diff --git a/b.1-best-practices-in-threat-intelligence/content.aux b/b.1-best-practices-in-threat-intelligence/content.aux
index ea78036..affd7c9 100644
--- a/b.1-best-practices-in-threat-intelligence/content.aux
+++ b/b.1-best-practices-in-threat-intelligence/content.aux
@@ -8,14 +8,28 @@
 \@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
 \@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
 \@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
 \@setckpt{content}{
-\setcounter{page}{5}
+\setcounter{page}{12}
 \setcounter{equation}{0}
 \setcounter{enumi}{0}
 \setcounter{enumii}{0}
 \setcounter{enumiii}{0}
 \setcounter{enumiv}{0}
-\setcounter{footnote}{1}
+\setcounter{footnote}{4}
 \setcounter{mpfootnote}{0}
 \setcounter{beamerpauses}{1}
 \setcounter{bookmark@seq@number}{0}
@@ -24,8 +38,8 @@
 \setcounter{section}{0}
 \setcounter{subsection}{0}
 \setcounter{subsubsection}{0}
-\setcounter{subsectionslide}{4}
-\setcounter{framenumber}{3}
+\setcounter{subsectionslide}{11}
+\setcounter{framenumber}{10}
 \setcounter{figure}{0}
 \setcounter{table}{0}
 \setcounter{parentequation}{0}
diff --git a/b.1-best-practices-in-threat-intelligence/content.tex b/b.1-best-practices-in-threat-intelligence/content.tex
index bce22d6..92f9948 100755
--- a/b.1-best-practices-in-threat-intelligence/content.tex
+++ b/b.1-best-practices-in-threat-intelligence/content.tex
@@ -26,6 +26,11 @@
 \end{itemize}
 \end{frame}
 
+\begin{frame}
+        \frametitle{Overall process of collecting and analysing OSINT}
+        \includegraphics[scale=0.17]{OSINT_MISP_almostcomplete.png}
+\end{frame}
+
 \begin{frame}
 \frametitle{Meta information and contextualisation 1/2}
 \begin{itemize}
@@ -59,9 +64,10 @@
 \end{frame}
 
 \begin{frame}
-        \frametitle{How to select the right object?}
-
+       \frametitle{How to select the right object?}
 
+        There are more than 150 MISP objects\footnote{\url{https://www.misp-project.org/objects.html}} templates.\\
+      As an example, at CIRCL, we regularly use the following object templates {\it file}, {\it microblog}, {\it domain-ip}, {\it ip-port}, {\it coin-address}, {\it virustotal-report}, {\it paste}, {\it person}, {\it ail-leak}, {\it pe}, {\it pe-section}, {\it registry-key}.\\
 \end{frame}
 
 \begin{frame}
@@ -94,3 +100,13 @@ and keep an history.\\
 \end{columns}
 \end{frame}
 
+\begin{frame}
+        \frametitle{References}
+        \begin{itemize}
+        \item Graphical overview of OSINT collection using MISP \url{https://github.com/adulau/misp-osint-collection}
+        \item MISP objects documentation \url{https://www.misp-project.org/objects.html}
+        \item MISP taxonomies documentation \url{https://www.misp-project.org/taxonomies.html}
+        \item MISP galaxy documentation \url{https://www.misp-project.org/galaxy.html}
+        \end{itemize}
+\end{frame}
+
diff --git a/b.1-best-practices-in-threat-intelligence/slide.aux b/b.1-best-practices-in-threat-intelligence/slide.aux
index 0641355..a51db02 100644
--- a/b.1-best-practices-in-threat-intelligence/slide.aux
+++ b/b.1-best-practices-in-threat-intelligence/slide.aux
@@ -19,8 +19,8 @@
 \providecommand\HyField@AuxAddToCoFields[2]{}
 \@input{content.aux}
 \pgfsyspdfmark {pgfid1}{1398509}{16636717}
-\@writefile{nav}{\headcommand {\beamer@partpages {1}{4}}}
-\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{4}}}
-\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{4}}}
-\@writefile{nav}{\headcommand {\beamer@documentpages {4}}}
-\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {3}}}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}
diff --git a/b.1-best-practices-in-threat-intelligence/slide.log b/b.1-best-practices-in-threat-intelligence/slide.log
index 8bb43b3..0771ed2 100644
--- a/b.1-best-practices-in-threat-intelligence/slide.log
+++ b/b.1-best-practices-in-threat-intelligence/slide.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13)  24 SEP 2019 21:36
+This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13)  25 SEP 2019 09:47
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -1639,19 +1639,61 @@ LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/sc' will be
 ] [3
 
 ]
-<emotet.png, id=52, 596.2275pt x 901.3675pt>
+<OSINT_MISP_almostcomplete.png, id=52, 1698.345pt x 1403.12206pt>
+File: OSINT_MISP_almostcomplete.png Graphic file (type png)
+<use OSINT_MISP_almostcomplete.png>
+Package pdftex.def Info: OSINT_MISP_almostcomplete.png  used on input line 32.
+(pdftex.def)             Requested size: 288.71483pt x 238.52759pt.
+
+Underfull \hbox (badness 1286) in paragraph at lines 32--32
+ []|\T1/FiraSans-OsF/m/sc/14.4 Overall pro-cess of col-lect-ing and analysing 
+ []
+
+
+Overfull \vbox (33.07137pt too high) detected at line 32
+ []
+
+[4
+
+ <./OSINT_MISP_almostcomplete.png>] [5
+
+] [6
+
+]
+LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/n' will be
+(Font)              scaled to size 7.0pt on input line 64.
+LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/it' will be
+(Font)              scaled to size 10.0pt on input line 64.
+LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/it' will be
+(Font)              scaled to size 7.0pt on input line 64.
+ [7
+
+] [8
+
+]
+<emotet.png, id=86, 596.2275pt x 901.3675pt>
 File: emotet.png Graphic file (type png)
 <use emotet.png>
-Package pdftex.def Info: emotet.png  used on input line 41.
+Package pdftex.def Info: emotet.png  used on input line 85.
 (pdftex.def)             Requested size: 89.43027pt x 135.19928pt.
-<microblog.png, id=54, 705.63625pt x 254.9525pt>
+<microblog.png, id=87, 705.63625pt x 254.9525pt>
 File: microblog.png Graphic file (type png)
 <use microblog.png>
-Package pdftex.def Info: microblog.png  used on input line 41.
+Package pdftex.def Info: microblog.png  used on input line 85.
 (pdftex.def)             Requested size: 105.84087pt x 38.24121pt.
- [4
+ [9
 
