2018-12-27 16:24:00 +01:00
# MISP Training Materials
2018-12-30 05:42:24 +01:00
This repository includes all the training materials in use such as
2018-12-29 16:48:26 +01:00
- Core MISP (software and standard) trainings
2018-12-30 05:42:24 +01:00
- Threat intelligence and OSINT training
- Building information sharing communities workshop
2018-12-27 16:24:00 +01:00
2018-12-30 05:42:24 +01:00
All the materials are available with the complete LaTeX source code meant to assist in contributing or extending the training materials. A special attention is given to the open source licensing
2018-12-30 05:50:30 +01:00
given to the materials. We welcome contributions in order to improve the training set for threat intelligence, intelligence gathering and analysis along with specific aspects of information sharing/exchange in information and national security.
2018-12-27 16:24:00 +01:00
## Materials
2021-02-11 09:59:42 +01:00
2018-12-29 23:02:08 +01:00
| Slides (PDF) | Source Code |
2018-12-29 23:03:22 +01:00
| ------------ | ----------- |
2021-02-11 09:59:42 +01:00
| [0-misp-introduction-to-information-sharing ](https://www.misp-project.org/misp-training/0-misp-introduction-to-information-sharing.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/0-misp-introduction-to-information-sharing ) |
2022-09-16 11:39:22 +02:00
| [MISP Data model overview (quick) ](https://raw.githubusercontent.com/MISP/misp-training/477bdc9c71f77abd572f11c98f3ac8ecabe54310/complementary/other-slides/a.11.a-misp-data-model-overview.pdf ) | |
2023-02-21 09:05:29 +01:00
| [MISP Ten Commandments ](https://github.com/MISP/misp-training/blob/main/complementary/other-slides/MISP%2010%20Commandments%20-%20Recommendations%20and%20Best%20Practices%20when%20encoding%20data.pdf )||
2021-02-11 09:53:37 +01:00
| [1-misp-usage ](https://www.misp-project.org/misp-training/1-misp-usage.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/1-misp-usage ) |
| [1.2-misp-integration ](https://www.misp-project.org/misp-training/1.2-misp-integration.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/1.2-misp-integration ) |
| [1.1-misp-viper-integration ](https://www.misp-project.org/misp-training/1.1-misp-viper-integration.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/1.1-misp-viper-integration ) |
| [1.2.1-misp-integration-mail2misp ](https://www.misp-project.org/misp-training/1.2.1-misp-integration-mail2misp.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/1.2.1-misp-integration-mail2misp ) |
| [2-misp-administration ](https://www.misp-project.org/misp-training/2-misp-administration.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/2-misp-administration ) |
| [3-misp-taxonomy-tagging ](https://www.misp-project.org/misp-training/3-misp-taxonomy-tagging.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/3-misp-taxonomy-tagging ) |
| [3.1-misp-modules ](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/3.1-misp-modules ) |
| [3.2-misp-galaxy ](https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/3.2-misp-galaxy ) |
| [3.3-misp-object-template ](https://www.misp-project.org/misp-training/3.3-misp-object-template.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/3.3-misp-object-template ) |
| [6.0-misp-dashboard ](https://www.misp-project.org/misp-training/6.0-misp-dashboard.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/6.0-misp-dashboard ) |
| [a.0-contributing ](https://www.misp-project.org/misp-training/a.0-contributing.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.0-contributing ) |
| [a.1-devintro ](https://www.misp-project.org/misp-training/a.1-devintro.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.1-devintro ) |
| [a.2-pymisp ](https://www.misp-project.org/misp-training/a.2-pymisp.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.2-pymisp ) |
| [a.3-misp-feed ](https://www.misp-project.org/misp-training/a.3-misp-feed.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.3-misp-feed ) |
| [a.4-best-practices ](https://www.misp-project.org/misp-training/a.4-best-practices.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.4-best-practices ) |
