MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' of github.com:MISP/misp-training

pull/25/head
Christian Studer 2024-04-15 10:03:06 +02:00
parent 8c3c7f3b55 f5e5a9cdae
commit 9a3221e3b7
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
7 changed files with 17225 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
a.4-best-practices/content.tex
View File

@ -10,6 +10,7 @@
\begin{itemize} \begin{itemize}
\item Explanation of the CSIRT use case for information sharing and what CIRCL does \item Explanation of the CSIRT use case for information sharing and what CIRCL does
\item Building an information sharing community and best practices\footnote{We published the complete guidelines in \url{https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf}} \item Building an information sharing community and best practices\footnote{We published the complete guidelines in \url{https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf}}
\item Quick demo of MISP capabilities
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -176,15 +177,15 @@
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{A quick note on compliance...} \frametitle{A quick note on legal compliance...}
\begin{itemize} \begin{itemize}
\item Collaboration with Deloitte and legal advisors as part of a CEF project for creating compliance documents \item Collaboration with legal advisors as part of a CEF project for creating compliance documents
\begin{itemize} \begin{itemize}
\item Information sharing and cooperation {\bf enabled by GDPR} \item Information sharing and cooperation {\bf such as GDPR}
\item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities \item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities
\item {\bf AIL} and MISP \item {\bf AIL} and MISP
\end{itemize} \end{itemize}
\item For more information: \url{https://github.com/CIRCL/compliance} \item For more information: \url{https://github.com/CIRCL/compliance} about DORA, GDPR, ISO 27010 and MISP compliance
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -437,7 +438,7 @@
\begin{itemize} \begin{itemize}
\item Getting started with building a new community can be daunting. Feel free to get in touch with us if you have any questions! \item Getting started with building a new community can be daunting. Feel free to get in touch with us if you have any questions!
\item Contact: info@circl.lu \item Contact: info@circl.lu
\item \url{https://www.circl.lu/} \item \url{https://www.circl.lu/} \url{https://www.misp-project.org/}
\item \url{https://github.com/MISP} \url{https://gitter.im/MISP/MISP} \url{https://twitter.com/MISPProject} \item \url{https://github.com/MISP} \url{https://gitter.im/MISP/MISP} \url{https://twitter.com/MISPProject}
\end{itemize} \end{itemize}
\end{frame} \end{frame}

