diff --git a/build.sh b/build.sh index ed0b448..bc2a719 100644 --- a/build.sh +++ b/build.sh @@ -20,6 +20,15 @@ cd complementary/ack pdflatex ack.tex rm *.aux *.log *.out cp ack.pdf ../../output +rm ack.pdf +cd ../.. + +echo "Generating cheatsheet..." +cd training-support/compact-cheatsheet/ +pdflatex cheatsheet.tex +rm *.aux *.toc *.snm *.log *.out *.nav *.vrb +cp cheatsheet.pdf ../../output +rm cheatsheet.pdf cd ../.. echo "Generating handout..." @@ -29,7 +38,7 @@ for pdf in ${slidedecks[@]}; do done echo ${listofpdf} -pdfunite ${listofpdf} ack.pdf ../misp-training.pdf +pdfunite ${listofpdf} cheatsheet.pdf ack.pdf ../misp-training.pdf cd .. exiftool -overwrite_original_in_place -Title="MISP Training and Slide Decks" -Author="CIRCL Computer Incident Response Center Luxembourg" -Subject="MISP Threat Intelligence Platform Training Materials" -Keywords="MISP Threat Intelligence CTI STIX information sharing yara sigma suricata snort bro openioc threat-actor TIP threat intelligence platform circl.lu training cybersecurity MISPProject" misp-training.pdf diff --git a/training-support/compact-cheatsheet/cheatsheet.tex b/training-support/compact-cheatsheet/cheatsheet.tex new file mode 100644 index 0000000..9cfe00e --- /dev/null +++ b/training-support/compact-cheatsheet/cheatsheet.tex @@ -0,0 +1,124 @@ +\documentclass[10pt,landscape]{article} +\usepackage{multicol} +\usepackage{calc} +\usepackage{ifthen} +\usepackage[landscape]{geometry} +\usepackage[colorlinks = true, + linkcolor = blue, + urlcolor = blue, + citecolor = blue, + anchorcolor = blue]{hyperref} +\usepackage{graphicx} +\usepackage[T1]{fontenc} +\usepackage[bitstream-charter]{mathdesign} +% Based on the LaTeX cheatsheet + +% This sets page margins to .5 inch if using letter paper, and to 1cm +% if using A4 paper. (This probably isn't strictly necessary.) +% If using another size paper, use default 1cm margins. +\ifthenelse{\lengthtest { \paperwidth = 11in}} + { \geometry{top=.5in,left=.5in,right=.5in,bottom=.5in} } + {\ifthenelse{ \lengthtest{ \paperwidth = 297mm}} + {\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} } + {\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} } + } + +% Turn off header and footer +\pagestyle{empty} +% Redefine section commands to use less space +\makeatletter +\renewcommand{\section}{\@startsection{section}{1}{0mm}% + {-1ex plus -.5ex minus -.2ex}% + {0.5ex plus .2ex}%x + {\normalfont\large\bfseries}} +\renewcommand{\subsection}{\@startsection{subsection}{2}{0mm}% + {-1explus -.5ex minus -.2ex}% + {0.5ex plus .2ex}% + {\normalfont\normalsize\bfseries}} +\renewcommand{\subsubsection}{\@startsection{subsubsection}{3}{0mm}% + {-1ex plus -.5ex minus -.2ex}% + {1ex plus .2ex}% + {\normalfont\small\bfseries}} +\makeatother + +% Define BibTeX command +\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em + T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}} + +% Don't print section numbers +\setcounter{secnumdepth}{0} + + +\setlength{\parindent}{0pt} +\setlength{\parskip}{0pt plus 0.5ex} + + +\begin{document} + +\raggedright +\footnotesize +\begin{multicols}{3} + + +% multicol parameters +% These lengths are set only within the two main columns +%\setlength{\columnseprule}{0.25pt} +\setlength{\premulticols}{1pt} +\setlength{\postmulticols}{1pt} +\setlength{\multicolsep}{1pt} +\setlength{\columnsep}{2pt} + +\begin{center} + \includegraphics{misp.pdf}\\ + \Large{\textbf{MISP Training Cheat Sheet}} \\ +\end{center} + +\section{Virtual Machine (MISP Training VM)} + +The MISP Training VM is available at the following location : \url{https://www.circl.lu/misp-images/latest/}.\\ +The VM can be imported in VirtualBox or VMWare as an appliance (OVA).\\ +{\it The MISP training VM includes multiple applications and packages which are configured by default without + production-ready secure settings. We strongly recommend to not use this VM for production and/or for storing sensitive information.}\\ +\section{Default URL and (username/password)} + + \begin{itemize} + \item MISP web interface - \url{http://127.0.0.1} (NAT: \url{http://127.0.0.1:8080}) ({\bf admin@admin.test/admin}) + \item MISP-modules - \url{http://127.0.0.1:6666} + \item MISP-dashboard - \url{http://127.0.0.1:8001} + \item Viper-web - http://127.0.0.1:8888 (admin/Password1234) + \item jupyter-notebook - http://127.0.0.1:8889 + \item system credentials via ssh/terminal - (misp/Password1234) + \end{itemize} + +\section{How to get the API key of my user?} + Go to the MISP web interface, and simply click your username in the right upper corner to see your user profile which includes your API key. +\section{How to reset a password in MISP?} +If you did any specific mistake while setting up your password at the first loging. You can reset the password by login + on the system (via SSH or terminal) and type the following command: +{\tt /var/www/MISP/app/Console/cake Password admin@admin.test YourTemporaryPasssword} +\section{How to reset the bruteforce login protection?} +While trying to log into MISP multiple times unsuccessfuly, the bruteforce protection might be triggered. You can reset the bruteforce + login protection's state by loging into the system (via SSH or terminal) and typing the following command: +{\tt /var/www/MISP/app/Console/cake Admin clearBruteforce} + \section{How to upgrade MISP to the latest version?} +Log in via SSH or terminal and type the following commands (your VM must have an Internet access): + \begin{enumerate} + \item {\tt cd /var/www/MISP} + \item {\tt git pull origin 2.4} + \item {\tt git submodule update ----init ----recursive} + \end{enumerate} + \section{Getting OSINT information into your MISP} + By default, a fresh installation of MISP is emtpy as we prefer to leave it up to the users to store, gather and share the information they need. If you would like to populate your MISP with some real-life data, simply enable the CIRCL OSINT feed, which contains cybersecurity threat-related information. In order to enable the OSINT feed, go to $\rightarrow$ {\tt Sync Actions} then $\rightarrow$ {\tt List Feeds}. Then select the first feed's (called {\tt CIRCL OSINT Feed}) checkbox and click on top {\tt Enable Selected}. Then on the right side of the {\tt CIRCL OSINT Feed} row, simply click the icon depicting a downward pointing arrow in a circle. Once you go back to the event index, the events will start appearing gradually. + +\section{Training materials and documentation} + The MISP training materials are available at the following location \url{https://www.circl.lu/services/misp-training-materials/} and are freely licensed under CC-BY-SA. + MISP book is available at the following location \url{https://www.circl.lu/doc/misp/}. + + +\rule{0.3\linewidth}{0.25pt} +\scriptsize + +Copyright \copyright\ 2018 MISP Project licensed under CC-BY-SA + +\end{multicols} +\end{document} diff --git a/training-support/compact-cheatsheet/misp.pdf b/training-support/compact-cheatsheet/misp.pdf new file mode 100644 index 0000000..f7a3f9d Binary files /dev/null and b/training-support/compact-cheatsheet/misp.pdf differ