diff --git a/3-misp-taxonomy-tagging/content.tex b/3-misp-taxonomy-tagging/content.tex new file mode 100755 index 0000000..b7d21c4 --- /dev/null +++ b/3-misp-taxonomy-tagging/content.tex @@ -0,0 +1,286 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\begin{frame}[t,plain] +\titlepage +\end{frame} + +\begin{frame} +\frametitle{From Tagging to Flexible Taxonomies} +\includegraphics[scale=0.3]{tags.png} +\begin{itemize} + \item Tagging is a simple way to attach a classification to an event or an attribute. + \item In the early version of MISP, tagging was local to an instance. + \item {\bf Classification must be globally used to be efficient}. + \item After evaluating different solutions of classification, we build a new scheme using the concept of machine tags. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Machine Tags} + \begin{itemize} + \item Triple tag or machine tag was introduced in 2004 to extend geotagging on images. + \end{itemize} + { + \setlength{\fboxsep}{1pt} + \setlength{\fboxrule}{1pt} + \fbox{\includegraphics[scale=0.7]{machinetag.pdf}} + } + \begin{itemize} + \item A machine tag is just a tag expressed in way that allows systems to parse and interpret it. + \item Still have a human-readable version:\\ + \begin{itemize} + \item admiralty-scale:Source Reliability="Fairly reliable" + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{MISP Taxonomies} +\begin{itemize} +\item Taxonomies are implemented in a simple JSON format. +\item Anyone can create their own taxonomy or reuse an existing one. +\item The taxonomies are in an independent git repository\footnote{\url{https://www.github.com/MISP/misp-taxonomies/}}. +\item These can be freely reused and integrated in other threat intel tools. +\item Taxonomies are licensed under CC0 (public domain) except if the taxonomy author decided to use another license. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Existing Taxonomies} +\begin{itemize} +\item NATO - {\bf Admiralty Scale} +\item CIRCL Taxonomy - {\bf Schemes of Classification in Incident Response and Detection} +\item eCSIRT and IntelMQ incident classification +\item EUCI {\bf EU classified information marking} +\item Information Security Marking Metadata from DNI (Director of National Intelligence - US) +\item NATO Classification Marking +\item OSINT {\bf Open Source Intelligence - Classification} +\item TLP - {\bf Traffic Light Protocol} +\item Vocabulary for Event Recording and Incident Sharing - {\bf VERIS} +\item and many more like ENISA, Europol, or the draft FIRST SIG Information Exchange Policy. +\end{itemize} +\end{frame} + +\colorlet{punct}{red!60!black} +\definecolor{background}{HTML}{EEEEEE} +\definecolor{delim}{RGB}{20,105,176} +\colorlet{numb}{magenta!60!black} +\lstdefinelanguage{json}{ + basicstyle=\scriptsize, + numbers=left, + numberstyle=\scriptsize, + stepnumber=1, + numbersep=5pt, + showstringspaces=false, + breaklines=true, + frame=lines, + backgroundcolor=\color{background}, + literate= + *{0}{{{\color{numb}0}}}{1} + {1}{{{\color{numb}1}}}{1} + {2}{{{\color{numb}2}}}{1} + {3}{{{\color{numb}3}}}{1} + {4}{{{\color{numb}4}}}{1} + {5}{{{\color{numb}5}}}{1} + {6}{{{\color{numb}6}}}{1} + {7}{{{\color{numb}7}}}{1} + {8}{{{\color{numb}8}}}{1} + {9}{{{\color{numb}9}}}{1} + {:}{{{\color{punct}{:}}}}{1} + {,}{{{\color{punct}{,}}}}{1} + {\{}{{{\color{delim}{\{}}}}{1} + {\}}{{{\color{delim}{\}}}}}{1} + {[}{{{\color{delim}{[}}}}{1} + {]}{{{\color{delim}{]}}}}{1}, +} + +\begin{frame}[fragile] +\frametitle{Want to write your own taxonomy? 1/2} +\begin{lstlisting}[language=json,firstnumber=1] +{ + "namespace": "admiralty-scale", + "description": "The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.", + "version": 1, + "predicates": [ + { + "value": "source-reliability", + "expanded": "Source Reliability" + }, + { + "value": "information-credibility", + "expanded": "Information Credibility" + } + ], +.... +\end{lstlisting} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Want to write your own taxonomy? 2/2} +\begin{lstlisting}[language=json,firstnumber=1] +{ + "values": [ + { + "predicate": "source-reliability", + "entry": [ + { + "value": "a", + "expanded": "Completely reliable" + }, +.... +\end{lstlisting} +\begin{itemize} + \item Publishing your taxonomy is as easy as a simple git pull request on misp-taxonomies\footnote{\url{https://github.com/MISP/misp-taxonomies}}. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{How are taxonomies integrated in MISP?