diff --git a/a.12-misp-workflows-short/clean.sh b/a.12-misp-workflows-short/clean.sh new file mode 100755 index 0000000..bc963fd --- /dev/null +++ b/a.12-misp-workflows-short/clean.sh @@ -0,0 +1,2 @@ +#!/bin/bash +rm *.aux *.listing *.log *.nav *.out *.snm *.toc *.vrb *.upa diff --git a/a.12-misp-workflows-short/content.tex b/a.12-misp-workflows-short/content.tex new file mode 100755 index 0000000..df9c15a --- /dev/null +++ b/a.12-misp-workflows-short/content.tex @@ -0,0 +1,523 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\begin{frame}[t,plain] +\titlepage +\end{frame} + +\begin{frame} + \frametitle{Content of the presentation} + \huge + \begin{enumerate} + \item Automation in MISP + \vspace{0.5em} + \item MISP Workflows + \begin{itemize} + \Large + \item Fundamentals + \item Demo with examples + \item Using the system + \item How it can be extended + \end{itemize} + \end{enumerate} +\end{frame} + +\begin{frame} + \frametitle{Automation in MISP: What already exists?} + \includegraphics[valign=m,width=16px]{pictures/python-logo.png}\hspace*{0.5em} \textbf{MISP API / PyMISP} + \hspace*{0.25em} + \begin{itemize} + \small + \item Needs CRON Jobs in place + \item Potentially heavy for the server + \item Not realtime + \end{itemize} + \vspace*{1em} + \includegraphics[valign=m,width=16px]{pictures/zeromq.png}\hspace*{0.5em} \textbf{PubSub channels} + \hspace*{0.25em} + \begin{itemize} + \small + \item After the actions happen: No feedback to MISP + \item Tougher to put in place \& to share + \item Full integration amounts to develop a new tool + \end{itemize} + \vspace*{1.5em} + \begin{large} + $\rightarrow$ No way to \textbf{prevent} behavior\\ + $\rightarrow$ Difficult to setup \textbf{hooks} to execute callbacks + \end{large} +\end{frame} + +\begin{frame} + \frametitle{Simple automation in MISP made easy} + \begin{center} + \includegraphics[width=0.3\linewidth]{pictures/automation.png} + \end{center} + \begin{itemize} + \item \textbf{Visual} dataflow programming + \item \textbf{Drag \& Drop} editor + \item Flexible \textbf{Plug \& Play} system + \item \textbf{Share} workflows, \textbf{debug} and \textbf{replay} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Example of use-cases} + \begin{itemize} + \item \textbf{Notification} on specifc actions + \begin{itemize} + \item New events matching criteria + \item New users + \item Automated alerts for high-priority IOCs + \end{itemize} + \item \textbf{Extend} existing MISP behavior + \begin{itemize} + \item Push data to another system + \item Automatic enrichment + \item Sanity check to block publishing / sharing + \item Curation pipelines + \end{itemize} + \item \textbf{Hook} capabilities + \begin{itemize} + \item Assign tasks and notify incident response team members + \end{itemize} + \item ... + \end{itemize} +\end{frame} + +% \section{Workflow - Fundamentals} +\begin{frame} + \frametitle{ + \huge + Workflow - Fundamentals + \vspace{1em} + } + \textbf{Objective:} Start with the foundation to understand the basics + \begin{center} + \includegraphics[width=0.07\linewidth]{pictures/fundation} + \end{center} +\end{frame} + + +\begin{frame} + \frametitle{How does it work} + \begin{center} + \frame{\includegraphics[width=0.6\linewidth]{pictures/event-condition-action.png}} + \end{center} + \begin{enumerate} + \item An \textbf{event} happens in MISP + \item \textit{\scriptsize (optional)} Check if all \textbf{conditions} are satisfied + \item Execute all \textbf{actions} + \begin{itemize} + \item May prevent MISP to complete its original event + \end{itemize} + \end{enumerate} +\end{frame} + +\begin{frame} + \frametitle{What kind of events?} + \includegraphics[width=60px]{pictures/sc-event.png} + \vspace*{0.5em} + \begin{itemize} + \item New MISP Event + \item Attribute has been saved + \item New discussion post + \item New user created + \item Query against third-party services + \item ... + \end{itemize} + \vspace*{1em} + {\Large \faIcon{question-circle}} Supported events in MISP are called \textbf{Triggers}\\ + {\Large \faIcon{question-circle}} A \textbf{Trigger} is associated with \textbf{1-and-only-1 Workflow} +\end{frame} + +\begin{frame} + \frametitle{Triggers currently available} + Currently 11 triggers can be hooked. 3 being \includegraphics[width=36px]{pictures/blocking-workflow.png}. + \begin{center} + \includegraphics[width=1.0\linewidth]{pictures/triggers.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{What kind of conditions?} + \vspace*{0.25em} + \includegraphics[width=70px]{pictures/sc-condition.png} + \vspace*{0.25em} + \begin{itemize} + % \colorbox{red!100}{\textcolor{white}{\texttt{tlp:red}}} + \item A MISP Event is tagged with \texttt{tlp:red} + \item The distribution of an Attribute is a sharing group + \item The creator organisation is \texttt{circl.lu} + \item Or any other \textbf{generic} conditions + \end{itemize} + + \vspace*{0.5em} + {\Large \faIcon{question-circle}} These are also called \textbf{Logic modules} + \begin{center} + \includegraphics[width=0.43\textwidth]{pictures/logic-module.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Workflow - Logic modules} + \begin{itemize} + \item \includegraphics[width=12px]{pictures/sc-condition-icon.png} \textbf{logic} modules: Allow to redirect the execution flow. + \begin{itemize} + \item IF conditions + \item Delay execution + \end{itemize} + \end{itemize} + \begin{center} + \includegraphics[width=1.0\linewidth]{pictures/logic-module-index.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{What kind of actions?