MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [galaxy2.0] Added draft of the feature

exercise-movie
mokaddem 2020-09-29 18:35:51 +02:00
parent 09a60bedc2
commit fb2c3e6c0d
7 changed files with 306 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
a.10-galaxy-2.0/content.tex Normal file
View File

@ -0,0 +1,161 @@
% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}
\frametitle{Outline of the presentation}
\begin{itemize}
\item Present the features available for Sharing \textit{galaxy clusters}
\item Look at the internals of what changed in the datamodel and MISP's behaviors
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP Galaxy 2.0}
Galaxy 2.0 introduces various new features for \textit{Galaxies} and their \textit{Clusters} allowing:
\begin{itemize}
\item Creation of \textbf{custom} \textit{Clusters}
\item ACL on \textit{Clusters}
\item \textbf{Connection} of \textit{Clusters} via \textit{Relations}
\item \textbf{Synchronization} to connected instances.
\item \textbf{Visualization} of forks and relationships
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP Galaxy 2.0 - New \textit{Cluster} fields}
\textit{Clusters} and \textit{Relations} can be edited.
\begin{itemize}
\item New \textit{Clusters} fields
\item \texttt{distribution}, \texttt{sharing\_group\_id}
\item \texttt{org\_id}, \texttt{orgc\_id}
\item \texttt{locked}, \texttt{published}, \texttt{deleted}
\item \texttt{default}
\begin{itemize}
\item \textit{Clusters} coming from the \texttt{misp-galaxies} repository are marked as default
\item Not synchronized
\end{itemize}
\begin{itemize}
\item Same purpose as \textit{Events}s \texttt{locked}
\end{itemize}
\item \texttt{extends\_uuid}
\begin{itemize}
\item Point to the \textit{Cluster} that has been forked
\end{itemize}
\item \texttt{extends\_version}
\begin{itemize}
\item Keep track of the \textit{Cluster} version that has been forked
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP Galaxy 2.0 - Others changes}
\begin{itemize}
\item \textit{Role} \texttt{perm\_galaxy\_editor}
\item Relations also have a \texttt{distribution} and can have \textit{Tags}
\item Servers have 2 new flags
\begin{itemize}
\item \texttt{pull\_galaxy\_clusters}
\item \texttt{push\_galaxy\_clusters}
\end{itemize}
\item Clusters \texttt{blocklist}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Features in depth: CRUD}
\begin{itemize}
\item Standard CRUD
\item Soft and Hard deletion
\item Publishing
\item Update forked cluster to keep it synchronized with its parent
\item ACL on the \textit{Cluster} itself, not on its tag
\begin{itemize}
\item \texttt{misp-galaxy:{\color{blue} galaxy-type}="{\color{red} cluster UUID}"}
\item \texttt{\tiny misp-galaxy:{\color{blue} mitre-attack-pattern}="{\color{red} e4932f21-4867-4de6-849a-1b11e48e2682}"}
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Features in depth: Visualization}
Tree view of forked Clusters \includegraphics[scale=0.5]{pics/cluster-forks}
\includegraphics[width=1.0\linewidth]{pics/cluster-forks-tree}
\end{frame}
\begin{frame}
\frametitle{Features in depth: Visualization}
Tree and network views for Relations between Clusters
\includegraphics[width=1.0\linewidth]{pics/cluster-relations}
\end{frame}
\begin{frame}
\frametitle{Features in depth: Visualization}
Tree and network views for Relations between Clusters
\includegraphics[width=1.0\linewidth]{pics/cluster-relations-tree}
\end{frame}
\begin{frame}
\frametitle{Features in depth: Synchronization}
Own synchronization mechanism which can be enabled with the \texttt{pull\_galaxy\_cluster} and \texttt{push\_galaxy\_cluster} flags
\begin{itemize}
\item \textbf{Pull All}: Pull all remote Clusters (similar to event's pull all)
\item \textbf{Pull Update}: Update local Clusters (similar to event's pull update)
\item \textbf{Pull Relevant}: Pull missing Clusters based on local Tags
\item \textbf{Push}: Triggered whenever a Cluster is published or via standard push
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{New views factories \& elements}
\begin{itemize}
\item\texttt{GenericForm.simpleFieldAllowedList}
\begin{itemize}
\item \texttt{checked}, \texttt{multiple}, \texttt{selected}, \texttt{legend}, \texttt{disabled},
\end{itemize}
\item\texttt{IndexTable.booleanOrNA}
\begin{itemize}
\item Displays icons or N/A
\end{itemize}
\item\texttt{IndexTable.galaxy\_cluster\_link}
\begin{itemize}
\item Display basic galaxy cluster info in a compact way (\texttt{galaxy\_type :: cluster\_value} + Hover)
\end{itemize}
\item\texttt{IndexTable.in\_and\_out\_counts}
\begin{itemize}
\item Display \# of outbound and \# of inbound (This \textit{Cluster} has \# relations)
\end{itemize}
\item\texttt{IndexTable.tree}
\begin{itemize}
\item Generate a tree like hierarchy (Root cluster and its forks)
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Synchronization edge cases}
\begin{itemize}
\item Missing galaxy on the remote end
\begin{itemize}
\item[$\rightarrow$] Capture it
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Impossible due to design}
\begin{itemize}
\item Share \textit{Galaxy Matrix}
\begin{itemize}
\item[$\rightarrow$] Can only be insterted in an existing \textit{galaxy} matrix as the layout is defined at the \textit{galaxy} level
\end{itemize}
\end{itemize}
\end{frame}

