-galaxy repo.

---
 galaxy/README.md | 84 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 59 insertions(+), 25 deletions(-)

diff --git a/galaxy/README.md b/galaxy/README.md
index 05a1ee4..a5bfc42 100644
--- a/galaxy/README.md
+++ b/galaxy/README.md
@@ -72,62 +72,96 @@ Clicking on the addition symbol on the left of Beijing Group extends the module.
 
 [Android](https://github.com/MISP/misp-galaxy/blob/master/clusters/android.json) - Android malware galaxy based on multiple open sources.
 
+[Backdoor](https://github.com/MISP/misp-galaxy/blob/master/clusters/backdoor.json) - A list of backdoor malware.
+
 [Banker](https://github.com/MISP/misp-galaxy/blob/master/clusters/banker.json) - A list of banker malware.
 
-[Exploit Kit](https://github.com/MISP/misp-galaxy/blob/master/clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
+[Botnet](https://github.com/MISP/misp-galaxy/blob/master/clusters/botnet.json) - botnet galaxy
 
-[Microsoft Activity Group](https://github.com/MISP/misp-galaxy/blob/master/clusters/microsoft-activity-group.json) - Activity groups as described by Microsoft.
+[Branded vulnerability](https://github.com/MISP/misp-galaxy/blob/master/clusters/branded_vulnerability.json) - List of known vulnerabilities and attacks with a branding
 
-[Preventive Measure](https://github.com/MISP/misp-galaxy/blob/master/clusters/preventive-measure.json) - Preventive measures.
+[Cert eu govsector](https://github.com/MISP/misp-galaxy/blob/master/clusters/cert-eu-govsector.json) - Cert EU GovSector
 
-[Ransomware](https://github.com/MISP/misp-galaxy/blob/master/clusters/ransomware.json) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml
+[Exploit kit](https://github.com/MISP/misp-galaxy/blob/master/clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years
 
-[RAT](https://github.com/MISP/misp-galaxy/blob/master/clusters/rat.json) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system.
+[Malpedia](https://github.com/MISP/misp-galaxy/blob/master/clusters/malpedia.json) - Malware galaxy cluster based on Malpedia.
 
-[TDS](https://github.com/MISP/misp-galaxy/blob/master/clusters/tds.json) - TDS is a list of Traffic Direction System used by adversaries.
+[Microsoft activity group](https://github.com/MISP/misp-galaxy/blob/master/clusters/microsoft-activity-group.json) - Activity groups as described by Microsoft
 
-[Threat Actor](https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json) - Adversary groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. MISP
+[Mitre attack pattern](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-attack-pattern.json) - ATT&CK tactic
 
-[Tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/tool.json) - tool is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
+[Mitre course of action](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-course-of-action.json) - ATT&CK Mitigation
 
+[Mitre enterprise attack attack pattern](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-enterprise-attack-attack-pattern.json) - ATT&CK tactic
 
-[MITRE Attack Pattern](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre_attack-pattern.json) - Attack Pattern - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
+[Mitre enterprise attack course of action](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-enterprise-attack-course-of-action.json) - ATT&CK Mitigation
 
-[MITRE Course of Action](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre_course-of-action.json) - Course of Action - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
+[Mitre enterprise attack intrusion set](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-enterprise-attack-intrusion-set.json) - Name of ATT&CK Group
 
-[MITRE Intrusion Set](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre_intrusion-set.json) - Intrusion Test - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
+[Mitre enterprise attack malware](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-enterprise-attack-malware.json) - Name of ATT&CK software
 
-[MITRE Malware](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre_malware.json) - Malware - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
+[Mitre enterprise attack tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-enterprise-attack-tool.json) - Name of ATT&CK software
 
-[MITRE Tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre_tool.json) - Tool - MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
+[Mitre intrusion set](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-intrusion-set.json) - Name of ATT&CK Group
 
+[Mitre malware](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-malware.json) - Name of ATT&CK software
 
-[Sectors](https://github.com/MISP/misp-galaxy/blob/master/clusters/sectors.json) - Activity sectors
+[Mitre mobile attack attack pattern](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-mobile-attack-attack-pattern.json) - ATT&CK tactic
 