} + \includegraphics[scale=0.21]{tags-2-4-70.png} +\begin{itemize} + \item MISP administrator can just import (or even cherry pick) the namespace or predicates they want to use as tag. +\item Tags can be exported to other instances. +\item Tags are also accessible via the MISP REST API. +\end{itemize} +\end{frame} + + +\begin{frame} +\frametitle{Filtering the distribution of events among MISP instances} +\begin{itemize} +\item Applying rules for distribution based on tags: +\end{itemize} +\includegraphics[scale=0.45]{tagspush.png} +\end{frame} + +\begin{frame} + \frametitle{Other use cases using MISP taxonomies} +\begin{itemize} + \item Tags can be used to set events or attributes for {\bf further processing by external tools} (e.g. VirusTotal auto-expansion using Viper). + \item Ensuring a classification manager {\bf classies the events before release} (e.g. release of information from air-gapped/classified networks). + \item {\bf Enriching IDS export} with tags to fit your NIDS deployment. + \item Using {\bf IntelMQ} and MISP together to process events (tags limited per organization introduced in MISP 2.4.49). +\end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Future functionalities related to MISP taxonomies} +\begin{itemize} + \item {\bf Sighting} support (thanks to NCSC-NL) is integrated in MISP allowing to auto expire IOC based on user detection. + \item Adjusting taxonomies (adding/removing tags) based on their score or visibility via sighting. + \item Simple taxonomy editors to {\bf help non-technical users} to create their taxonomies. + \item {\bf Filtering mechanisms} in MISP to rename or replace taxonomies/tags at pull and push synchronisation. + \item More public taxonomies to be included. +\end{itemize} +\end{frame} + +\begin{frame} + \frametitle{PyTaxonomies} +\begin{itemize} + \item {\bf Python module} to handle the taxonomies + \item {\bf Offline} and online mode (fetch the newest taxonomies from GitHub) + \item Simple {\bf search} to make tagging easy + \item Totally independant from MISP + \item {\bf No external dependencies} in offline mode + \item Python3 only + \item Can be used to create \& {\bf dump a new taxonomy} +\end{itemize} +\end{frame} + +\begin{frame}[fragile] + \frametitle{PyTaxonomies} + \begin{lstlisting}[language=Python,basicstyle=\tiny] +from pytaxonomies import Taxonomies +taxonomies = Taxonomies() +taxonomies.version +# => '20160725' +taxonomies.description +# => 'Manifest file of MISP taxonomies available.' +list(taxonomies.keys()) +# => ['tlp', 'eu-critical-sectors', 'de-vs', 'osint', 'circl', 'veris', +# 'ecsirt', 'dhs-ciip-sectors', 'fr-classif', 'misp', 'admiralty-scale', ...] +taxonomies.get('enisa').description +# 'The present threat taxonomy is an initial version that has been developed on +# the basis of available ENISA material. This material has been used as an ENISA-internal +# structuring aid for information collection and threat consolidation purposes. +# It emerged in the time period 2012-2015.' +print(taxonomies.get('circl')) +# circl:incident-classification="vulnerability" +# circl:incident-classification="malware" +# circl:incident-classification="fastflux" +# circl:incident-classification="system-compromise" +# circl:incident-classification="sql-injection" +# .... +print(taxonomies.get('circl').machinetags_expanded()) +# circl:incident-classification="Phishing" +# circl:incident-classification="Malware" +# circl:incident-classification="XSS" +# circl:incident-classification="Copyright issue" +# circl:incident-classification="Spam" +# circl:incident-classification="SQL Injection" + +\end{lstlisting} +\end{frame} + +\begin{frame} + \frametitle{The dilemma of false-positive} + \begin{itemize} + \item False-positive is a {\bf common issue} in threat intelligence sharing. + \item It's often a contextual issue: + \begin{itemize} + \item false-positive might be different per community of users sharing information. + \item organization might have their {\bf own view} on false-positive. + \end{itemize} + \item Based on the success of the MISP taxonomy model, we build misp-warninglists. + \end{itemize} +\end{frame} + +\begin{frame}[t,fragile] + \frametitle{MISP warning lists} + \begin{itemize} + \item misp-warninglists are lists of {\b well-known indicators} that can be associated to potential false positives, errors or mistakes. + \item Simple JSON files + \end{itemize} +\begin{lstlisting}[language=json,firstnumber=1] +{ + "name": "List of known public DNS resolvers", + "version": 2, + "description": "Event contains one or more public DNS resolvers as attribute with an IDS flag set", + "matching_attributes": [ + "ip-src", + "ip-dst" + ], + "list": [ + "8.8.8.8", + "8.8.4.4",...] +} +\end{lstlisting} +\end{frame} + +\begin{frame}[t,fragile] +\frametitle{MISP warning lists} +\begin{itemize} +\item The warning lists are integrated in MISP to display an info/warning box at the event and attribute level. +\item Enforceable via