} + \vspace*{0.25em} + \includegraphics[width=60px]{pictures/sc-action.png} + \vspace*{0.25em} + \begin{itemize} + \item Send an email notification + \item Perform enrichments + \item Send a chat message on MS Teams + \item Attach a local tag + \item ... + \end{itemize} + + \vspace*{0.5em} + {\Large \faIcon{question-circle}} These are also called \textbf{Action modules} + \begin{center} + \includegraphics[width=0.43\textwidth]{pictures/action-module.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Workflow - Action modules} + \begin{itemize} + \item \includegraphics[width=12px]{pictures/sc-action-icon.png} \textbf{action} modules: Allow to executes operations + \begin{itemize} + \item Tag operations + \item Send notifications + \item Webhooks \& Custom scripts + \end{itemize} + \end{itemize} + \begin{center} + \includegraphics[width=0.95\linewidth]{pictures/action-module-index.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{What is a MISP Workflow?} + \begin{itemize} + \item Sequence of all nodes to be executed in a specific order + \item Workflows can be enabled / disabled + \item A Workflow is associated to \textbf{1-and-only-1 trigger} + \end{itemize} + \vspace*{0.5em} + \begin{center} + \frame{\includegraphics[width=1.0\linewidth]{pictures/simple-workflow.png}} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Sources of Workflow modules (0)} + Currently 36 built-in modules. + \vspace{1em} + \begin{itemize} + \item \textbf{Trigger} module (11): built-in \textbf{only} + \begin{itemize} + \item Get in touch if you want more + \end{itemize} + \item \textbf{Logic} module (10): built-in \& \textbf{custom} + \item \textbf{Action} module (20): built-in \& \textbf{custom} + \end{itemize} + \vspace*{2.0em} +\end{frame} + +\begin{frame} + \frametitle{Sources of Workflow modules (1)} + \begin{itemize} + \item Built-in \textbf{default} modules + \begin{itemize} + \item Part of the MISP codebase + \item Get in touch if you want us to increase the selection (or merge PR!) + \end{itemize} + \end{itemize} + \vspace*{0.5em} + \begin{center} + \includegraphics[width=0.8\linewidth]{pictures/module-buffet.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Sources of Workflow modules (2)} + User-defined \textbf{custom} modules + \vspace*{0.5em} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Written in PHP + \item Extend existing modules + \item MISP code reuse + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \includegraphics[width=1.0\linewidth]{pictures/php-joke.jpg} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Sources of Workflow modules (3)} + Modules from the \includegraphics[width=0.20\linewidth]{pictures/misp-module-icon.png} \textbf{enrichment service} + \vspace*{0.5em} + \begin{columns} + \begin{column}{0.50\textwidth} + \begin{itemize} + \item Written in Python + \item Can use any python libraries + \item Plug \& Play + \end{itemize} + \end{column} + \begin{column}{0.50\textwidth} + \includegraphics[width=1.0\linewidth]{pictures/python-joke.png} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Demo by examples} + \begin{enumerate} + \item[WF-1.] Send an email to \textbf{all admins} when a new event has been pulled + \vspace*{2em} + \item[WF-2.] Block queries on 3rd party services when \textbf{tlp:red} or \textbf{PAP:red} + \begin{itemize} + \item \textbf{tlp:red}: For the eyes and ears of individual recipients only + \item \textbf{PAP:RED}: Only passive actions that are not detectable from the outside + \end{itemize} + \end{enumerate} +\end{frame} + +\begin{frame} + \frametitle{Demo WF-1: Send an email to \textbf{all admins} when a new event has been pulled} + \begin{center} + \includegraphics[width=1.0\linewidth]{pictures/demo-wf1.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Demo WF-2: Block queries on 3rd party services when \textbf{tlp:red} or \textbf{PAP:red}} + \begin{itemize} + \small + \item \textbf{tlp:red}: For the eyes and ears of individual recipients only + \item \textbf{PAP:RED}: Only passive actions that are not detectable from the outside + \end{itemize} + \vspace*{1em} + \begin{center} + \includegraphics[width=1.0\linewidth]{pictures/demo-wf2.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Getting started with workflows} + \centering + {\Large Everything is ready?}\\ + \vspace*{3em} + {\LARGE Let's see how to build a workflow!} + \begin{center} + \includegraphics[width=24px]{pictures/build-icon.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Creating a workflow with the editor} + \begin{enumerate} + \item \underline{Prevent} event publication \texttt{\bf \large if tlp:red} tag + \begin{itemize} + \item \underline{Send a mail} to \texttt{\scriptsize admin@admin.test} about potential data leak + \end{itemize} + \item \texttt{\bf \large else}, \underline{send a notification} on Mattermost + \end{enumerate} +\end{frame} + +% \section{Considerations when working with workflows} +\begin{frame} + \frametitle{ + \huge + Considerations when working with workflows + \vspace{1em} + } + \textbf{Objective:} Overview of some common pitfalls + \begin{center} + \includegraphics[width=24px]{pictures/radar.