diff --git a/1-misp-usage/content.tex b/1-misp-usage/content.tex new file mode 100644 index 0000000..eb8b3b6 --- /dev/null +++ b/1-misp-usage/content.tex @@ -0,0 +1,245 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\colorlet{punct}{red!60!black} +\definecolor{background}{HTML}{EEEEEE} +\definecolor{delim}{RGB}{20,105,176} +\colorlet{numb}{magenta!60!black} + +\lstdefinelanguage{json}{ + basicstyle=\ttfamily\footnotesize, + numbers=left, + numberstyle=\ttfamily\footnotesize, + stepnumber=1, + numbersep=8pt, + showstringspaces=false, + breaklines=true, + frame=lines, + backgroundcolor=\color{background}, + literate= + *{0}{{{\color{numb}0}}}{1} + {1}{{{\color{numb}1}}}{1} + {2}{{{\color{numb}2}}}{1} + {3}{{{\color{numb}3}}}{1} + {4}{{{\color{numb}4}}}{1} + {5}{{{\color{numb}5}}}{1} + {6}{{{\color{numb}6}}}{1} + {7}{{{\color{numb}7}}}{1} + {8}{{{\color{numb}8}}}{1} + {9}{{{\color{numb}9}}}{1} + {:}{{{\color{punct}{:}}}}{1} + {,}{{{\color{punct}{,}}}}{1} + {\{}{{{\color{delim}{\{}}}}{1} + {\}}{{{\color{delim}{\}}}}}{1} + {[}{{{\color{delim}{[}}}}{1} + {]}{{{\color{delim}{]}}}}{1}, +} + +\begin{frame}[t,plain] +\titlepage +\end{frame} + +\begin{frame} + \frametitle{MISP - VM} + \begin{itemize} + \item Credentials + \begin{itemize} + \item MISP admin: admin@admin.test/admin + \item SSH: misp/Password1234 + \end{itemize} + \item Available at the following location (VirtualBox and VMWare): + \begin{itemize} + \item \url{https://www.circl.lu/misp-images/latest/} + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - General Usage} + Plan for this part of the training + \begin{itemize} + \item Data model + \item Viewing data + \item Creating data + \item Co-operation + \item Distribution + \item Exports + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (MISP's basic building block)} + \includegraphics[scale=0.45]{screenshots/datamodel1.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Attributes, giving meaning to events)} + \includegraphics[scale=0.45]{screenshots/datamodel2.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Correlations on similar attributes)} + \includegraphics[scale=0.45]{screenshots/datamodel3.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Proposals)} + \includegraphics[scale=0.45]{screenshots/datamodel4.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Tags)} + \includegraphics[scale=0.45]{screenshots/datamodel5.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Discussions)} + \includegraphics[scale=0.45]{screenshots/datamodel6.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (Taxonomies and proposal correlations)} + \includegraphics[scale=0.35]{screenshots/datamodel7.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Event (The state of the art MISP datamodel)} + \includegraphics[scale=0.25]{screenshots/datamodel8.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Viewing the Event Index} + \begin{itemize} + \item Event Index + \begin{itemize} + \item Event context + \item Tags + \item Distribution + \item Correlations + \end{itemize} + \item Filters + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Viewing an Event} + \begin{itemize} + \item Event View + \begin{itemize} + \item Event context + \item Attributes + \begin{itemize} + \item Category/type, IDS, Correlations + \end{itemize} + \item Objects + \item Galaxies + \item Proposals + \item Discussions + \end{itemize} + \item Tools to find what you are looking for + \item Correlation graphs + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Creating and populating events in various ways (demo)} + \begin{itemize} + \item The main tools to populate an event + \begin{itemize} + \item Adding attributes / batch add + \item Adding objects and how the object templates work + \item Freetext import + \item Import + \item Templates + \item Adding attachments / screenshots + \item API + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Various features while adding data} + \begin{itemize} + \item What happens automatically when adding data? + \begin{itemize} + \item Automatic correlation + \item Input modification via validation and filters (regex) + \item Tagging / Galaxy Clusters + \end{itemize} + \item Various ways to publish data + \begin{itemize} + \item Publish with/without e-mail + \item Publishing via the API + \item Delegation + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Using the data} + \begin{itemize} + \item Correlation graphs + \item Downloading the data in various formats + \item Cached exports + \item API (explained later) + \item Collaborating with users (proposals, discussions, emails) + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Sync explained (if no admin training)} + \begin{itemize} + \item Sync connections + \item Pull/push model + \item Previewing instances + \item Filtering