454
a.7-rest-API/Training - Using the API in MISP.ipynb
View File

@ -52,14 +52,14 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 38, "execution_count": 6,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
"name": "stderr", "name": "stderr",
"output_type": "stream", "output_type": "stream",
"text": [ "text": [
"The version of PyMISP recommended by the MISP instance (2.4.183) is newer than the one you're using now (2.4.168). Please upgrade PyMISP.\n" "The version of PyMISP recommended by the MISP instance (2.4.188) is newer than the one you're using now (2.4.168). Please upgrade PyMISP.\n"
] ]
} }
], ],
@ -84,7 +84,7 @@
" if 'Attribute' in result:\n", " if 'Attribute' in result:\n",
" print(\"Count: %s\" % len(result['Attribute']))\n", " print(\"Count: %s\" % len(result['Attribute']))\n",
" flag_printed = True\n", " flag_printed = True\n",
" elif 'Event' in result and 'Attribute' in result['Event']['Attribute']:\n", " elif 'Event' in result and 'Attribute' in result['Event']:\n",
" print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n", " print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n",
" flag_printed = True\n", " flag_printed = True\n",
" if flag_printed:\n", " if flag_printed:\n",
@ -697,186 +697,38 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 58, "execution_count": 7,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
"name": "stdout", "name": "stdout",
"output_type": "stream", "output_type": "stream",
"text": [ "text": [
"{'Event': {'Attribute': [{'Galaxy': [],\n", "{'Event': {'Org': {'id': '1', 'name': 'ORGNAME'},\n",
" 'ShadowAttribute': [],\n", " 'Orgc': {'id': '1', 'name': 'ORGNAME'},\n",
" 'category': 'Network activity',\n", " 'date': '2023-12-11',\n",
" 'comment': '',\n", " 'id': '119',\n",
" 'deleted': False,\n", " 'info': 'testtest',\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '56142',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1705581872',\n",
" 'to_ids': True,\n",
" 'type': 'ip-src',\n",
" 'uuid': '6938d503-7d96-48b6-9a18-f8e6f95f04dd',\n",
" 'value': '9.9.9.9'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '56143',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1705582453',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '8153fcad-cd37-45d9-a1d1-a509942116f8',\n",
" 'value': '127.2.2.2'}],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [],\n",
" 'Galaxy': [],\n",
" 'Object': [{'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '56144',\n",
" 'last_seen': None,\n",
" 'object_id': '645',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5',\n",
" 'value': 'post'}],\n",
" 'ObjectReference': [],\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'description': 'Microblog post like a Twitter tweet or '\n",
" 'a post on a Facebook wall.',\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '645',\n",
" 'last_seen': None,\n",
" 'meta-category': 'misc',\n",
" 'name': 'microblog',\n",
" 'sharing_group_id': '0',\n",
" 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n",
" 'template_version': '5',\n",
" 'timestamp': '1558702173',\n",
" 'uuid': '838aefb1-0f6e-4967-9a99-e7414887ae9a'}],\n",
" 'Org': {'id': '1',\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'Orgc': {'id': '1',\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '1',\n",
" 'name': 'ORGNAME',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'Orgc': {'id': '1',\n",
" 'name': 'ORGNAME',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'analysis': '0',\n",
" 'date': '2024-01-16',\n",
" 'distribution': '3',\n",
" 'id': '122',\n",
" 'info': 'Event created via the API as '\n",
" 'an example',\n",
" 'org_id': '1',\n", " 'org_id': '1',\n",
" 'orgc_id': '1',\n", " 'orgc_id': '1',\n",
" 'published': False,\n", " 'user_id': '6'},\n",
" 'threat_level_id': '1',\n", " 'EventReport': {'content': 'Body',\n",
" 'timestamp': '1705581786',\n", " 'deleted': False,\n",
" 'uuid': 'de96c637-2282-4fc0-9c4e-ca7db60bace1'}},\n", " 'distribution': '5',\n",
" {'Event': {'Org': {'id': '1',\n", " 'event_id': '119',\n",
" 'name': 'ORGNAME',\n", " 'id': '52',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", " 'name': 'Report from API',\n",
" 'Orgc': {'id': '1',\n",
" 'name': 'ORGNAME',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'analysis': '0',\n",
" 'date': '2023-09-28',\n",
" 'distribution': '0',\n",
" 'id': '87',\n",
" 'info': 'Event created via the API as '\n",
" 'an example',\n",
" 'org_id': '1',\n",
" 'orgc_id': '1',\n",
" 'published': True,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1695907402',\n",
" 'uuid': 'a1348888-5a3e-4e18-acd5-b5015c9621ed'}}],\n",
" 'ShadowAttribute': [],\n",
" 'Tag': [{'colour': '#FF2B2B',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': 0,\n",
" 'local_only': False,\n",
" 'name': 'tlp:red',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '79',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': 0,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '3',\n",
" 'date': '2024-01-18',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'admin@admin.test',\n",
" 'extends_uuid': '',\n",
" 'id': '126',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '1',\n",
" 'orgc_id': '1',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n", " 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n", " 'timestamp': '1712818726',\n",
" 'timestamp': '1705582663',\n", " 'uuid': '9b6a2be2-127a-4c61-875b-a9eeba3b1139'},\n",
" 'uuid': 'b3cc1ea2-892f-48e1-a6dc-20279818a724'}}\n" " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n"
] ]
} }
], ],
"source": [ "source": [
"# Edition 2 - tagging 2\n", "# Edition 2 - tagging 2\n",
"endpoint = '/events/edit/'\n", "endpoint = '/events/edit/'\n",
"relative_path = '126'\n", "relative_path = str(event_id)\n",
"\n", "\n",
"body = {\n", "body = {\n",
" \"distribution\": 0,\n", " \"distribution\": 0,\n",
@ -889,6 +741,272 @@
"print_result(res)" "print_result(res)"
] ]
}, },