2
a.10-galaxy-2.0/makefile Normal file
View File

@ -0,0 +1,2 @@
all:
pdflatex -interaction nonstopmode -halt-on-error -file-line-error circl-introduction.tex

BIN
a.10-galaxy-2.0/pics/cluster-forks-tree.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
a.10-galaxy-2.0/pics/cluster-forks.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
a.10-galaxy-2.0/pics/cluster-relations-tree.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
a.10-galaxy-2.0/pics/cluster-relations.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 144 KiB

143
a.10-galaxy-2.0/slide.tex Normal file
View File

@ -0,0 +1,143 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\definecolor{main}{RGB}{47, 161, 219}
\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
\usepackage[utf8x]{inputenc}
\usepackage{listings}
\usepackage{soul}
\usepackage{siunitx}
\usepackage{booktabs}
%\lstset{
% backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}
% basicstyle=\footnotesize, % the size of the fonts that are used for the code
% breakatwhitespace=false
%}
\usepackage{tikz}
\usetikzlibrary{shapes,snakes,automata,positioning}
\usepackage{xcolor}
\usepackage{colortbl}
\definecolor{mygreen}{rgb}{0,0.6,0}
\definecolor{mygreen2}{rgb}{0,0.56,0.16}
\definecolor{myred}{rgb}{0.6,0.066,0.066}
\definecolor{redCIRCL}{RGB}{213,43,30}
\definecolor{mygray}{rgb}{0.5,0.5,0.5}
\definecolor{mymauve}{rgb}{0.58,0,0.82}
\definecolor{mygray}{gray}{0.9}
\definecolor{mywhite}{rgb}{1,1,1}
\definecolor{myblack}{rgb}{0,0,0}
\definecolor{mybeige}{HTML}{eeeeee}
%\usepackage{tcolorbox}
\usepackage[listings]{tcolorbox}
\tcbuselibrary{listings}
\lstdefinestyle{code}{ %
backgroundcolor=\color{mybeige}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument
basicstyle=\footnotesize\ttfamily, % the size of the fonts that are used for the code
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
breaklines=true, % sets automatic line breaking
captionpos=b, % sets the caption-position to bottom
commentstyle=\color{mygreen}, % comment style
deletekeywords={...}, % if you want to delete keywords from the given language
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
frame=single, % adds a frame around the code
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
keywordstyle=\color{blue}, % keyword style
language=Python, % the language of the code
morekeywords={*,...}, % if you want to add more keywords to the set
numbers=left, % where to put the line-numbers; possible values are (none, left, right)
numbersep=5pt, % how far the line-numbers are from the code
numberstyle=\tiny\color{myblack}, % the style that is used for the line-numbers
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
showstringspaces=false, % underline spaces within strings only
showtabs=false, % show tabs within strings adding particular underscores
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
stringstyle=\color{mymauve}, % string literal style
tabsize=2, % sets default tabsize to 2 spaces
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title
}
\lstdefinestyle{bash}{ %
backgroundcolor=\color{black!85}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument
basicstyle=\footnotesize\color{mywhite}, % the size of the fonts that are used for the code
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
breaklines=true, % sets automatic line breaking
captionpos=b, % sets the caption-position to bottom
commentstyle=\color{mygreen}, % comment style
deletekeywords={...}, % if you want to delete keywords from the given language
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
frame=single % adds a frame around the code
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
keywordstyle=\color{white}\bfseries, % keyword style
language=bash, % the language of the code
morekeywords={*,$,git, clone,... }, % if you want to add more keywords to the set
numbers=left, % where to put the line-numbers; possible values are (none, left, right)
numbersep=5pt, % how far the line-numbers are from the code
numberstyle=\tiny\color{mywhite}, % the style that is used for the line-numbers
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
showstringspaces=false, % underline spaces within strings only
showtabs=false, % show tabs within strings adding particular underscores
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
stringstyle=\color{mymauve}, % string literal style
tabsize=2, % sets default tabsize to 2 spaces
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title
}
\lstdefinestyle{default}{ %
backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument
basicstyle=\footnotesize\color{black}, % the size of the fonts that are used for the code
breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace
breaklines=true, % sets automatic line breaking
captionpos=b, % sets the caption-position to bottom
commentstyle=\color{mygreen}, % comment style
deletekeywords={...}, % if you want to delete keywords from the given language
escapeinside={\%*}{*)}, % if you want to add LaTeX within your code
extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8
frame=single % adds a frame around the code
keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible)
keywordstyle=\color{white}\bfseries, % keyword style
language=bash, % the language of the code
morekeywords={*,$,git, clone,... }, % if you want to add more keywords to the set
numbers=left, % where to put the line-numbers; possible values are (none, left, right)
numbersep=5pt, % how far the line-numbers are from the code
numberstyle=\tiny\color{black}, % the style that is used for the line-numbers
rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here))
showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces'
showstringspaces=false, % underline spaces within strings only
showtabs=false, % show tabs within strings adding particular underscores
stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered
stringstyle=\color{mymauve}, % string literal style
tabsize=2, % sets default tabsize to 2 spaces
title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title
}
\lstset{style=code}
\AtBeginSection[]{
\begin{frame}
\vfill
\centering
\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title}
{\color{white} \usebeamerfont{title}\insertsectionhead}\par%
\end{beamercolorbox}
\vfill
\end{frame}
}
\author{\small{Team CIRCL}}
\title{MISP - Galaxy 2.0}
\subtitle{Method for sharing threat intelligence}
\institute{info@circl.lu}
\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
\date{\today}
\begin{document}
\include{content}
\end{document}