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Working with the editor - Operations not allowed} + Execution loop are not authorized + \vspace*{1em} + \begin{columns} + \begin{column}{0.7\textwidth} + \frame{\includegraphics[width=1.0\linewidth]{pictures/editor-not-allowed-1.png}} + \end{column} + \begin{column}{0.3\textwidth} + \frame{\includegraphics[width=1.0\linewidth]{pictures/infinite-loop.jpg}} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Recursive workflows} + \frame{\includegraphics[width=1.0\linewidth]{pictures/recursive-workflow.png}} + \danger Recursion: If an action re-run the workflow +\end{frame} + +\begin{frame} + \frametitle{Working with the editor - Operations not allowed} + Multiple connections from the same output + \vspace*{1em} + \begin{columns} + \begin{column}{0.7\textwidth} + \frame{\includegraphics[width=1.0\linewidth]{pictures/editor-not-allowed-2.png}} + \end{column} + \begin{column}{0.3\textwidth} + \frame{\includegraphics[width=1.0\linewidth]{pictures/two-paths.jpeg}} + \end{column} + \end{columns} + \begin{itemize} + \item Execution order not guaranted + \item Confusing for users + \end{itemize} +\end{frame} + + +% \section{Advanced usage} +\begin{frame} + \frametitle{ + \huge + Advanced usage + \vspace{1em} + } + \textbf{Objective:} Overview of Blueprints, Data format and Filtering +\end{frame} + +\begin{frame} + \frametitle{Workflow blueprints} + \begin{enumerate} + \item Blueprints allow to \textbf{re-use parts} of a workflow in another one + \item Blueprints can be saved, exported and \textbf{shared} + \end{enumerate} + \begin{center} + \includegraphics[width=0.5\linewidth]{pictures/blueprint-debugging.png} + \end{center} + Blueprints sources: \texttt{\scriptsize MISP/misp-workflow-blueprints} repository\footnote{\scriptsize https://github.com/MISP/misp-workflow-blueprints} + \begin{itemize} + \small + \item Block actions if any attributes have the \texttt{PAP:RED} or \texttt{tlp:red} tag + \item Curation pipeline + \item Enrich data from 3rd-party + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Fitlering data on which to apply a module} + What is the outcome of executing this workflow? + \begin{center} + \includegraphics[width=1.0\textwidth]{pictures/remove-ids-1.png} + \end{center} + \pause + \vspace{1em} + All Attributes get their \texttt{to\_ids} turned off.\\ + \vspace{1em} + How could we force that action only on Attribute of type \texttt{comment}? + \begin{center} + $\rightarrow$ Hash path filtering! + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Fitlering data on which to apply a module} + \begin{center} + \includegraphics[width=0.5\textwidth]{pictures/remove-ids-3.png} + \end{center} + \begin{center} + \includegraphics[width=0.9\textwidth]{pictures/remove-ids-2.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Fitlering data on which to apply a module} + \begin{center} + \includegraphics[width=0.5\textwidth]{pictures/remove-ids-3.png} + \end{center} + \begin{center} + \includegraphics[width=0.9\textwidth]{pictures/remove-ids-2-details.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Fitlering data on which to apply on multiple modules} + New feature as of \textbf{v2.4.171} allows setting filters on a path. + \begin{center} + \includegraphics[width=1.0\textwidth]{pictures/remove-ids-generic.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Should I migrate to MISP Workflows} + I have automation in place using the API/ZMQ. Should I move to Workflows? + \vspace{1em} + \begin{itemize} + \item I have a curation pipeline using the API, should I port it to workflows? + \begin{itemize} + \item \textbf{No} in general, but WF can be used to start the curation process or perform simple pre-processing + \end{itemize} + \item What if I want to \textbf{block} some actions + \begin{itemize} + \item Put the blocking logic in the WF, keep the remaining outside + \end{itemize} + \item Bottom line is \textbf{Keep it simple} for you to maintain + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Future works} + \begin{columns} + \begin{column}{0.55\textwidth} + \begin{itemize} + \item More \includegraphics[width=12px]{pictures/sc-action-icon.png} modules + \item More \includegraphics[width=12px]{pictures/sc-condition-icon.png} modules + \item More \includegraphics[width=12px]{pictures/sc-event-icon.png} triggers + \item Recursion prevention system + \end{itemize} + \end{column} + \begin{column}{0.45\textwidth} + \includegraphics[width=1.0\linewidth]{pictures/future-works.jpeg} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Final words} + \begin{columns} + \begin{column}{0.6\textwidth} + \begin{itemize} + \item Designed to \textbf{quickly} and \textbf{cheaply} integrate MISP in CTI pipelines + \item \underline{\textbf{Beta}} Feature unlikely to change. But still.. + \item Waiting for feedback! + \begin{itemize} + \item New triggers? + \item New modules? + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.4\textwidth} + \includegraphics[width=1.0\linewidth]{pictures/feeling-of-power.jpg} + \end{column} + \end{columns} + \vspace*{0.5em} +\end{frame} + diff --git a/a.12-misp-workflows-short/misp.pdf b/a.12-misp-workflows-short/misp.pdf new file mode 100644 index 0000000..f7a3f9d Binary files /dev/null and b/a.12-misp-workflows-short/misp.pdf differ diff --git a/a.12-misp-workflows-short/pictures/PHP-logo.png b/a.12-misp-workflows-short/pictures/PHP-logo.png new file mode 100644 index 0000000..296dfe2 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/PHP-logo.png differ diff --git a/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-49-39.png b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-49-39.png new file mode 100644 index 0000000..bb4019b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-49-39.png differ diff --git a/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-12.png b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-12.png new file mode 100644 index 0000000..789d8d0 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-12.png differ diff --git a/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-48.png b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-48.png new file mode 100644 index 0000000..daee6e0 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-19 11-50-48.png differ diff --git a/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-28 