| [a.5-decaying-indicators ](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.5-decaying-indicators ) |
2021-02-11 09:59:42 +01:00
| [a.5-bis-decaying-indicators-light-version ](https://www.misp-project.org/misp-training/a.5-bis-decaying-indicators-light-version.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.5-bis-decaying-indicators-light-version ) |
2021-02-11 09:53:37 +01:00
| [a.6-forensic ](https://www.misp-project.org/misp-training/a.6-forensic.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.6-forensic ) |
| [a.7-rest-API ](https://www.misp-project.org/misp-training/a.7-rest-API.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.7-rest-API ) |
2021-02-11 09:59:42 +01:00
| [b.1-best-practices-in-threat-intelligence ](https://www.misp-project.org/misp-training/b.1-best-practices-in-threat-intelligence.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/b.1-best-practices-in-threat-intelligence ) |
2022-02-09 15:07:19 +01:00
| [b.5-turning-data-into-actionable-intelligence-training ](https://www.misp-project.org/misp-training/b.5-turning-data-into-actionable-intelligence-training.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/b.5-turning-data-into-actionable-intelligence-training ) |
2021-02-11 09:53:37 +01:00
| [a.8-dev-hands-on ](https://www.misp-project.org/misp-training/a.8-dev-hands-on.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.8-dev-hands-on ) |
| [a.9-restsearch-dev ](https://www.misp-project.org/misp-training/a.9-restsearch-dev.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.9-restsearch-dev ) |
| [a.10-galaxy-2.0 ](https://www.misp-project.org/misp-training/a.10-galaxy-2.0.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.10-galaxy-2.0 ) |
| [a.11-misp-data-model ](https://www.misp-project.org/misp-training/a.11-misp-data-model.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.11-misp-data-model ) |
2022-08-03 11:38:29 +02:00
| [a.12-misp-workflows ](https://www.misp-project.org/misp-training/a.12-misp-workflows.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.12-misp-workflows ) |
2022-09-16 11:39:22 +02:00
| [a.13-misp-stix ](https://www.misp-project.org/misp-training/a.13-misp-stix.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.13-misp-stix ) |
2021-02-11 09:53:37 +01:00
| [a.a-widget-dev ](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.a-widget-dev ) |
2021-02-11 09:59:42 +01:00
| [b.2-turning-data-into-actionable-intelligence ](https://www.misp-project.org/misp-training/b.2-turning-data-into-actionable-intelligence.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/b.2-turning-data-into-actionable-intelligence ) |
2021-02-11 09:53:37 +01:00
| [4-misp-standard ](https://www.misp-project.org/misp-training/4-misp-standard.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/4-misp-standard ) |
| [x.13-exercise-movie ](https://www.misp-project.org/misp-training/x.13-exercise-movie.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/x.13-exercise-movie ) |
| [a.b-cli ](https://www.misp-project.org/misp-training/a.b-cli.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.b-cli ) |
2021-02-19 14:42:41 +01:00
| [a.c-deployment ](https://www.misp-project.org/misp-training/a.c-deployment.pdf ) | [source ](https://github.com/MISP/misp-training/tree/main/a.c-deployment ) |
2020-12-23 17:29:37 +01:00
2018-12-27 16:24:00 +01:00
### Complementary materials
2018-12-29 23:15:35 +01:00
| Slides (PDF) | Source Code |
| ------------ | ----------- |
| [complete slide desk in one PDF ](https://www.misp-project.org/misp-training/misp-training.pdf ) | [source ](https://github.com/MISP/misp-training/ ) |
| [MISP training cheat-sheet ](https://www.misp-project.org/misp-training/cheatsheet.pdf ) | [source ](https://github.com/MISP/misp-training/tree/master/training-support/compact-cheatsheet ) |
| [MISP feature list (for the trainers) ](https://www.misp-project.org/misp-training/usage.pdf ) | [source ](https://github.com/MISP/misp-training/tree/master/training-support/checklist ) |
2018-12-30 10:17:02 +01:00