-[CertEU Govsector](https://github.com/MISP/misp-galaxy/blob/master/clusters/cert-eu-govsector.json) - Cert EU GovSector/master/clusters/tool.json) - Enumeration of software tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
+[Mitre mobile attack course of action](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-mobile-attack-course-of-action.json) - ATT&CK Mitigation
+
+[Mitre mobile attack intrusion set](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-mobile-attack-intrusion-set.json) - Name of ATT&CK Group
+
+[Mitre mobile attack malware](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-mobile-attack-malware.json) - Name of ATT&CK software
+
+[Mitre mobile attack tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-mobile-attack-tool.json) - Name of ATT&CK software
+
+[Mitre pre attack attack pattern](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-pre-attack-attack-pattern.json) - ATT&CK tactic
+
+[Mitre pre attack intrusion set](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-pre-attack-intrusion-set.json) - Name of ATT&CK Group
+
+[Mitre tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/mitre-tool.json) - Name of ATT&CK software
+
+[Preventive measure](https://github.com/MISP/misp-galaxy/blob/master/clusters/preventive-measure.json) - Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.
+
+[Ransomware](https://github.com/MISP/misp-galaxy/blob/master/clusters/ransomware.json) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar
+
+[Rat](https://github.com/MISP/misp-galaxy/blob/master/clusters/rat.json) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system.
+
+[Sector](https://github.com/MISP/misp-galaxy/blob/master/clusters/sector.json) - Activity sectors
+
+[Stealer](https://github.com/MISP/misp-galaxy/blob/master/clusters/stealer.json) - A list of malware stealer.
+
+[Tds](https://github.com/MISP/misp-galaxy/blob/master/clusters/tds.json) - TDS is a list of Traffic Direction System used by adversaries
+
+[Threat actor](https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.
+
+[Tool](https://github.com/MISP/misp-galaxy/blob/master/clusters/tool.json) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
 
 #### Vocabularies
 
 ##### Common
 
-[certainty-level](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/certainty-level.json) - Certainty level of an associated element or cluster.
+[Certainty level](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/certainty-level.json) - Certainty level of an associated element or cluster.
 
-[threat-actor-type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/threat-actor-type.json) - threat actor type vocab as defined by Cert EU.
+[Sector](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/sector.json) - List of activity sectors
 
-[ttp-category](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/ttp-category.json) - ttp category vocab as defined by Cert EU.
+[Threat actor type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/threat-actor-type.json) - threat actor type vocab as defined by Cert EU.
 
-[ttp-type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/ttp-type.json) - ttp type vocab as defined by Cert EU.
+[Ttp category](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/ttp-category.json) - ttp category vocab as defined by Cert EU.
+
+[Ttp type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/ttp-type.json) - ttp type vocab as defined by Cert EU.
 
 ##### threat-actor
 
-[cert-eu-motive](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/cert-eu-motive.json) - Motive vocab as defined by Cert EU.
+[Cert eu motive](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/cert-eu-motive.json) - Motive vocab as defined by Cert EU.
 
-[intended-effect-vocabulary](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/intended-effect.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
+[Intended effect](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/intended-effect.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor
 
-[motivation-vocabulary](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/motivation.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. STIX 1.2.1
+[Motivation](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/motivation.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.
 
-[planning-and-operational-support-vocabulary](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/planning-and-operational-support.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.
+[Planning and operational support](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/planning-and-operational-support.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.
 
-[sophistication](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/sophistication.json) - The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.
+[Sophistication](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/sophistication.json) - The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.
 
-[type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/type.json) - The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor
+[Type](https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/type.json) - The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.

From f554f50058fceeb10a763b54cdc1e8dc981e270b Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Mon, 26 Nov 2018 15:06:13 +0900
Subject: [PATCH 3/5] new: [doc] Added script to generate galaxy section from
 repo

---
 galaxy/README.md  |  2 ++
 galaxy/gen-doc.sh | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100755 galaxy/gen-doc.sh

diff --git a/galaxy/README.md b/galaxy/README.md
index a5bfc42..a74c802 100644
--- a/galaxy/README.md
+++ b/galaxy/README.md
@@ -68,6 +68,8 @@ Clicking on the addition symbol on the left of Beijing Group extends the module.
 