14-44-03.png b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-28 14-44-03.png new file mode 100644 index 0000000..4bdf837 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/Screenshot from 2023-07-28 14-44-03.png differ diff --git a/a.12-misp-workflows-short/pictures/action-module-index.png b/a.12-misp-workflows-short/pictures/action-module-index.png new file mode 100644 index 0000000..faa5397 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/action-module-index.png differ diff --git a/a.12-misp-workflows-short/pictures/action-module.png b/a.12-misp-workflows-short/pictures/action-module.png new file mode 100644 index 0000000..6b622e8 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/action-module.png differ diff --git a/a.12-misp-workflows-short/pictures/attribute-json.png b/a.12-misp-workflows-short/pictures/attribute-json.png new file mode 100644 index 0000000..4ad2065 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/attribute-json.png differ diff --git a/a.12-misp-workflows-short/pictures/automation.png b/a.12-misp-workflows-short/pictures/automation.png new file mode 100644 index 0000000..d628e0f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/automation.png differ diff --git a/a.12-misp-workflows-short/pictures/belgian-joke.jpeg b/a.12-misp-workflows-short/pictures/belgian-joke.jpeg new file mode 100644 index 0000000..6deff1b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/belgian-joke.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/belgian-joke2.jpeg b/a.12-misp-workflows-short/pictures/belgian-joke2.jpeg new file mode 100644 index 0000000..c41fb16 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/belgian-joke2.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/blocking-module.png b/a.12-misp-workflows-short/pictures/blocking-module.png new file mode 100644 index 0000000..f8a817d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/blocking-module.png differ diff --git a/a.12-misp-workflows-short/pictures/blocking-workflow.png b/a.12-misp-workflows-short/pictures/blocking-workflow.png new file mode 100644 index 0000000..145cc12 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/blocking-workflow.png differ diff --git a/a.12-misp-workflows-short/pictures/blueprint-1.png b/a.12-misp-workflows-short/pictures/blueprint-1.png new file mode 100644 index 0000000..1e3acbf Binary files /dev/null and b/a.12-misp-workflows-short/pictures/blueprint-1.png differ diff --git a/a.12-misp-workflows-short/pictures/blueprint-32.png b/a.12-misp-workflows-short/pictures/blueprint-32.png new file mode 100644 index 0000000..8d1d4c6 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/blueprint-32.png differ diff --git a/a.12-misp-workflows-short/pictures/blueprint-debugging.png b/a.12-misp-workflows-short/pictures/blueprint-debugging.png new file mode 100644 index 0000000..c2974e7 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/blueprint-debugging.png differ diff --git a/a.12-misp-workflows-short/pictures/build-icon.png b/a.12-misp-workflows-short/pictures/build-icon.png new file mode 100644 index 0000000..e58d99c Binary files /dev/null and b/a.12-misp-workflows-short/pictures/build-icon.png differ diff --git a/a.12-misp-workflows-short/pictures/circl.png b/a.12-misp-workflows-short/pictures/circl.png new file mode 100644 index 0000000..c570ff2 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/circl.png differ diff --git a/a.12-misp-workflows-short/pictures/craft.jpg b/a.12-misp-workflows-short/pictures/craft.jpg new file mode 100644 index 0000000..dddafd7 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/craft.jpg differ diff --git a/a.12-misp-workflows-short/pictures/ctis.png b/a.12-misp-workflows-short/pictures/ctis.png new file mode 100644 index 0000000..aef68a5 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/ctis.png differ diff --git a/a.12-misp-workflows-short/pictures/custom-1.png b/a.12-misp-workflows-short/pictures/custom-1.png new file mode 100644 index 0000000..afadf8e Binary files /dev/null and b/a.12-misp-workflows-short/pictures/custom-1.png differ diff --git a/a.12-misp-workflows-short/pictures/custom-2.png b/a.12-misp-workflows-short/pictures/custom-2.png new file mode 100644 index 0000000..0dad53f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/custom-2.png differ diff --git a/a.12-misp-workflows-short/pictures/debug-mode.png b/a.12-misp-workflows-short/pictures/debug-mode.png new file mode 100644 index 0000000..ba7688d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/debug-mode.png differ diff --git a/a.12-misp-workflows-short/pictures/demo-wf1.png b/a.12-misp-workflows-short/pictures/demo-wf1.png new file mode 100644 index 0000000..02846ad Binary files /dev/null and b/a.12-misp-workflows-short/pictures/demo-wf1.png differ diff --git a/a.12-misp-workflows-short/pictures/demo-wf2.png b/a.12-misp-workflows-short/pictures/demo-wf2.png new file mode 100644 index 0000000..9ea313a Binary files /dev/null and b/a.12-misp-workflows-short/pictures/demo-wf2.png differ diff --git a/a.12-misp-workflows-short/pictures/editor-1.png b/a.12-misp-workflows-short/pictures/editor-1.png new file mode 100644 index 0000000..c8c3edf Binary files /dev/null and b/a.12-misp-workflows-short/pictures/editor-1.png differ diff --git a/a.12-misp-workflows-short/pictures/editor-not-allowed-1.png b/a.12-misp-workflows-short/pictures/editor-not-allowed-1.png new file mode 100644 index 0000000..d4dc939 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/editor-not-allowed-1.png differ diff --git a/a.12-misp-workflows-short/pictures/editor-not-allowed-2.png b/a.12-misp-workflows-short/pictures/editor-not-allowed-2.png