### Additional documentation
- [MISP Book ](https://github.com/MISP/misp-book/ ) - [PDF ](https://www.circl.lu/doc/misp/book.pdf ) [ePub ](https://www.circl.lu/doc/misp/book.epub ) [Kindle mobi ](https://www.circl.lu/doc/misp/book.mobi ) [HTML ](https://www.circl.lu/doc/misp/ )
- [Best Practices in Threat Intelligence ](https://github.com/MISP/best-practices-in-threat-intelligence ) [PDF ](https://www.misp-project.org/best-practices-in-threat-intelligence.pdf ) [HTML ](https://www.misp-project.org/best-practices-in-threat-intelligence.html )
- [MISP Galaxy (HTML) ](https://www.misp-project.org/galaxy.html ) - [PDF ](https://www.misp-project.org/galaxy.pdf )
2024-04-25 09:09:09 +02:00
- [MISP Galaxy dedicated website ](https://www.misp-galaxy.org/ )
2018-12-30 10:17:02 +01:00
- [MISP Taxonomies (HTML) ](https://www.misp-project.org/taxonomies.html ) - [PDF ](https://www.misp-project.org/taxonomies.pdf )
- [MISP Objects template (HTML) ](https://www.misp-project.org/objects.html ) - [PDF ](https://www.misp-project.org/objects.pdf )
2019-04-13 09:40:54 +02:00
- [Guidelines to setting up an information sharing community such as an ISAC or ISAO ](https://github.com/MISP/misp-compliance/blob/master/setting-up-ISACs/guidelines_to_set-up_an_ISAC.md ) - [PDF ](https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf )
2019-04-13 09:44:00 +02:00
- [Official MISP Install Guides ](https://misp.github.io/MISP/ )
2018-12-30 10:17:02 +01:00
2018-12-30 10:22:37 +01:00
### MISP Training videos
Sample videos which can be used to understand how the training materials are used in companion with a live MISP demo instance.
2022-12-20 09:02:18 +01:00
- [MISP Workflow ](https://www.youtube.com/watch?v=OyLE2g4zii0 ) - 16th December 2022
- [MISP Best Practices for encoding threat intelligence (3 hours - online) ](https://www.youtube.com/watch?v=JIeiwzY7Fvs ) - 15th December 2022
2022-09-16 11:41:42 +02:00
- [MISP Training Administration and Deployment of MISP software ](https://youtu.be/sIHTRIwF-Mk ) - 14th September 2022
- [MISP Training Threat Intelligence Introduction for Analysts and Security Professional ](https://youtu.be/sb36MMRTtLM ) - 13th September 2022
2022-01-09 11:49:27 +01:00
- [Fundamentals MISP given FIRSTdotOrg 2021 Virtual Symposium African and Arab regions ](https://www.youtube.com/watch?v=00jq7Gbqdz8 ) - 18th December 2021
2021-04-20 12:10:55 +02:00
- [MISP General Usage Training - Part 1 of 2 ](https://www.youtube.com/watch?v=-NuODyh1YJE )
- [MISP General Usage Training - Part 2 of 2 ](https://www.youtube.com/watch?v=LlKnh5b0bgw )
2021-03-04 09:15:54 +01:00
- [MISP Training Usage - Training given the 2nd March 2021 - 2h50 min ](https://cra.circl.lu/videos/MISP-Usage-Training-20210302.mp4 )
- [MISP Training Administration and Building Communities- Training given the 3rd March 2021 - 2h56min ](https://cra.circl.lu/videos/MISP-Administration-and-Building-Communities-20210303.mp4 )
2018-12-30 10:22:37 +01:00
- [MISP Training Module 1 - An Introduction to Cybersecurity Information Sharing ](https://www.youtube.com/watch?v=aM7czPsQyaI )
- [MISP Training Module 2 - General usage of MISP ](https://www.youtube.com/watch?v=Jqp8CVHtNVk )
2020-05-26 09:57:17 +02:00
- [MISP covid-19 sharing community - introduction ](https://peertube.opencloud.lu/videos/watch/4f7acd4c-a909-4315-87aa-38ba95cceaf2 )
2018-12-30 10:22:37 +01:00
2021-06-15 17:26:55 +02:00
#### Passive DNS and MISP - Training videos
- [Farsight Passive DNS and MISP - Part I ](https://vimeo.com/561877178/ac09629591 )
- [Farsight Passive DNS and MISP - Part II ](https://vimeo.com/561903295/8af1d6692b )
- [Farsight Passive DNS and MISP - Part III ](https://vimeo.com/561908216/764a2e19e4 )
2019-02-26 11:29:25 +01:00
### MISP Training support videos
Those are videos to support MISP trainings or demonstrations at large:
- [MISP Event graph demo ](https://www.youtube.com/watch?v=NYvKLwoBYwc&t=8s )
- [MISP Tutorial - Enablings Feeds ](https://www.youtube.com/watch?v=k3l-CtOgQro )
2018-12-30 10:35:02 +01:00
### MISP Training VMs
2021-07-07 13:27:11 +02:00
Pre-built MISP training VMs are available at [https://vm.misp-project.org/ ](https://vm.misp-project.org/ ).
