diff --git a/x.17-eu-attack-community/content.tex b/x.17-eu-attack-community/content.tex index 3ce45cf..8c357d3 100644 --- a/x.17-eu-attack-community/content.tex +++ b/x.17-eu-attack-community/content.tex @@ -31,7 +31,8 @@ \begin{itemize} \item Seeing the success of the ATT\&CK framework in MISP gave rise to a host of matrix-based models: \begin{itemize} - \item Inflation? We don’t think so. There are {\bf different models} because there are many {\bf different use cases to be represented}. + \item Inflation? We don’t think so. + \item There are {\bf different models} because there are many {\bf different use cases to be represented}. \item We found this to be good as long as those models are maintained. \end{itemize} \end{itemize} @@ -40,7 +41,7 @@ \begin{frame} \frametitle{MISP galaxies over time} \begin{center} - \includegraphics[scale=0.13]{./screenshots/timeline.png} + \includegraphics[scale=0.16]{./screenshots/timeline.png} \end{center} \end{frame} @@ -77,8 +78,12 @@ \begin{itemize} \item Interaction with the framework owner. \end{itemize} - \item Create the conversion script. + \item Create the conversion script, or do by hand. \end{itemize} + \begin{center} + \includegraphics[scale=0.3]{./screenshots/uuid-extraction.png} + \includegraphics[scale=0.3]{./screenshots/uuid-generation.png} + \end{center} \end{frame} \begin{frame} @@ -94,8 +99,8 @@ \item Create specific tooling to help or partially automate the creation of relations. \end{itemize} \begin{center} - \includegraphics[scale=0.2]{./screenshots/rel-gen-example.png} - \includegraphics[scale=0.2]{./screenshots/rel-gen-help.png} + \includegraphics[scale=0.35]{./screenshots/rel-gen-example.png} + % \includegraphics[scale=0.3]{./screenshots/rel-technique-re-search.png} \end{center} \end{frame} @@ -112,6 +117,9 @@ \item Conversion script breaks. \item Keeping contributed relationships. \end{itemize} + \begin{center} + \includegraphics[scale=0.3]{./screenshots/new-uuids-everywhere.png} + \end{center} \end{frame} \begin{frame} @@ -152,11 +160,11 @@ \begin{frame} \frametitle{10 Golden Rules for Framework Creators (Community)} \begin{itemize} - \item 1. Publish and communicate. - \item 2. Update regularly. - \item 3. Encourage third-party contributions. - \item 4. Expand existing frameworks. - \item 5. Collaborate with other framework creators. + \item 6. Publish and communicate. + \item 7. Update regularly. + \item 8. Encourage third-party contributions. + \item 9. Expand existing frameworks. + \item 10. Collaborate with other framework creators. \end{itemize} \end{frame} @@ -165,7 +173,7 @@ \frametitle{Get in touch if you have any questions} \begin{itemize} \item MISP galaxy website \url{https://www.misp-galaxy.org/} - \item Contact MISPProject + \item Contact MISPProject \begin{itemize} \item \url{https://github.com/MISP} \item \url{https://gitter.im/MISP/MISP} diff --git a/x.17-eu-attack-community/screenshots/new-uuids-everywhere.png b/x.17-eu-attack-community/screenshots/new-uuids-everywhere.png index b342367..b8e2b23 100644 Binary files a/x.17-eu-attack-community/screenshots/new-uuids-everywhere.png and b/x.17-eu-attack-community/screenshots/new-uuids-everywhere.png differ diff --git a/x.17-eu-attack-community/screenshots/timeline.png b/x.17-eu-attack-community/screenshots/timeline.png index 7dc5abd..2f7a870 100644 Binary files a/x.17-eu-attack-community/screenshots/timeline.png and b/x.17-eu-attack-community/screenshots/timeline.png differ