new file mode 100644 index 0000000..538bb3f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/editor-not-allowed-2.png differ diff --git a/a.12-misp-workflows-short/pictures/editor-warning-1.png b/a.12-misp-workflows-short/pictures/editor-warning-1.png new file mode 100644 index 0000000..8370f96 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/editor-warning-1.png differ diff --git a/a.12-misp-workflows-short/pictures/enough-debugging.jpg b/a.12-misp-workflows-short/pictures/enough-debugging.jpg new file mode 100644 index 0000000..f17c14c Binary files /dev/null and b/a.12-misp-workflows-short/pictures/enough-debugging.jpg differ diff --git a/a.12-misp-workflows-short/pictures/event-condition-action.png b/a.12-misp-workflows-short/pictures/event-condition-action.png new file mode 100644 index 0000000..0ee3afe Binary files /dev/null and b/a.12-misp-workflows-short/pictures/event-condition-action.png differ diff --git a/a.12-misp-workflows-short/pictures/example-1a.png b/a.12-misp-workflows-short/pictures/example-1a.png new file mode 100644 index 0000000..e4df2d5 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/example-1a.png differ diff --git a/a.12-misp-workflows-short/pictures/example-2a.png b/a.12-misp-workflows-short/pictures/example-2a.png new file mode 100644 index 0000000..ce103af Binary files /dev/null and b/a.12-misp-workflows-short/pictures/example-2a.png differ diff --git a/a.12-misp-workflows-short/pictures/feeling-of-power.jpg b/a.12-misp-workflows-short/pictures/feeling-of-power.jpg new file mode 100644 index 0000000..b84c299 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/feeling-of-power.jpg differ diff --git a/a.12-misp-workflows-short/pictures/filtering-modules.png b/a.12-misp-workflows-short/pictures/filtering-modules.png new file mode 100644 index 0000000..9ca53e3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/filtering-modules.png differ diff --git a/a.12-misp-workflows-short/pictures/first-cti.png b/a.12-misp-workflows-short/pictures/first-cti.png new file mode 100644 index 0000000..5d8fec1 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/first-cti.png differ diff --git a/a.12-misp-workflows-short/pictures/firstcon23-speaker-banner-hr.jpg b/a.12-misp-workflows-short/pictures/firstcon23-speaker-banner-hr.jpg new file mode 100644 index 0000000..dcee3a3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/firstcon23-speaker-banner-hr.jpg differ diff --git a/a.12-misp-workflows-short/pictures/fundation.png b/a.12-misp-workflows-short/pictures/fundation.png new file mode 100644 index 0000000..b6c51ae Binary files /dev/null and b/a.12-misp-workflows-short/pictures/fundation.png differ diff --git a/a.12-misp-workflows-short/pictures/future-works.jpeg b/a.12-misp-workflows-short/pictures/future-works.jpeg new file mode 100644 index 0000000..874805d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/future-works.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/geekweek75.jpg b/a.12-misp-workflows-short/pictures/geekweek75.jpg new file mode 100644 index 0000000..799e121 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/geekweek75.jpg differ diff --git a/a.12-misp-workflows-short/pictures/getting-started.png b/a.12-misp-workflows-short/pictures/getting-started.png new file mode 100644 index 0000000..a15f01f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/getting-started.png differ diff --git a/a.12-misp-workflows-short/pictures/hash-path-diagram.odp b/a.12-misp-workflows-short/pictures/hash-path-diagram.odp new file mode 100644 index 0000000..7b1bfaa Binary files /dev/null and b/a.12-misp-workflows-short/pictures/hash-path-diagram.odp differ diff --git a/a.12-misp-workflows-short/pictures/infinite-loop.jpg b/a.12-misp-workflows-short/pictures/infinite-loop.jpg new file mode 100644 index 0000000..a45fff7 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/infinite-loop.jpg differ diff --git a/a.12-misp-workflows-short/pictures/log-entry-publish-blocked.png b/a.12-misp-workflows-short/pictures/log-entry-publish-blocked.png new file mode 100644 index 0000000..9ccb098 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/log-entry-publish-blocked.png differ diff --git a/a.12-misp-workflows-short/pictures/log-entry-publish-success.png b/a.12-misp-workflows-short/pictures/log-entry-publish-success.png new file mode 100644 index 0000000..2a26119 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/log-entry-publish-success.png differ diff --git a/a.12-misp-workflows-short/pictures/logic-module-index.png b/a.12-misp-workflows-short/pictures/logic-module-index.png new file mode 100644 index 0000000..c6fe0b3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/logic-module-index.png differ diff --git a/a.12-misp-workflows-short/pictures/logic-module.png b/a.12-misp-workflows-short/pictures/logic-module.png new file mode 100644 index 0000000..6a48ce6 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/logic-module.png differ diff --git a/a.12-misp-workflows-short/pictures/misp-module-icon.png b/a.12-misp-workflows-short/pictures/misp-module-icon.png new file mode 100644 index 0000000..6fa189b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/misp-module-icon.png differ diff --git a/a.12-misp-workflows-short/pictures/module-buffet.png b/a.12-misp-workflows-short/pictures/module-buffet.png new file mode 100644 index 0000000..8a4a676 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/module-buffet.png differ diff --git a/a.12-misp-workflows-short/pictures/module-concurrent.png b/a.12-misp-workflows-short/pictures/module-concurrent.png new file mode 100644 index 0000000..ba994b4 