2018-12-30 10:35:02 +01:00
2018-12-27 16:24:00 +01:00
## Source Code
2018-12-30 05:50:30 +01:00
The full source code of the training slide decks are available. You'll need to have an operating system with a recent installation of LaTeX including latex-beamer to work with them.
2018-12-29 17:45:44 +01:00
To build the complete set of training materials:
~~~~bash
bash build.sh
~~~~
2018-12-29 17:46:35 +01:00
The output directory will contain all the generated PDF files and the PDF file called `misp-training.pdf` which is the complete handout of all the slides.
2018-12-29 17:45:44 +01:00
2019-05-27 13:42:34 +02:00
**Note**: In case the rendering is somewhat broken, it might be related to latex using the styles installed systemwide in `/usr/share/texlive/texmf-dist/tex/latex/beamertheme-focus` . Removing this directory will solve the problem.
2022-05-20 17:26:50 +02:00
## Dependencies
[FiraMath Font ](https://github.com/firamath/firamath/releases )
XeLaTex, can be parametered in .tex header (works in TeXshop):
```
% !TEX TS-program = xelatex
% !TEX encoding = UTF-8 Unicode
```
2018-12-27 16:24:00 +01:00
## License, Attribution and Funding
All the materials are dual-licensed under GNU Affero General Public License version 3 or later and
2018-12-30 05:50:30 +01:00
the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending
2018-12-27 16:24:00 +01:00
of your use case of the training materials.
2018-12-30 05:50:30 +01:00
The MISP project training materials are co-financed and supported by CIRCL Computer Incident Response Center Luxembourg[](https://www.circl.lu/) and co-financed by a CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security as *Improving MISP as building blocks for next-generation information sharing* .
2018-12-27 16:24:00 +01:00
![](https://www.misp-project.org/assets/images/en_cef.png)
![](https://www.circl.lu/assets/images/logo.png)
2018-12-30 05:50:30 +01:00
All the source code is available at [https://www.github.com/MISP/misp-training ](https://www.github.com/MISP/misp-training ).
2018-12-27 16:24:00 +01:00
2018-12-30 05:50:30 +01:00
If you reuse the training materials, don't forget to include the above for attribution.
2019-05-27 13:42:34 +02:00
2018-12-27 16:24:00 +01:00
## Contributors in alphabetical order
- Steve Clement [:house: ](https://github.com/SteveClement )
- Alexandre Dulaunoy [:house: ](https://github.com/adulau )
- Andras Iklody [:house: ](https://github.com/iglocska )
- Sami Mokaddem [:house: ](https://github.com/mokaddem )
2018-12-29 17:02:45 +01:00
- Sascha Rommelfangen [:house: ](https://github.com/rommelfs )
2018-12-27 16:24:00 +01:00
- Christian Studer [:house: ](https://github.com/chrisr3d )
- Raphaël Vinot [:house: ](https://github.com/rafiot )
- Gerard Wagener [:house: ](https://github.com/haegardev )