MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [event:hacklu2023-workflows] Small improvements

pull/24/head
Sami Mokaddem 2023-10-19 13:47:18 +02:00
parent 870f5328cc
commit 3ecadc08d6
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
events/hacklu-2023-misp-workflows/content.tex
View File

@ -606,9 +606,10 @@ jq '.[] | select(.meta."module-type"[] | contains("action")) |
\end{center}
\pause
\vspace{1em}
All Attributes get their \texttt{to\_ids} turned off.\\
\underline{\bf All Attributes} get their \texttt{to\_ids} turned off.\\
\vspace{1em}
How could we force that action only on Attribute of type \texttt{comment}?
{\Large \faIcon{question-circle}} How could we force that action, only on Attribute of type \texttt{comment}?
\pause
\begin{center}
$\rightarrow$ Hash path filtering!
\end{center}
@ -616,7 +617,7 @@ jq '.[] | select(.meta."module-type"[] | contains("action")) |
\begin{frame}[fragile]
\frametitle{Hash path filtering}
Hash path filtering can be used to \textbf{filter} data \textbf{on the node} it is passed to or on the \textbf{execution path}.
Hash path filtering can be used to \textbf{filter} data \textbf{on a node} or on the \textbf{execution path}.
\begin{center}
\includegraphics[width=0.58\linewidth]{pictures/node-filtering.png}
\includegraphics[width=0.4\linewidth]{pictures/node-generic-filter.png}

BIN
events/hacklu-2023-misp-workflows/slide.pdf
View File

Binary file not shown.