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/module-concurrent.png differ diff --git a/a.12-misp-workflows-short/pictures/module-filtering.png b/a.12-misp-workflows-short/pictures/module-filtering.png new file mode 100644 index 0000000..876d5ad Binary files /dev/null and b/a.12-misp-workflows-short/pictures/module-filtering.png differ diff --git a/a.12-misp-workflows-short/pictures/module-if-generic.png b/a.12-misp-workflows-short/pictures/module-if-generic.png new file mode 100644 index 0000000..4068aa3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/module-if-generic.png differ diff --git a/a.12-misp-workflows-short/pictures/module-type.png b/a.12-misp-workflows-short/pictures/module-type.png new file mode 100644 index 0000000..d869b9d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/module-type.png differ diff --git a/a.12-misp-workflows-short/pictures/no-slides-if-demo.jpg b/a.12-misp-workflows-short/pictures/no-slides-if-demo.jpg new file mode 100644 index 0000000..aeb155d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/no-slides-if-demo.jpg differ diff --git a/a.12-misp-workflows-short/pictures/no-slides-if-demo2.jpg b/a.12-misp-workflows-short/pictures/no-slides-if-demo2.jpg new file mode 100644 index 0000000..38bf7f1 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/no-slides-if-demo2.jpg differ diff --git a/a.12-misp-workflows-short/pictures/no-slides-if-demo3.jpg b/a.12-misp-workflows-short/pictures/no-slides-if-demo3.jpg new file mode 100644 index 0000000..61d2a2b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/no-slides-if-demo3.jpg differ diff --git a/a.12-misp-workflows-short/pictures/node-filtering.png b/a.12-misp-workflows-short/pictures/node-filtering.png new file mode 100644 index 0000000..1878ee9 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/node-filtering.png differ diff --git a/a.12-misp-workflows-short/pictures/node-generic-filter.png b/a.12-misp-workflows-short/pictures/node-generic-filter.png new file mode 100644 index 0000000..b41a358 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/node-generic-filter.png differ diff --git a/a.12-misp-workflows-short/pictures/non-blocking-workflow.png b/a.12-misp-workflows-short/pictures/non-blocking-workflow.png new file mode 100644 index 0000000..4ae1495 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/non-blocking-workflow.png differ diff --git a/a.12-misp-workflows-short/pictures/overview.png b/a.12-misp-workflows-short/pictures/overview.png new file mode 100644 index 0000000..0a5a3d3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/overview.png differ diff --git a/a.12-misp-workflows-short/pictures/php-joke.jpg b/a.12-misp-workflows-short/pictures/php-joke.jpg new file mode 100644 index 0000000..0abc16d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/php-joke.jpg differ diff --git a/a.12-misp-workflows-short/pictures/psyduck.jpeg b/a.12-misp-workflows-short/pictures/psyduck.jpeg new file mode 100644 index 0000000..8e54f30 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/psyduck.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/python-joke.png b/a.12-misp-workflows-short/pictures/python-joke.png new file mode 100644 index 0000000..0ce5189 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/python-joke.png differ diff --git a/a.12-misp-workflows-short/pictures/python-logo.png b/a.12-misp-workflows-short/pictures/python-logo.png new file mode 100644 index 0000000..2416f26 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/python-logo.png differ diff --git a/a.12-misp-workflows-short/pictures/radar.png b/a.12-misp-workflows-short/pictures/radar.png new file mode 100644 index 0000000..bbd632b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/radar.png differ diff --git a/a.12-misp-workflows-short/pictures/recursive-workflow.png b/a.12-misp-workflows-short/pictures/recursive-workflow.png new file mode 100644 index 0000000..c56eb72 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/recursive-workflow.png differ diff --git a/a.12-misp-workflows-short/pictures/remove-ids-1.png b/a.12-misp-workflows-short/pictures/remove-ids-1.png new file mode 100644 index 0000000..8e75af2 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/remove-ids-1.png differ diff --git a/a.12-misp-workflows-short/pictures/remove-ids-2-details.png b/a.12-misp-workflows-short/pictures/remove-ids-2-details.png new file mode 100644 index 0000000..334e567 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/remove-ids-2-details.png differ diff --git a/a.12-misp-workflows-short/pictures/remove-ids-2.png b/a.12-misp-workflows-short/pictures/remove-ids-2.png new file mode 100644 index 0000000..e455e49 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/remove-ids-2.png differ diff --git a/a.12-misp-workflows-short/pictures/remove-ids-3.png b/a.12-misp-workflows-short/pictures/remove-ids-3.png new file mode 100644 index 0000000..e5474a1 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/remove-ids-3.png differ diff --git a/a.12-misp-workflows-short/pictures/remove-ids-generic.png b/a.12-misp-workflows-short/pictures/remove-ids-generic.png new file mode 100644 index 0000000..e9c1933 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/remove-ids-generic.png differ diff --git a/a.12-misp-workflows-short/pictures/request-bin.png b/a.12-misp-workflows-short/pictures/request-bin.png new file mode 100644 index 0000000..ee355fb Binary files /dev/null and b/a.12-misp-workflows-short/pictures/request-bin.png differ diff --git a/a.12-misp-workflows-short/pictures/running-workflows.png b/a.12-misp-workflows-short/pictures/running-workflows.png new file mode 100644 index 0000000..d591c8f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/running-workflows.