mirror of https://github.com/MISP/misp-training
Merge branch 'main' of github.com:MISP/misp-training into main
commit
f7444fbd55
|
@ -29,8 +29,8 @@
|
|||
\item Private sector community
|
||||
\begin{itemize}
|
||||
\item Our largest sharing community
|
||||
\item Over {\bf 1000 organisations}
|
||||
\item {\bf ~2700 users}
|
||||
\item Over {\bf 1250 organisations}
|
||||
\item {\bf ~3600 users}
|
||||
\item Functions as a central hub for a lot of sharing communities
|
||||
\item Private organisations, Researchers, Various SoCs, some CSIRTs, etc
|
||||
\end{itemize}
|
||||
|
@ -75,11 +75,18 @@
|
|||
\begin{frame}
|
||||
\frametitle{Communities supported by CIRCL}
|
||||
\begin{itemize}
|
||||
\item ISAC / specialised community MISPs
|
||||
\begin{itemize}
|
||||
\item Topical or community specific instances hosted or co-managed by CIRCL
|
||||
\item Examples, GSMA, FIRST.org, CSIRT network, etc
|
||||
\item Often come with their {\bf own taxonomies and domain specific object definitions}
|
||||
\end{itemize}
|
||||
\item FIRST.org's MISP community
|
||||
\item Telecom and Mobile operators' community
|
||||
\item Various ad-hoc communities for exercises for example
|
||||
\begin{itemize}
|
||||
\item The ENISA exercise for example
|
||||
\item Locked Shields exercise
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 120 KiB |
|
@ -0,0 +1,65 @@
|
|||
% DO NOT COMPILE THIS FILE DIRECTLY!
|
||||
% This is included by the other .tex files.
|
||||
|
||||
\begin{frame}[t,plain]
|
||||
\titlepage
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP CLI functionalities}
|
||||
\begin{itemize}
|
||||
\item The MISP API is great for remotely executing administrative tasks
|
||||
\item But sometimes we want to simplify the process / avoid having to deal with authentication
|
||||
\item MISP also has an extensive CLI sub-system for this reason
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Types of objectives for the scripts}
|
||||
\begin{itemize}
|
||||
\item Automating recurring tasks
|
||||
\item Recovery from loss of access
|
||||
\item Updates / initialisation
|
||||
\item Background worker management
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{CLI documentation}
|
||||
\begin{itemize}
|
||||
\item \url{https://path.to.your.misp/events/automation}
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[scale=0.4]{cli.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Usage}
|
||||
\texttt{/var/www/MISP/app/Console/cake [Shell] [Command] [parameters]}
|
||||
\begin{itemize}
|
||||
\item Example:
|
||||
\begin{itemize}
|
||||
\item \texttt{/var/www/MISP/app/Console/cake Password "andras.iklody@gmail.com" "Nutella"}
|
||||
\item Change password to "Nutella" for my user
|
||||
\item Some shells are single use and don't need a command parameter
|
||||
\end{itemize}
|
||||
\item Also used by the background processing
|
||||
\item Automation is meant to be used via cron jobs
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Automation via crontab}
|
||||
\begin{itemize}
|
||||
\item Edit crontab of www-data user
|
||||
\item \texttt{crontab -u www-data -e}
|
||||
\item \texttt{0 3,9,15,21 * * * /var/www/MISP/app/Console/cake Server pull 1 30 full}
|
||||
\item Pull server ID \#30 as user \#1 every 6 hours
|
||||
\item \texttt{@hourly /var/www/MISP/app/Console/cake Server cacheFeed 1 csv full}
|
||||
\item Cache all csv feeds as user \#1 every hour
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
After Width: | Height: | Size: 49 KiB |
|
@ -0,0 +1,26 @@
|
|||
\documentclass{beamer}
|
||||
\usetheme[numbering=progressbar]{focus}
|
||||
\definecolor{main}{RGB}{47, 161, 219}
|
||||
\definecolor{textcolor}{RGB}{128, 128, 128}
|
||||
\definecolor{background}{RGB}{240, 247, 255}
|
||||
|
||||
|
||||
\usepackage[utf8]{inputenc}
|
||||
\usepackage{tikz}
|
||||
\usepackage{listings}
|
||||
\usepackage{adjustbox}
|
||||
\usetikzlibrary{positioning}
|
||||
\usetikzlibrary{shapes,arrows}
|
||||
%\usepackage[T1]{fontenc}
|
||||
%\usepackage[scaled]{beramono}
|
||||
|
||||
\author{\small{\input{../includes/authors.txt}}}
|
||||
|
||||
\title{MISP CLI}
|
||||
\subtitle{Automate all the things}
|
||||
\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
|
||||
\date{\input{../includes/location.txt}}
|
||||
\begin{document}
|
||||
\include{content}
|
||||
\end{document}
|
||||
|
Loading…
Reference in New Issue