diff --git a/3.1-misp-modules/content.tex b/3.1-misp-modules/content.tex index 494495d..7e694d0 100644 --- a/3.1-misp-modules/content.tex +++ b/3.1-misp-modules/content.tex @@ -413,14 +413,13 @@ \item Similar to expansion modules \item Input is a file upload or a text paste \item Output is a list of parsed attributes to be editend and verified by the user - \item System is still new but some modules already exist + \item Some examples \begin{itemize} \item Cuckoo JSON import \item email import \item OCR module - \item Simple STIX import module + \item Open IoC import \end{itemize} - \item Many ideas for future modules (OpenIOC import, connector to sandboxes, STIX 2.0, etc) \end{itemize} \end{frame} @@ -624,6 +623,33 @@ \end{adjustbox} \end{frame} +\begin{frame}[fragile] + \frametitle{New expansion \& import modules format} + \begin{itemize} + \item Backward compatible - an additional field to extend the format + \end{itemize} + \begin{adjustbox}{width=\textwidth,height=5cm,keepaspectratio} + \begin{lstlisting}[language=python] + misp_attributes = {'input': [...], 'output': [...], + 'format': 'misp_standard'} + \end{lstlisting} + \end{adjustbox} + \begin{itemize} + \item Takes a standard MISP attribute as input + \item Can return MISP attributes, objects \& tags + \item Supports relationships + \item First modules supporting this new export format + \begin{itemize} + \item urlhaus expansion module + \item Joe Sandbox import \& query module + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame}[fragile] + \frametitle{New expansion \& import modules view (MISP 2.4.110} + \includegraphics[scale=0.2]{new_format_view.png} +\end{frame} \begin{frame}[fragile] \frametitle{Upcoming additions to the module system - General} diff --git a/3.1-misp-modules/new_format_view.png b/3.1-misp-modules/new_format_view.png new file mode 100644 index 0000000..db65a0b Binary files /dev/null and b/3.1-misp-modules/new_format_view.png differ diff --git a/3.3-misp-object-template/content.tex b/3.3-misp-object-template/content.tex index 55a20ba..5993d0c 100755 --- a/3.3-misp-object-template/content.tex +++ b/3.3-misp-object-template/content.tex @@ -140,7 +140,7 @@ \end{frame} \begin{frame} -\frametitle{What will the the template actually do?} +\frametitle{What will the template actually do?} \begin{itemize} \item Templates create a form that can be used to populate an event \item When using templates, MISP will enforce everything according to the template rules diff --git a/a.7-rest-API/Training - Using the API in MISP.ipynb b/a.7-rest-API/Training - Using the API in MISP.ipynb index 9c616a0..b0a5a0e 100644 --- a/a.7-rest-API/Training - Using the API in MISP.ipynb +++ b/a.7-rest-API/Training - Using the API in MISP.ipynb @@ -20,8 +20,10 @@ "metadata": {}, "source": [ "## Important notice\n", + "\n", "This notebook various usage of the MISP restAPI.\n", - "It should be noted that PyMISP is not required to use the MISP restAPI. We are ising PyMISP only to parse the response and inspect the data.\n", + "\n", + "It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n", "\n", "This command:\n", "```\n", @@ -105,7 +107,7 @@ "relative_path = ''\n", "\n", "body = {\n", - " \"info\": \"Event created via the API for the CA training 4\",\n", + " \"info\": \"Event created via the API as an example\",\n", " \"threat_level_id\": 1,\n", " \"distribution\": 0\n", "}\n", @@ -435,7 +437,7 @@ "metadata": {}, "source": [ "## RestSearch\n", - "**Aka: Most powerfull search tool in MISP**" + "**Aka: Most powerful search tool in MISP**" ] }, { @@ -999,7 +1001,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.7.3" + "version": "3.6.8" } }, "nbformat": 4,