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-action-icon.png b/a.12-misp-workflows-short/pictures/sc-action-icon.png new file mode 100644 index 0000000..2ac49b8 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-action-icon.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-action.png b/a.12-misp-workflows-short/pictures/sc-action.png new file mode 100644 index 0000000..e8d7a66 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-action.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-condition-icon.png b/a.12-misp-workflows-short/pictures/sc-condition-icon.png new file mode 100644 index 0000000..f447a5d Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-condition-icon.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-condition.png b/a.12-misp-workflows-short/pictures/sc-condition.png new file mode 100644 index 0000000..bb24b90 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-condition.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-event-icon.png b/a.12-misp-workflows-short/pictures/sc-event-icon.png new file mode 100644 index 0000000..d1f70ef Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-event-icon.png differ diff --git a/a.12-misp-workflows-short/pictures/sc-event.png b/a.12-misp-workflows-short/pictures/sc-event.png new file mode 100644 index 0000000..b58c120 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/sc-event.png differ diff --git a/a.12-misp-workflows-short/pictures/settings-1.png b/a.12-misp-workflows-short/pictures/settings-1.png new file mode 100644 index 0000000..290851b Binary files /dev/null and b/a.12-misp-workflows-short/pictures/settings-1.png differ diff --git a/a.12-misp-workflows-short/pictures/settings-2.png b/a.12-misp-workflows-short/pictures/settings-2.png new file mode 100644 index 0000000..712a31a Binary files /dev/null and b/a.12-misp-workflows-short/pictures/settings-2.png differ diff --git a/a.12-misp-workflows-short/pictures/simple-workflow.png b/a.12-misp-workflows-short/pictures/simple-workflow.png new file mode 100644 index 0000000..f494348 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/simple-workflow.png differ diff --git a/a.12-misp-workflows-short/pictures/stateless-execution.png b/a.12-misp-workflows-short/pictures/stateless-execution.png new file mode 100644 index 0000000..fa513b3 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/stateless-execution.png differ diff --git a/a.12-misp-workflows-short/pictures/time-machine.png b/a.12-misp-workflows-short/pictures/time-machine.png new file mode 100644 index 0000000..494153a Binary files /dev/null and b/a.12-misp-workflows-short/pictures/time-machine.png differ diff --git a/a.12-misp-workflows-short/pictures/triggers.png b/a.12-misp-workflows-short/pictures/triggers.png new file mode 100644 index 0000000..1275546 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/triggers.png differ diff --git a/a.12-misp-workflows-short/pictures/two-paths.jpeg b/a.12-misp-workflows-short/pictures/two-paths.jpeg new file mode 100644 index 0000000..93542ca Binary files /dev/null and b/a.12-misp-workflows-short/pictures/two-paths.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/upgrade-people.jpeg b/a.12-misp-workflows-short/pictures/upgrade-people.jpeg new file mode 100644 index 0000000..1e6ddde Binary files /dev/null and b/a.12-misp-workflows-short/pictures/upgrade-people.jpeg differ diff --git a/a.12-misp-workflows-short/pictures/whoami-adulau.png b/a.12-misp-workflows-short/pictures/whoami-adulau.png new file mode 100644 index 0000000..d960fd4 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/whoami-adulau.png differ diff --git a/a.12-misp-workflows-short/pictures/whoami.png b/a.12-misp-workflows-short/pictures/whoami.png new file mode 100644 index 0000000..eba7518 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/whoami.png differ diff --git a/a.12-misp-workflows-short/pictures/whoami2.png b/a.12-misp-workflows-short/pictures/whoami2.png new file mode 100644 index 0000000..46066cd Binary files /dev/null and b/a.12-misp-workflows-short/pictures/whoami2.png differ diff --git a/a.12-misp-workflows-short/pictures/whoarewe.png b/a.12-misp-workflows-short/pictures/whoarewe.png new file mode 100644 index 0000000..a2377fe Binary files /dev/null and b/a.12-misp-workflows-short/pictures/whoarewe.png differ diff --git a/a.12-misp-workflows-short/pictures/workflow-debug.png b/a.12-misp-workflows-short/pictures/workflow-debug.png new file mode 100644 index 0000000..a2a932f Binary files /dev/null and b/a.12-misp-workflows-short/pictures/workflow-debug.png differ diff --git a/a.12-misp-workflows-short/pictures/workflow-experimental.png b/a.12-misp-workflows-short/pictures/workflow-experimental.png new file mode 100644 index 0000000..96e05ec Binary files /dev/null and b/a.12-misp-workflows-short/pictures/workflow-experimental.png differ diff --git a/a.12-misp-workflows-short/pictures/workflow-release.png b/a.12-misp-workflows-short/pictures/workflow-release.png new file mode 100644 index 0000000..1eef024 Binary files /dev/null and b/a.12-misp-workflows-short/pictures/workflow-release.png differ diff --git a/a.12-misp-workflows-short/pictures/workflow-trigger.png b/a.12-misp-workflows-short/pictures/workflow-trigger.png new file mode 100644 index 0000000..9ea7fad Binary files /dev/null and b/a.12-misp-workflows-short/pictures/workflow-trigger.png differ diff --git a/a.12-misp-workflows-short/pictures/zeromq.png b/a.12-misp-workflows-short/pictures/zeromq.png new file mode 100644 index 0000000..970e9fc Binary files /dev/null and b/a.12-misp-workflows-short/pictures/zeromq.png differ diff --git