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Event reports"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"endpoint = '/eventReports/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"name\": \"Report from API\",\n",
" \"distribution\": 5,\n",
" \"sharing_group_id\": 0,\n",
" \"content\": \"Body\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"event_report_id = res['EventReport']['id']\n",
"\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Download HTML, convert it into markdown then save it as Event Report.\n",
"endpoint = '/eventReports/importReportFromUrl/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"url\": \"https://domain.example/blogpost/123.pdf\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 20,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'report': {'Event': {'Org': {'id': '1', 'name': 'ORGNAME'},\n",
" 'Orgc': {'id': '1', 'name': 'ORGNAME'},\n",
" 'date': '2023-12-11',\n",
" 'id': '119',\n",
" 'info': 'testtest',\n",
" 'org_id': '1',\n",
" 'orgc_id': '1',\n",
" 'user_id': '6'},\n",
" 'EventReport': {'content': 'Body @[tag](tlp:red) '\n",
" '@[attribute](bffa5ba8-7040-4f38-979f-7386f5a3a251)',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '119',\n",
" 'id': '50',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1712821134',\n",
" 'uuid': '972d3aeb-a60e-4bab-9db9-a76ef0551188'},\n",
" 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}}\n"
]
}
],
"source": [
" # Extract all entities, tag Event with tag found\n",
"endpoint = '/eventReports/extractAllFromReport/'\n",
"relative_path = str(50)\n",
"\n",
"body = {\n",
" \"tag_event\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Analyst Data"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Analyst Note"
]
},
{
"cell_type": "code",
"execution_count": 22,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Note': {'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '2021-09-30 13:28:31',\n",
" 'date_modified': '2023-09-07 07:40:54',\n",
" 'description': 'Automatically generated admin organisation',\n",
" 'id': '1',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'nationality': 'Belgium',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': 'ADMIN',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '2021-09-30 13:28:31',\n",
" 'date_modified': '2023-09-07 07:40:54',\n",
" 'description': 'Automatically generated admin organisation',\n",
" 'id': '1',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'nationality': 'Belgium',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': 'ADMIN',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" '_canEdit': True,\n",
" 'authors': 'john.doe@admin.test',\n",
" 'created': '2024-04-11 07:54:06',\n",
" 'distribution': '1',\n",
" 'id': '80',\n",
" 'language': 'fr-BE',\n",
" 'locked': False,\n",
" 'modified': '2024-04-11 07:54:06',\n",
" 'note': 'Ceci est une note',\n",
" 'note_type': 0,\n",
" 'note_type_name': 'Note',\n",
" 'object_type': 'Event50',\n",
" 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n",
" 'org_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n",
" 'orgc_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n",
" 'sharing_group_id': None,\n",
" 'uuid': 'b6362eab-b232-4d7b-867f-52c6971a743b'}}\n"
]
}
],
"source": [
"analystType = 'Note'\n",
"objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n",
"# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n",
"# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n",
"objectType = 'Event'\n",
"endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n",
"\n",
"body = {\n",
" \"note\": \"Ceci est une note\",\n",
" \"language\": \"fr-BE\",\n",
" \"authors\": \"john.doe@admin.test\",\n",
" \"distribution\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Analyst Opinion"
]
},
{
"cell_type": "code",
"execution_count": 23,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Opinion': {'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '2021-09-30 13:28:31',\n",
" 'date_modified': '2023-09-07 07:40:54',\n",
" 'description': 'Automatically generated admin '\n",
" 'organisation',\n",
" 'id': '1',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'nationality': 'Belgium',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': 'ADMIN',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '2021-09-30 13:28:31',\n",
" 'date_modified': '2023-09-07 07:40:54',\n",
" 'description': 'Automatically generated admin '\n",
" 'organisation',\n",
" 'id': '1',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'ORGNAME',\n",
" 'nationality': 'Belgium',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': 'ADMIN',\n",
" 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n",
" '_canEdit': True,\n",
" 'authors': 'john.doe@admin.test',\n",
" 'comment': 'This is an opinion',\n",
" 'created': '2024-04-11 07:54:12',\n",
" 'distribution': '1',\n",
" 'id': '64',\n",
" 'locked': False,\n",
" 'modified': '2024-04-11 07:54:12',\n",
" 'note_type': 1,\n",
" 'note_type_name': 'Opinion',\n",
" 'object_type': 'Event50',\n",
" 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n",
" 'opinion': '75',\n",
" 'org_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n",
" 'orgc_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n",
" 'sharing_group_id': None,\n",
" 'uuid': 'eea00f1d-71aa-4763-9489-bd137cae2a57'}}\n"
]
}
],
"source": [
"analystType = 'Opinion'\n",
"objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n",
"# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n",
"# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n",
"objectType = 'Event'\n",
"endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n",
"\n",
"body = {\n",
" \"opinion\": 75,\n",
" \"comment\": \"This is an opinion\",\n",
" \"authors\": \"john.doe@admin.test\",\n",
" \"distribution\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{ {
"cell_type": "markdown", "cell_type": "markdown",
"metadata": {}, "metadata": {},