 ### Available Galaxies
 
+<!-- NB. This list is generated dynamically with gen-doc.sh included in this directory. -->
+
 #### Clusters
 
 [Android](https://github.com/MISP/misp-galaxy/blob/master/clusters/android.json) - Android malware galaxy based on multiple open sources.
diff --git a/galaxy/gen-doc.sh b/galaxy/gen-doc.sh
new file mode 100755
index 0000000..c91af8b
--- /dev/null
+++ b/galaxy/gen-doc.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# This generates some of the sections of the Galaxy Documentation
+# Dependencies: git, jq, bash
+
+if [[ ! -d "misp-galaxy" ]]; then
+  git clone https://github.com/MISP/misp-galaxy.git
+  cd misp-galaxy
+else
+  cd misp-galaxy
+  git pull
+fi
+
+FOLDERS='clusters vocabularies/common vocabularies/threat-actor'
+
+for folder in ${FOLDERS}; do
+  cd $folder
+
+  for file in $(ls |grep -v README); do
+    Name=$(echo ${file} |cut -f 1 -d.| tr '-' ' '| tr '_' ' ')
+    Name=$(tr '[:lower:]' '[:upper:]' <<< ${Name:0:1})${Name:1}
+    Description=$(jq -r .description ${file})
+
+    echo "[${Name}](https://github.com/MISP/misp-galaxy/blob/master/${folder}/${file}) - ${Description}"
+    echo ""
+  done
+  echo "------------------------------------------------------------------------------------"
+  echo "$folder done"
+  echo "------------------------------------------------------------------------------------"
+  # This is ugly, but works... fix it if you do not like it.
+  if [[ $folder == *'/'* ]]; then
+    cd ../..
+  else
+    cd ..
+  fi
+done

From e6db4897328d8377191410d9b0a5ac5989844fa6 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Tue, 27 Nov 2018 17:47:00 +0900
Subject: [PATCH 4/5] fix: [doc] Added 2 more dependencies to fix the out of
 date plugin problem.

---
 USAGE.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/USAGE.md b/USAGE.md
index 3ddffad..ff2756e 100644
--- a/USAGE.md
+++ b/USAGE.md
@@ -25,8 +25,9 @@ cd misp-book
 curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
 sudo apt-get install -y nodejs
 sudo apt-get install -y build-essential
-sudo apt install -y pkg-config libcairo2-dev libgif-dev
-npm install gitbook git+https://github.com/SteveClement/plugin-autocover.git gitbook-plugin-github gitbook-plugin-toc gitbook-plugin-anchors gitbook-plugin-image-class
+sudo apt install -y pkg-config libcairo2-dev libgif-dev libjpeg-dev
+npm install gitbook git+https://github.com/SteveClement/plugin-autocover.git gitbook-plugin-github gitbook-plugin-toc gitbook-plugin-anchors gitbook-plugin-image-class gitbook-plugin-last-modified gitbook-plugin-last-modified
+
 sudo npm install gitbook-cli -g
 gitbook install
 ```

From 241a2e0993efc19c0318ca209e3d2b7702d19f52 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Tue, 27 Nov 2018 18:04:26 +0900
Subject: [PATCH 5/5] chg: [shell] Added vague indicators where we are at in
 the build process. new: [plugin] Added last-modified plugin and explicitly
 the search plugin (for debugging)

---
 book.json  | 2 +-
 publish.sh | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/book.json b/book.json
index 55fa514..19b0052 100644
--- a/book.json
+++ b/book.json
@@ -3,7 +3,7 @@
     "description": "User guide of MISP Malware Information Sharing Platform, a Threat Sharing Platform.",
     "language": "en",
     "author": "MISP Contributors",
-    "plugins": ["autocover", "github", "toc", "anchors", "alerts", "advanced-emoji", "image-class"],
+    "plugins": ["autocover", "github", "toc", "anchors", "alerts", "advanced-emoji", "image-class", "last-modified", "search"],
     "links": { "sidebar": {        "MISP @ GitHub": "https://github.com/MISP/MISP", "PDF Format": "https://www.circl.lu/doc/misp/book.pdf" }},
     "pluginsConfig": {
         "github": {
diff --git a/publish.sh b/publish.sh
index d0055d5..56824aa 100755
--- a/publish.sh
+++ b/publish.sh
@@ -1,8 +1,13 @@
 #!/bin/bash
+echo "1/4 html"
 gitbook build
+echo "2/4 pdf"
 gitbook pdf
+echo "3/4 epub"
 gitbook epub
+echo "4/4 mobi"
 gitbook mobi
+echo "Done"
 mv book.pdf _book
 mv book.epub _book
 mv book.mobi _book