a/a.12-misp-workflows-short/slide.pdf b/a.12-misp-workflows-short/slide.pdf new file mode 100644 index 0000000..5f1dffa Binary files /dev/null and b/a.12-misp-workflows-short/slide.pdf differ diff --git a/a.12-misp-workflows-short/slide.tex b/a.12-misp-workflows-short/slide.tex new file mode 100644 index 0000000..9921f63 --- /dev/null +++ b/a.12-misp-workflows-short/slide.tex @@ -0,0 +1,66 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +% \usepackage{pgfpages} +% \setbeameroption{show notes on second screen=right} +\usepackage[draft]{pdfcomment} +\newcommand{\pdfnote}[1]{\marginnote{\pdfcomment[icon=note]{#1}}} + +\usepackage[utf8]{inputenc} +\usepackage[normalem]{ulem} +\usepackage{tikz} +\usepackage{listings} +\usepackage{fontawesome5} +\usepackage[export]{adjustbox} +\usepackage{fourier} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} + +\lstdefinelanguage{javascript}{ + basicstyle=\scriptsize, + numbers=left, + numberstyle=\scriptsize, + stepnumber=1, + numbersep=5pt, + showstringspaces=false, + breaklines=true, + frame=lines, + keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, + %keywordstyle=\color{blue}\bfseries, + ndkeywords={class, export, boolean, throw, implements, import, this}, + ndkeywordstyle=\color{darkgray}\bfseries, + identifierstyle=\color{black}, + sensitive=false, + comment=[l]{//}, + morecomment=[s]{/*}{*/}, + commentstyle=\color{purple}\ttfamily, + stringstyle=\color{purple}\ttfamily, + morestring=[b]', + morestring=[b]" +} +\lstdefinelanguage{text}{ + basicstyle=\scriptsize, + numbers=left, + numberstyle=\scriptsize, + stepnumber=1, + numbersep=5pt, + showstringspaces=false, + breaklines=true, + frame=lines +} + +\title{Automation with Workflows in MISP} +\subtitle{Short version} +\author{Sami Mokaddem} +\date{} +\titlegraphic{\vspace*{1em}\includegraphics[scale=0.3]{misp.pdf}\\} +\institute{MISP Project \\ \url{https://www.misp-project.org/}} + + +\begin{document} +\include{content} +\end{document} + diff --git a/a.12-misp-workflows-short/slide_handout.tex b/a.12-misp-workflows-short/slide_handout.tex new file mode 100644 index 0000000..8ce0d80 --- /dev/null +++ b/a.12-misp-workflows-short/slide_handout.tex @@ -0,0 +1,68 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +% \usepackage{pgfpages} +% \setbeameroption{show notes on second screen=right} +\usepackage[draft]{pdfcomment} +\newcommand{\pdfnote}[1]{\marginnote{\pdfcomment[icon=note]{#1}}} + +\usepackage{pgfpages} +\setbeameroption{show notes on second screen=right} +\usepackage[utf8]{inputenc} +\usepackage[normalem]{ulem} +\usepackage{tikz} +\usepackage{listings} +\usepackage{fontawesome5} +\usepackage[export]{adjustbox} +\usepackage{fourier} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} + +\lstdefinelanguage{javascript}{ + basicstyle=\scriptsize, + numbers=left, + numberstyle=\scriptsize, + stepnumber=1, + numbersep=5pt, + showstringspaces=false, + breaklines=true, + frame=lines, + keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, + %keywordstyle=\color{blue}\bfseries, + ndkeywords={class, export, boolean, throw, implements, import, this}, + ndkeywordstyle=\color{darkgray}\bfseries, + identifierstyle=\color{black}, + sensitive=false, + comment=[l]{//}, + morecomment=[s]{/*}{*/}, + commentstyle=\color{purple}\ttfamily, + stringstyle=\color{purple}\ttfamily, + morestring=[b]', + morestring=[b]" +} +\lstdefinelanguage{text}{ + basicstyle=\scriptsize, + numbers=left, + numberstyle=\scriptsize, + stepnumber=1, + numbersep=5pt, + showstringspaces=false, + breaklines=true, + frame=lines +} + +\title{Automation in MISP} +\subtitle{Tutorial and Hands-On} +\author{Sami Mokaddem} +\date{} +\titlegraphic{\vspace*{1em}\includegraphics[scale=0.3]{misp.pdf}\\} +\institute{MISP Project \\ \url{https://www.misp-project.org/}} + + +\begin{document} +\include{content} +\end{document} + diff --git a/build.sh b/build.sh index cd5aa83..0f1f6be 100755 --- a/build.sh +++ b/build.sh @@ -1,7 +1,8 @@ #!/bin/bash # -slidedecks=("0-intro-shorter" "0-misp-introduction-to-information-sharing" "1-misp-usage" "1.2-misp-integration" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration" "3-misp-taxonomy-tagging" "3.1-misp-modules" "3.2-misp-galaxy" "3.3-misp-object-template" "6.0-misp-dashboard" "a.0-contributing" "a.1-devintro" "a.2-pymisp" "a.3-misp-feed" "a.4-best-practices" "a.5-decaying-indicators" "a.5-bis-decaying-indicators-light-version" "a.6-forensic" "a.7-rest-API" "b.1-best-practices-in-threat-intelligence" "a.8-dev-hands-on" "a.9-restsearch-dev" "a.10-galaxy-2.0" "a.11-misp-data-model" "a.a-widget-dev" "b.2-turning-data-into-actionable-intelligence" "b.5-turning-data-into-actionable-intelligence-training" "4-misp-standard" "a.b-cli" "a.c-deployment" "a.12-misp-workflows" "a.13-misp-stix") +slidedecks=("0-intro-shorter" "0-misp-introduction-to-information-sharing" "1-misp-usage" "1.2-misp-integration" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration" "3-misp-taxonomy-tagging" "3.1-misp-modules" "3.2-misp-galaxy" "3.3-misp-object-template" "6.0-misp-dashboard" "a.0-contributing" "a.1-devintro" "a.2-pymisp" "a.3-misp-feed" "a.4-best-practices" "a.5-decaying-indicators" "a.5-bis-decaying-indicators-light-version" "a.6-forensic" "a.7-rest-API" "b.1-best-practices-in-threat-intelligence" "a.8-dev-hands-on" "a.9-restsearch-dev" "a.10-galaxy-2.0" "a.11-misp-data-model" "a.a-widget-dev" "b.2-turning-data-into-actionable-intelligence" "b.5-turning-data-into-actionable-intelligence-training" "4-misp-standard" "a.b-cli" "a.c-deployment" "a.12-misp-workflows" "a.12-misp-workflows-short" "a.13-misp-stix" "b.6-automation") +slidedecks=("b.6-automation") mkdir output mkdir output/handout