the sync + \item Connection test tool + \item Cherry pick mode + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Feeds explained (if no admin training)} + \begin{itemize} + \item Feed types (MISP, Freetext, CSV) + \item Adding/editing feeds + \item Previewing feeds + \item Local vs Network feeds + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Distributions explained} + \begin{itemize} + \item Your Organisation Only + \item This Community Only + \item Connected Communities + \item All Communities + \item Sharing Group + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Distribution and Topology} + \includegraphics[scale=0.45]{screenshots/sync.png} +\end{frame} + +\begin{frame} + \frametitle{MISP - Exports and API} + \begin{itemize} + \item Download an event + \item Quick glance at the APIs + \item Download search results + \item Cached exports + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP - Shorthand admin (if no admin training)} + \begin{itemize} + \item Settings + \item Troubleshooting + \item Workers + \item Logs + \end{itemize} +\end{frame} diff --git a/1-misp-usage/logo-circl.pdf b/1-misp-usage/logo-circl.pdf new file mode 100644 index 0000000..62c9239 Binary files /dev/null and b/1-misp-usage/logo-circl.pdf differ diff --git a/1-misp-usage/misplogo.pdf b/1-misp-usage/misplogo.pdf new file mode 100644 index 0000000..60da568 Binary files /dev/null and b/1-misp-usage/misplogo.pdf differ diff --git a/1-misp-usage/screenshots/datamodel1.png b/1-misp-usage/screenshots/datamodel1.png new file mode 100644 index 0000000..7a31661 Binary files /dev/null and b/1-misp-usage/screenshots/datamodel1.png differ diff --git a/1-misp-usage/screenshots/datamodel2.png b/1-misp-usage/screenshots/datamodel2.png new file mode 100644 index 0000000..5018708 Binary files /dev/null and b/1-misp-usage/screenshots/datamodel2.png differ diff --git a/1-misp-usage/screenshots/datamodel3.png b/1-misp-usage/screenshots/datamodel3.png new file mode 100644 index 0000000..89d97fa Binary files /dev/null and b/1-misp-usage/screenshots/datamodel3.png differ diff --git a/1-misp-usage/screenshots/datamodel4.png b/1-misp-usage/screenshots/datamodel4.png new file mode 100644 index 0000000..45d759b Binary files /dev/null and b/1-misp-usage/screenshots/datamodel4.png differ diff --git a/1-misp-usage/screenshots/datamodel5.png b/1-misp-usage/screenshots/datamodel5.png new file mode 100644 index 0000000..9a9ae5e Binary files /dev/null and b/1-misp-usage/screenshots/datamodel5.png differ diff --git a/1-misp-usage/screenshots/datamodel6.png b/1-misp-usage/screenshots/datamodel6.png new file mode 100644 index 0000000..da8dc58 Binary files /dev/null and b/1-misp-usage/screenshots/datamodel6.png differ diff --git a/1-misp-usage/screenshots/datamodel7.png b/1-misp-usage/screenshots/datamodel7.png new file mode 100644 index 0000000..c0b6a7f Binary files /dev/null and b/1-misp-usage/screenshots/datamodel7.png differ diff --git a/1-misp-usage/screenshots/datamodel8.png b/1-misp-usage/screenshots/datamodel8.png new file mode 100644 index 0000000..40525ce Binary files /dev/null and b/1-misp-usage/screenshots/datamodel8.png differ diff --git a/1-misp-usage/screenshots/sync.png b/1-misp-usage/screenshots/sync.png new file mode 100644 index 0000000..11073e7 Binary files /dev/null and b/1-misp-usage/screenshots/sync.png differ diff --git a/1-misp-usage/slide.tex b/1-misp-usage/slide.tex new file mode 100644 index 0000000..6dd6c4a --- /dev/null +++ b/1-misp-usage/slide.tex @@ -0,0 +1,26 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +\usepackage[utf8]{inputenc} +\usepackage{tikz} +\usepackage{listings} +\usepackage{adjustbox} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} +%\usepackage[T1]{fontenc} +%\usepackage[scaled]{beramono} + +\author{\small{\input{../includes/authors.txt}}} + +\title{MISP User Training - General usage of MISP} +\subtitle{MISP - Threat Sharing} +\institute{\href{http://www.misp-project.org/}{http://www.misp-project.org/} \\ Twitter: \emph{\href{https://twitter.com/mispproject}{@MISPProject}}} +\date{\input{../includes/location.txt}} + +\begin{document} +\include{content} +\end{document} + diff --git a/1-misp-usage/sync.png b/1-misp-usage/sync.png new file mode 100644 index 0000000..11073e7 Binary files /dev/null and b/1-misp-usage/sync.png differ diff --git a/build.sh b/build.sh index 894517a..cb8692d 100644 --- a/build.sh +++ b/build.sh @@ -1,7 +1,7 @@ #!/bin/bash # -slidedecks=("0-misp-introduction-to-information-sharing") +slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage") mkdir output export TEXINPUTS=::`pwd`/themes/ echo ${TEXINPUTS} @@ -11,6 +11,7 @@ for slide in ${slidedecks[@]}; do pdflatex slide.tex rm *.aux *.toc *.snm *.log *.out *.nav cp slide.pdf ../output/${slide}.pdf + rm slide.pdf cd .. done