- <./emotet.png> <./microblog.png>])
+ <./emotet.png> <./microblog.png>]
+<fileobject.png, id=95, 589.20125pt x 320.19624pt>
+File: fileobject.png Graphic file (type png)
+<use fileobject.png>
+Package pdftex.def Info: fileobject.png  used on input line 101.
+(pdftex.def)             Requested size: 147.29994pt x 80.04886pt.
+ [10
+
+ <./fileobject.png>] [11
+
+])
 \tf@nav=\write5
 \openout5 = `slide.nav'.
 
@@ -1663,17 +1705,16 @@ Package pdftex.def Info: microblog.png  used on input line 41.
 
 Package atveryend Info: Empty hook `BeforeClearDocument' on input line 25.
 Package atveryend Info: Empty hook `AfterLastShipout' on input line 25.
- (./slide.aux
-(./content.aux))
+ (./slide.aux (./content.aux))
 Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 25.
 Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 25.
  ) 
 Here is how much of TeX's memory you used:
- 25580 strings out of 492982
- 511286 string characters out of 6134895
- 594279 words of memory out of 5000000
- 28531 multiletter control sequences out of 15000+600000
- 249274 words of font info for 72 fonts, out of 8000000 for 9000
+ 25667 strings out of 492982
+ 513004 string characters out of 6134895
+ 594282 words of memory out of 5000000
+ 28602 multiletter control sequences out of 15000+600000
+ 294436 words of font info for 82 fonts, out of 8000000 for 9000
  1141 hyphenation exceptions out of 8191
  71i,16n,83p,803b,830s stack positions out of 5000i,500n,10000p,200000b,80000s
 {/usr/share/texlive/texmf-dist/fonts/enc/dvips/fira/fir_7gpamp.enc}{/usr/shar
@@ -1682,11 +1723,12 @@ xmf-dist/fonts/enc/dvips/fira/fir_xbqiro.enc}</usr/share/texlive/texmf-dist/fon
 ts/type1/public/fira/FiraMono-Regular.pfb></usr/share/texlive/texmf-dist/fonts/
 type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-dist/fonts/type1/
 public/fira/FiraSans-Italic.pfb></usr/share/texlive/texmf-dist/fonts/type1/publ
-ic/fira/FiraSans-Regular.pfb>
-Output written on slide.pdf (4 pages, 498506 bytes).
+ic/fira/FiraSans-Regular.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/
+amsfonts/symbols/msam10.pfb>
+Output written on slide.pdf (11 pages, 1796009 bytes).
 PDF statistics:
- 85 PDF objects out of 1000 (max. 8388607)
- 59 compressed objects within 1 object stream
- 9 named destinations out of 1000 (max. 500000)
- 58 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 141 PDF objects out of 1000 (max. 8388607)
+ 102 compressed objects within 2 object streams
+ 23 named destinations out of 1000 (max. 500000)
+ 68 words of extra memory for PDF output out of 10000 (max. 10000000)
 
diff --git a/b.1-best-practices-in-threat-intelligence/slide.nav b/b.1-best-practices-in-threat-intelligence/slide.nav
index f761671..fb73761 100644
--- a/b.1-best-practices-in-threat-intelligence/slide.nav
+++ b/b.1-best-practices-in-threat-intelligence/slide.nav
@@ -6,8 +6,22 @@
 \headcommand {\beamer@framepages {3}{3}}
 \headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
 \headcommand {\beamer@framepages {4}{4}}
-\headcommand {\beamer@partpages {1}{4}}
-\headcommand {\beamer@subsectionpages {1}{4}}
-\headcommand {\beamer@sectionpages {1}{4}}
-\headcommand {\beamer@documentpages {4}}
-\headcommand {\gdef \inserttotalframenumber {3}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
+\headcommand {\beamer@framepages {7}{7}}
+\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
+\headcommand {\beamer@framepages {8}{8}}
+\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
+\headcommand {\beamer@framepages {9}{9}}
+\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
+\headcommand {\beamer@framepages {10}{10}}
+\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
+\headcommand {\beamer@framepages {11}{11}}
+\headcommand {\beamer@partpages {1}{11}}
+\headcommand {\beamer@subsectionpages {1}{11}}
+\headcommand {\beamer@sectionpages {1}{11}}
+\headcommand {\beamer@documentpages {11}}
+\headcommand {\gdef \inserttotalframenumber {10}}
diff --git a/b.1-best-practices-in-threat-intelligence/slide.pdf b/b.1-best-practices-in-threat-intelligence/slide.pdf
index 58d224b..a897011 100644
Binary files a/b.1-best-practices-in-threat-intelligence/slide.pdf and b/b.1-best-practices-in-threat-intelligence/slide.pdf differ