misp-training/README.md

159 lines
14 KiB
Markdown
Raw Normal View History

2018-12-27 16:24:00 +01:00
# MISP Training Materials
2018-12-30 05:42:24 +01:00
This repository includes all the training materials in use such as
2018-12-29 16:48:26 +01:00
- Core MISP (software and standard) trainings
2018-12-30 05:42:24 +01:00
- Threat intelligence and OSINT training
- Building information sharing communities workshop
2018-12-27 16:24:00 +01:00
2018-12-30 05:42:24 +01:00
All the materials are available with the complete LaTeX source code meant to assist in contributing or extending the training materials. A special attention is given to the open source licensing
2018-12-30 05:50:30 +01:00
given to the materials. We welcome contributions in order to improve the training set for threat intelligence, intelligence gathering and analysis along with specific aspects of information sharing/exchange in information and national security.
2018-12-27 16:24:00 +01:00
## Materials
2021-02-11 09:59:42 +01:00
| Slides (PDF) | Source Code |
2018-12-29 23:03:22 +01:00
| ------------ | ----------- |
2021-02-11 09:59:42 +01:00
| [0-misp-introduction-to-information-sharing](https://www.misp-project.org/misp-training/0-misp-introduction-to-information-sharing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/0-misp-introduction-to-information-sharing) |
2022-09-16 11:39:22 +02:00
| [MISP Data model overview (quick)](https://raw.githubusercontent.com/MISP/misp-training/477bdc9c71f77abd572f11c98f3ac8ecabe54310/complementary/other-slides/a.11.a-misp-data-model-overview.pdf) | |
2023-02-21 09:05:29 +01:00
| [MISP Ten Commandments](https://github.com/MISP/misp-training/blob/main/complementary/other-slides/MISP%2010%20Commandments%20-%20Recommendations%20and%20Best%20Practices%20when%20encoding%20data.pdf)||
| [1-misp-usage](https://www.misp-project.org/misp-training/1-misp-usage.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1-misp-usage) |
| [1.2-misp-integration](https://www.misp-project.org/misp-training/1.2-misp-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2-misp-integration) |
| [1.1-misp-viper-integration](https://www.misp-project.org/misp-training/1.1-misp-viper-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.1-misp-viper-integration) |
| [1.2.1-misp-integration-mail2misp](https://www.misp-project.org/misp-training/1.2.1-misp-integration-mail2misp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2.1-misp-integration-mail2misp) |
| [2-misp-administration](https://www.misp-project.org/misp-training/2-misp-administration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/2-misp-administration) |
| [3-misp-taxonomy-tagging](https://www.misp-project.org/misp-training/3-misp-taxonomy-tagging.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3-misp-taxonomy-tagging) |
| [3.1-misp-modules](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.1-misp-modules) |
| [3.2-misp-galaxy](https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.2-misp-galaxy) |
| [3.3-misp-object-template](https://www.misp-project.org/misp-training/3.3-misp-object-template.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.3-misp-object-template) |
| [6.0-misp-dashboard](https://www.misp-project.org/misp-training/6.0-misp-dashboard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/6.0-misp-dashboard) |
| [a.0-contributing](https://www.misp-project.org/misp-training/a.0-contributing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.0-contributing) |
| [a.1-devintro](https://www.misp-project.org/misp-training/a.1-devintro.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.1-devintro) |
| [a.2-pymisp](https://www.misp-project.org/misp-training/a.2-pymisp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.2-pymisp) |
| [a.3-misp-feed](https://www.misp-project.org/misp-training/a.3-misp-feed.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.3-misp-feed) |
| [a.4-best-practices](https://www.misp-project.org/misp-training/a.4-best-practices.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.4-best-practices) |
| [a.5-decaying-indicators](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-decaying-indicators) |
2021-02-11 09:59:42 +01:00
| [a.5-bis-decaying-indicators-light-version](https://www.misp-project.org/misp-training/a.5-bis-decaying-indicators-light-version.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-bis-decaying-indicators-light-version) |
| [a.6-forensic](https://www.misp-project.org/misp-training/a.6-forensic.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.6-forensic) |
