Merge branch 'master' of github.com:MISP/misp-training into restAPI_notebook

changes-actionable
mokaddem 2019-09-16 09:52:07 +02:00
commit 9a2bc6c763
4 changed files with 36 additions and 8 deletions

View File

@ -413,14 +413,13 @@
\item Similar to expansion modules
\item Input is a file upload or a text paste
\item Output is a list of parsed attributes to be editend and verified by the user
\item System is still new but some modules already exist
\item Some examples
\begin{itemize}
\item Cuckoo JSON import
\item email import
\item OCR module
\item Simple STIX import module
\item Open IoC import
\end{itemize}
\item Many ideas for future modules (OpenIOC import, connector to sandboxes, STIX 2.0, etc)
\end{itemize}
\end{frame}
@ -624,6 +623,33 @@
\end{adjustbox}
\end{frame}
\begin{frame}[fragile]
\frametitle{New expansion \& import modules format}
\begin{itemize}
\item Backward compatible - an additional field to extend the format
\end{itemize}
\begin{adjustbox}{width=\textwidth,height=5cm,keepaspectratio}
\begin{lstlisting}[language=python]
misp_attributes = {'input': [...], 'output': [...],
'format': 'misp_standard'}
\end{lstlisting}
\end{adjustbox}
\begin{itemize}
\item Takes a standard MISP attribute as input
\item Can return MISP attributes, objects \& tags
\item Supports relationships
\item First modules supporting this new export format
\begin{itemize}
\item urlhaus expansion module
\item Joe Sandbox import \& query module
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{New expansion \& import modules view (MISP 2.4.110}
\includegraphics[scale=0.2]{new_format_view.png}
\end{frame}
\begin{frame}[fragile]
\frametitle{Upcoming additions to the module system - General}

Binary file not shown.

After

Width:  |  Height:  |  Size: 221 KiB

View File

@ -140,7 +140,7 @@
\end{frame}
\begin{frame}
\frametitle{What will the the template actually do?}
\frametitle{What will the template actually do?}
\begin{itemize}
\item Templates create a form that can be used to populate an event
\item When using templates, MISP will enforce everything according to the template rules

View File

@ -20,8 +20,10 @@
"metadata": {},
"source": [
"## Important notice\n",
"\n",
"This notebook various usage of the MISP restAPI.\n",
"It should be noted that PyMISP is not required to use the MISP restAPI. We are ising PyMISP only to parse the response and inspect the data.\n",
"\n",
"It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n",
"\n",
"This command:\n",
"```\n",
@ -105,7 +107,7 @@
"relative_path = ''\n",
"\n",
"body = {\n",
" \"info\": \"Event created via the API for the CA training 4\",\n",
" \"info\": \"Event created via the API as an example\",\n",
" \"threat_level_id\": 1,\n",
" \"distribution\": 0\n",
"}\n",
@ -435,7 +437,7 @@
"metadata": {},
"source": [
"## RestSearch\n",
"**Aka: Most powerfull search tool in MISP**"
"**Aka: Most powerful search tool in MISP**"
]
},
{
@ -999,7 +1001,7 @@
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.7.3"
"version": "3.6.8"
}
},
"nbformat": 4,