MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [firstcon23:misp-workflow] Added existing blueprints

pull/24/head
Sami Mokaddem 2023-06-04 17:08:31 -04:00
parent 61d99afa32
commit 06b3ebf090
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
events/20230605-FIRSTCON23-Workflows/clean.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
rm *.aux *.listing *.log *.nav *.out *.snm *.toc *.vrb *.upa

15
events/20230605-FIRSTCON23-Workflows/content.tex
View File

@ -446,7 +446,7 @@ jq '.[] | select(.meta."module-type"[] | contains("action")) |
\begin{enumerate}
\item Prevent event publication if \textbf{tlp:red} tag
\item Send a mail to \texttt{admin@admin.test} about potential data leak
\item Otherwise, send a notification on Mattermost
\item Otherwise, send a notification on \textbf{Mattermost}, \textbf{MS Teams}, \textbf{Telegram}, ...
\end{enumerate}
\end{frame}
@ -547,6 +547,19 @@ jq '.[] | select(.meta."module-type"[] | contains("action")) |
\end{enumerate}
\end{frame}
\begin{frame}
\frametitle{Workflow blueprints}
\hspace*{0.9\textwidth}\includegraphics[width=32px]{pictures/blueprint-32.png}
\vspace*{-2em}
Currently, 4 blueprints available
\begin{itemize}
\item Attach the \texttt{tlp:clear} tag on elements having the \texttt{tlp:white} tag
\item Block actions if any attributes have the \texttt{PAP:RED} or \texttt{tlp:red} tag
\item Disable \texttt{to_ids} flag for existing hash in \textit{hashlookup}
\item Set tag based on \textit{BGP Ranking} maliciousness level
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Logic module: Concurrent Task}
\begin{itemize}

BIN
events/20230605-FIRSTCON23-Workflows/slide.pdf
View File

Binary file not shown.