52
cheatsheets/cheatsheet-data-model.tex
View File

@ -137,3 +137,55 @@
\end{itemize} \end{itemize}
} }
\end{multicols*} \end{multicols*}
\newpage
\begin{multicols*}{3}
% Analyst Note
\cheatbox[\faicon{sticky-note}]
[Share and add an analysis to any MISP data]
[Describe information about specific details, annotate elements]
[\distributable \synchronisable]
[Text element that can be attached to many element]
{\linkdest{note}Analyst Notes}
{
$\blacktriangleright$ Any user can attach \notes to data they don't own.
For example: \events, \attributes, \clusters, $\cdots$\\
$\blacktriangleright$ The note is actually attached to the target's UUID
}
% Analyst Opinion
\cheatbox[\faicon{gavel}]
[Share and add an opinion to any MISP data]
[Provide feedback to third-parties, Coordinate and Collaborate]
[\distributable \synchronisable]
[Text element with a numerical opinion that can be attached to many element]
{\linkdest{opinion}Analyst Opinions}
{
$\blacktriangleright$ Basically the same as a \note\\
$\blacktriangleright$ The numerical value of the \opinion is $\in [0, 100]$. where $50$ is the neutral point. Any values $<50$ are considered negatives, values $>50$ are considered positives.
}
% Analyst Relationship
\cheatbox[\faicon{arrow-up}]
[Create a relationship between elements]
[Manually create correlation link, add similarities]
[\distributable \synchronisable]
[Link between two entities using a verb]
{\linkdest{opinion}Analyst Relationships}
{
$\blacktriangleright$ Basically the same as a \note but includes the target element\\
$\blacktriangleright$ Example could be an \event $\rightarrow$ \event relationship where one is \textit{Suspected to be part of the same campaign based on HUMINT sources}
}
% Element Collection
\cheatbox[\faicon{object-group}]
[Allow groupping multiple elements into a single collection]
[Grouping \events together if they are part of the same campaing]
[\distributable]
[Group element into collection]
{\linkdest{collection}Element Collection}
{
}
\end{multicols*}

8
cheatsheets/utils.tex
View File

@ -25,6 +25,14 @@
\newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} } \newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} }
\newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} } \newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} }
\newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} } \newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} }
\newcommand{\notes}{\hyperlink{note}{\texttt{Analyst Notes}} }
\newcommand{\note}{\hyperlink{note}{\texttt{Analyst Note}} }
\newcommand{\opinions}{\hyperlink{opinion}{\texttt{Analyst Opinions}} }
\newcommand{\opinion}{\hyperlink{opinion}{\texttt{Analyst Opinion}} }
\newcommand{\relationships}{\hyperlink{relationship}{\texttt{Analyst Relationships}} }
\newcommand{\relationship}{\hyperlink{relationship}{\texttt{Analyst Relationship}} }
\newcommand{\collections}{\hyperlink{collection}{\texttt{Element Collections}} }
\newcommand{\collection}{\hyperlink{collection}{\texttt{Element Collection}} }
\newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}} \newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}}
\newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}} \newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}}

15517
complementary/jupyter-notebooks/Training - Using the API in MISP-public.ipynb Normal file
View File

File diff suppressed because it is too large Load Diff

1354
complementary/jupyter-notebooks/query-misp-public.ipynb Normal file
View File

File diff suppressed because one or more lines are too long

BIN
complementary/other-slides/MISP Data model overview-with-analyst-data.pdf Normal file
View File

Binary file not shown.