| [a.7-rest-API](https://www.misp-project.org/misp-training/a.7-rest-API.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.7-rest-API) |
2021-02-11 09:59:42 +01:00
| [b.1-best-practices-in-threat-intelligence](https://www.misp-project.org/misp-training/b.1-best-practices-in-threat-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.1-best-practices-in-threat-intelligence) |
2022-02-09 15:07:19 +01:00
| [b.5-turning-data-into-actionable-intelligence-training](https://www.misp-project.org/misp-training/b.5-turning-data-into-actionable-intelligence-training.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.5-turning-data-into-actionable-intelligence-training) |
| [a.8-dev-hands-on](https://www.misp-project.org/misp-training/a.8-dev-hands-on.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.8-dev-hands-on) |
| [a.9-restsearch-dev](https://www.misp-project.org/misp-training/a.9-restsearch-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.9-restsearch-dev) |
| [a.10-galaxy-2.0](https://www.misp-project.org/misp-training/a.10-galaxy-2.0.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.10-galaxy-2.0) |
| [a.11-misp-data-model](https://www.misp-project.org/misp-training/a.11-misp-data-model.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.11-misp-data-model) |
| [a.12-misp-workflows](https://www.misp-project.org/misp-training/a.12-misp-workflows.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.12-misp-workflows) |
2022-09-16 11:39:22 +02:00
| [a.13-misp-stix](https://www.misp-project.org/misp-training/a.13-misp-stix.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.13-misp-stix) |
| [a.a-widget-dev](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.a-widget-dev) |
2021-02-11 09:59:42 +01:00
| [b.2-turning-data-into-actionable-intelligence](https://www.misp-project.org/misp-training/b.2-turning-data-into-actionable-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.2-turning-data-into-actionable-intelligence) |
| [4-misp-standard](https://www.misp-project.org/misp-training/4-misp-standard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/4-misp-standard) |
| [x.13-exercise-movie](https://www.misp-project.org/misp-training/x.13-exercise-movie.pdf) | [source](https://github.com/MISP/misp-training/tree/main/x.13-exercise-movie) |
| [a.b-cli](https://www.misp-project.org/misp-training/a.b-cli.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.b-cli) |
2021-02-19 14:42:41 +01:00
| [a.c-deployment](https://www.misp-project.org/misp-training/a.c-deployment.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.c-deployment) |
2018-12-27 16:24:00 +01:00
### Complementary materials
| Slides (PDF) | Source Code |
| ------------ | ----------- |
| [complete slide desk in one PDF](https://www.misp-project.org/misp-training/misp-training.pdf) | [source](https://github.com/MISP/misp-training/) |
| [MISP training cheat-sheet](https://www.misp-project.org/misp-training/cheatsheet.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/compact-cheatsheet) |
| [MISP feature list (for the trainers)](https://www.misp-project.org/misp-training/usage.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/checklist) |
### Additional documentation
- [MISP Book](https://github.com/MISP/misp-book/) - [PDF](https://www.circl.lu/doc/misp/book.pdf) [ePub](https://www.circl.lu/doc/misp/book.epub) [Kindle mobi](https://www.circl.lu/doc/misp/book.mobi) [HTML](https://www.circl.lu/doc/misp/)
- [Best Practices in Threat Intelligence](https://github.com/MISP/best-practices-in-threat-intelligence) [PDF](https://www.misp-project.org/best-practices-in-threat-intelligence.pdf) [HTML](https://www.misp-project.org/best-practices-in-threat-intelligence.html)
- [MISP Galaxy (HTML)](https://www.misp-project.org/galaxy.html) - [PDF](https://www.misp-project.org/galaxy.pdf)
- [MISP Galaxy dedicated website](https://www.misp-galaxy.org/)
- [MISP Taxonomies (HTML)](https://www.misp-project.org/taxonomies.html) - [PDF](https://www.misp-project.org/taxonomies.pdf)
- [MISP Objects template (HTML)](https://www.misp-project.org/objects.html) - [PDF](https://www.misp-project.org/objects.pdf)
- [Guidelines to setting up an information sharing community such as an ISAC or ISAO](https://github.com/MISP/misp-compliance/blob/master/setting-up-ISACs/guidelines_to_set-up_an_ISAC.md) - [PDF](https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf)
2019-04-13 09:44:00 +02:00
- [Official MISP Install Guides](https://misp.github.io/MISP/)
2018-12-30 10:22:37 +01:00
### MISP Training videos
Sample videos which can be used to understand how the training materials are used in companion with a live MISP demo instance.