the API where all attributes that have a hit on a warninglist will be excluded. +\item This can be enabled at MISP instance level. +\item Default warning lists can be enabled or disabled like {\bf known public resolver}, {\bf multicast IP addresses}, {\bf hashes for empty values}, {\bf rfc1918}, {\bf TLDs} or {\bf known google domains}. +\item The warning lists can be expanded or added in JSON locally or via pull requests. +\item Warning lists can be also used for {\bf critical or core infrastructure warning}, {\bf personally identifiable information}... +\end{itemize} +\end{frame} + + +\begin{frame}[t,fragile] {Q\&A} +\includegraphics[scale=0.5]{misplogo.pdf} +\begin{itemize} + \item \url{https://github.com/MISP/MISP} + \item \url{https://github.com/MISP/misp-taxonomies} + \item \url{https://github.com/MISP/PyTaxonomies} + \item \url{https://github.com/MISP/misp-warninglists} + \item info@circl.lu (if you want to join one of the MISP community operated by CIRCL) + \item PGP key fingerprint: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 +\end{itemize} + +\end{frame} + diff --git a/3-misp-taxonomy-tagging/logo-circl.pdf b/3-misp-taxonomy-tagging/logo-circl.pdf new file mode 100644 index 0000000..62c9239 Binary files /dev/null and b/3-misp-taxonomy-tagging/logo-circl.pdf differ diff --git a/3-misp-taxonomy-tagging/machinetag-expanded.pdf b/3-misp-taxonomy-tagging/machinetag-expanded.pdf new file mode 100644 index 0000000..e3827ad Binary files /dev/null and b/3-misp-taxonomy-tagging/machinetag-expanded.pdf differ diff --git a/3-misp-taxonomy-tagging/machinetag.pdf b/3-misp-taxonomy-tagging/machinetag.pdf new file mode 100644 index 0000000..c4bcece Binary files /dev/null and b/3-misp-taxonomy-tagging/machinetag.pdf differ diff --git a/3-misp-taxonomy-tagging/misp.pdf b/3-misp-taxonomy-tagging/misp.pdf new file mode 100644 index 0000000..f7a3f9d Binary files /dev/null and b/3-misp-taxonomy-tagging/misp.pdf differ diff --git a/3-misp-taxonomy-tagging/misplogo.pdf b/3-misp-taxonomy-tagging/misplogo.pdf new file mode 100644 index 0000000..60da568 Binary files /dev/null and b/3-misp-taxonomy-tagging/misplogo.pdf differ diff --git a/3-misp-taxonomy-tagging/normaltag.png b/3-misp-taxonomy-tagging/normaltag.png new file mode 100644 index 0000000..781182c Binary files /dev/null and b/3-misp-taxonomy-tagging/normaltag.png differ diff --git a/3-misp-taxonomy-tagging/slide.tex b/3-misp-taxonomy-tagging/slide.tex new file mode 100644 index 0000000..9c77c3c --- /dev/null +++ b/3-misp-taxonomy-tagging/slide.tex @@ -0,0 +1,27 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + + +\usepackage[utf8]{inputenc} +\usepackage{tikz} +\usepackage{listings} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} +%\usepackage[T1]{fontenc} +%\usepackage[scaled]{beramono} + +\author{\small{\input{../includes/authors.txt}}} + +\title{Information Sharing and Taxonomies} +\subtitle{Practical Classification of Threat Indicators using MISP} +\institute{\href{http://www.misp-project.org/}{http://www.misp-project.org/} \\ Twitter: \emph{\href{https://twitter.com/mispproject}{@MISPProject}}} +\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} +\date{\input{../includes/location.txt}} + +\begin{document} +\include{content} +\end{document} + diff --git a/3-misp-taxonomy-tagging/sticker-CIRCL-MISP-motherf.svg b/3-misp-taxonomy-tagging/sticker-CIRCL-MISP-motherf.svg new file mode 100644 index 0000000..0886472 --- /dev/null +++ b/3-misp-taxonomy-tagging/sticker-CIRCL-MISP-motherf.svg @@ -0,0 +1,5794 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/3-misp-taxonomy-tagging/tags-2-4-70.png b/3-misp-taxonomy-tagging/tags-2-4-70.png new file mode 100644 index 0000000..e1c6fbd Binary files /dev/null and b/3-misp-taxonomy-tagging/tags-2-4-70.png differ diff --git a/3-misp-taxonomy-tagging/tags.png b/3-misp-taxonomy-tagging/tags.png new file mode 100644 index 0000000..9f4184e Binary files /dev/null and b/3-misp-taxonomy-tagging/tags.png differ diff --git a/3-misp-taxonomy-tagging/tags24.png b/3-misp-taxonomy-tagging/tags24.png new file mode 100644 index 0000000..9b1d331 Binary files /dev/null and b/3-misp-taxonomy-tagging/tags24.png differ diff --git a/3-misp-taxonomy-tagging/tagspush.png b/3-misp-taxonomy-tagging/tagspush.png new file mode 100644 index 0000000..b5f063e Binary files /dev/null and b/3-misp-taxonomy-tagging/tagspush.png differ diff --git a/build.sh b/build.sh index e73df1c..672418c 100644 --- a/build.sh +++ b/build.sh @@ -1,7 +1,7 @@ #!/bin/bash # -slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration") +slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration" "3-misp-taxonomy-tagging") mkdir output export TEXINPUTS=::`pwd`/themes/ echo ${TEXINPUTS}