2022-12-20 09:02:18 +01:00
- [MISP Workflow](https://www.youtube.com/watch?v=OyLE2g4zii0) - 16th December 2022
- [MISP Best Practices for encoding threat intelligence (3 hours - online)](https://www.youtube.com/watch?v=JIeiwzY7Fvs) - 15th December 2022
2022-09-16 11:41:42 +02:00
- [MISP Training Administration and Deployment of MISP software](https://youtu.be/sIHTRIwF-Mk) - 14th September 2022
- [MISP Training Threat Intelligence Introduction for Analysts and Security Professional](https://youtu.be/sb36MMRTtLM) - 13th September 2022
- [Fundamentals MISP given FIRSTdotOrg 2021 Virtual Symposium African and Arab regions](https://www.youtube.com/watch?v=00jq7Gbqdz8) - 18th December 2021
2021-04-20 12:10:55 +02:00
- [MISP General Usage Training - Part 1 of 2](https://www.youtube.com/watch?v=-NuODyh1YJE)
- [MISP General Usage Training - Part 2 of 2](https://www.youtube.com/watch?v=LlKnh5b0bgw)
2021-03-04 09:15:54 +01:00
- [MISP Training Usage - Training given the 2nd March 2021 - 2h50 min](https://cra.circl.lu/videos/MISP-Usage-Training-20210302.mp4)
- [MISP Training Administration and Building Communities- Training given the 3rd March 2021 - 2h56min](https://cra.circl.lu/videos/MISP-Administration-and-Building-Communities-20210303.mp4)
2018-12-30 10:22:37 +01:00
- [MISP Training Module 1 - An Introduction to Cybersecurity Information Sharing](https://www.youtube.com/watch?v=aM7czPsQyaI)
- [MISP Training Module 2 - General usage of MISP](https://www.youtube.com/watch?v=Jqp8CVHtNVk)
2020-05-26 09:57:17 +02:00
- [MISP covid-19 sharing community - introduction](https://peertube.opencloud.lu/videos/watch/4f7acd4c-a909-4315-87aa-38ba95cceaf2)
2018-12-30 10:22:37 +01:00
#### Passive DNS and MISP - Training videos
- [Farsight Passive DNS and MISP - Part I](https://vimeo.com/561877178/ac09629591)
- [Farsight Passive DNS and MISP - Part II](https://vimeo.com/561903295/8af1d6692b)
- [Farsight Passive DNS and MISP - Part III](https://vimeo.com/561908216/764a2e19e4)
2019-02-26 11:29:25 +01:00
### MISP Training support videos
Those are videos to support MISP trainings or demonstrations at large:
- [MISP Event graph demo](https://www.youtube.com/watch?v=NYvKLwoBYwc&t=8s)
- [MISP Tutorial - Enablings Feeds](https://www.youtube.com/watch?v=k3l-CtOgQro)
2018-12-30 10:35:02 +01:00
### MISP Training VMs
2021-07-07 13:27:11 +02:00
Pre-built MISP training VMs are available at [https://vm.misp-project.org/](https://vm.misp-project.org/).
2018-12-30 10:35:02 +01:00
2018-12-27 16:24:00 +01:00
## Source Code
2018-12-30 05:50:30 +01:00
The full source code of the training slide decks are available. You'll need to have an operating system with a recent installation of LaTeX including latex-beamer to work with them.
To build the complete set of training materials:
~~~~bash
bash build.sh
~~~~
2018-12-29 17:46:35 +01:00
The output directory will contain all the generated PDF files and the PDF file called `misp-training.pdf` which is the complete handout of all the slides.
**Note**: In case the rendering is somewhat broken, it might be related to latex using the styles installed systemwide in `/usr/share/texlive/texmf-dist/tex/latex/beamertheme-focus`. Removing this directory will solve the problem.
2022-05-20 17:26:50 +02:00
## Dependencies
[FiraMath Font](https://github.com/firamath/firamath/releases)
XeLaTex, can be parametered in .tex header (works in TeXshop):
```
% !TEX TS-program = xelatex
% !TEX encoding = UTF-8 Unicode
```
2018-12-27 16:24:00 +01:00
## License, Attribution and Funding
All the materials are dual-licensed under GNU Affero General Public License version 3 or later and
2018-12-30 05:50:30 +01:00
the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending
2018-12-27 16:24:00 +01:00
of your use case of the training materials.
2018-12-30 05:50:30 +01:00
The MISP project training materials are co-financed and supported by CIRCL Computer Incident Response Center Luxembourg[](https://www.circl.lu/) and co-financed by a CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security as *Improving MISP as building blocks for next-generation information sharing*.
2018-12-27 16:24:00 +01:00
![](https://www.misp-project.org/assets/images/en_cef.png)
![](https://www.circl.lu/assets/images/logo.png)
2018-12-30 05:50:30 +01:00
All the source code is available at [https://www.github.com/MISP/misp-training](https://www.github.com/MISP/misp-training).
2018-12-27 16:24:00 +01:00
2018-12-30 05:50:30 +01:00
If you reuse the training materials, don't forget to include the above for attribution.
2018-12-27 16:24:00 +01:00
## Contributors in alphabetical order
- Steve Clement [:house:](https://github.com/SteveClement)
- Alexandre Dulaunoy [:house:](https://github.com/adulau)
- Andras Iklody [:house:](https://github.com/iglocska)
- Sami Mokaddem [:house:](https://github.com/mokaddem)
- Sascha Rommelfangen [:house:](https://github.com/rommelfs)
2018-12-27 16:24:00 +01:00
- Christian Studer [:house:](https://github.com/chrisr3d)
- Raphaël Vinot [:house:](https://github.com/rafiot)
- Gerard Wagener [:house:](https://github.com/haegardev)