diff --git a/a.10-galaxy-2.0/content.tex b/a.10-galaxy-2.0/content.tex new file mode 100644 index 0000000..4aeae55 --- /dev/null +++ b/a.10-galaxy-2.0/content.tex @@ -0,0 +1,161 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\begin{frame}[t,plain] +\titlepage +\end{frame} + +\begin{frame} + \frametitle{Outline of the presentation} + \begin{itemize} + \item Present the features available for Sharing \textit{galaxy clusters} + \item Look at the internals of what changed in the datamodel and MISP's behaviors + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP Galaxy 2.0} + Galaxy 2.0 introduces various new features for \textit{Galaxies} and their \textit{Clusters} allowing: + \begin{itemize} + \item Creation of \textbf{custom} \textit{Clusters} + \item ACL on \textit{Clusters} + \item \textbf{Connection} of \textit{Clusters} via \textit{Relations} + \item \textbf{Synchronization} to connected instances. + \item \textbf{Visualization} of forks and relationships + \end{itemize} +\end{frame} + + +\begin{frame} + \frametitle{MISP Galaxy 2.0 - New \textit{Cluster} fields} + \textit{Clusters} and \textit{Relations} can be edited. + \begin{itemize} + \item New \textit{Clusters} fields + \item \texttt{distribution}, \texttt{sharing\_group\_id} + \item \texttt{org\_id}, \texttt{orgc\_id} + \item \texttt{locked}, \texttt{published}, \texttt{deleted} + \item \texttt{default} + \begin{itemize} + \item \textit{Clusters} coming from the \texttt{misp-galaxies} repository are marked as default + \item Not synchronized + \end{itemize} + \begin{itemize} + \item Same purpose as \textit{Events}s \texttt{locked} + \end{itemize} + \item \texttt{extends\_uuid} + \begin{itemize} + \item Point to the \textit{Cluster} that has been forked + \end{itemize} + \item \texttt{extends\_version} + \begin{itemize} + \item Keep track of the \textit{Cluster} version that has been forked + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP Galaxy 2.0 - Others changes} + \begin{itemize} + \item \textit{Role} \texttt{perm\_galaxy\_editor} + \item Relations also have a \texttt{distribution} and can have \textit{Tags} + \item Servers have 2 new flags + \begin{itemize} + \item \texttt{pull\_galaxy\_clusters} + \item \texttt{push\_galaxy\_clusters} + \end{itemize} + \item Clusters \texttt{blocklist} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Features in depth: CRUD} + \begin{itemize} + \item Standard CRUD + \item Soft and Hard deletion + \item Publishing + \item Update forked cluster to keep it synchronized with its parent + \item ACL on the \textit{Cluster} itself, not on its tag + \begin{itemize} + \item \texttt{misp-galaxy:{\color{blue} galaxy-type}="{\color{red} cluster UUID}"} + \item \texttt{\tiny misp-galaxy:{\color{blue} mitre-attack-pattern}="{\color{red} e4932f21-4867-4de6-849a-1b11e48e2682}"} + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Features in depth: Visualization} + Tree view of forked Clusters \includegraphics[scale=0.5]{pics/cluster-forks} + + + \includegraphics[width=1.0\linewidth]{pics/cluster-forks-tree} +\end{frame} + +\begin{frame} + \frametitle{Features in depth: Visualization} + Tree and network views for Relations between Clusters + \includegraphics[width=1.0\linewidth]{pics/cluster-relations} +\end{frame} + +\begin{frame} + \frametitle{Features in depth: Visualization} + Tree and network views for Relations between Clusters + \includegraphics[width=1.0\linewidth]{pics/cluster-relations-tree} +\end{frame} + +\begin{frame} + \frametitle{Features in depth: Synchronization} + Own synchronization mechanism which can be enabled with the \texttt{pull\_galaxy\_cluster} and \texttt{push\_galaxy\_cluster} flags + + \begin{itemize} + \item \textbf{Pull All}: Pull all remote Clusters (similar to event's pull all) + \item \textbf{Pull Update}: Update local Clusters (similar to event's pull update) + \item \textbf{Pull Relevant}: Pull missing Clusters based on local Tags + \item \textbf{Push}: Triggered whenever a Cluster is published or via standard push + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{New views factories \& elements} + \begin{itemize} + \item\texttt{GenericForm.simpleFieldAllowedList} + \begin{itemize} + \item \texttt{checked}, \texttt{multiple}, \texttt{selected}, \texttt{legend}, \texttt{disabled}, + \end{itemize} + \item\texttt{IndexTable.booleanOrNA} + \begin{itemize} + \item Displays icons or N/A + \end{itemize} + \item\texttt{IndexTable.galaxy\_cluster\_link} + \begin{itemize} + \item Display basic galaxy cluster info in a compact way (\texttt{galaxy\_type :: cluster\_value} + Hover) + \end{itemize} + \item\texttt{IndexTable.in\_and\_out\_counts} + \begin{itemize} + \item Display \# of outbound and \# of inbound (This \textit{Cluster} has \# relations) + \end{itemize} + \item\texttt{IndexTable.tree} + \begin{itemize} + \item Generate a tree like hierarchy (Root cluster and its forks) + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Synchronization edge cases} + \begin{itemize} + \item Missing galaxy on the remote end + \begin{itemize} + \item[$\rightarrow$] Capture it + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Impossible due to design} + \begin{itemize} + \item Share \textit{Galaxy Matrix} + \begin{itemize} + \item[$\rightarrow$] Can only be insterted in an existing \textit{galaxy} matrix as the layout is defined at the \textit{galaxy} level + \end{itemize} + \end{itemize} +\end{frame} diff --git a/a.10-galaxy-2.0/makefile b/a.10-galaxy-2.0/makefile new file mode 100644 index 0000000..7d859a1 --- /dev/null +++ b/a.10-galaxy-2.0/makefile @@ -0,0 +1,2 @@ +all: + pdflatex -interaction nonstopmode -halt-on-error -file-line-error circl-introduction.tex diff --git a/a.10-galaxy-2.0/pics/cluster-forks-tree.png b/a.10-galaxy-2.0/pics/cluster-forks-tree.png new file mode 100644 index 0000000..fc121d7 Binary files /dev/null and b/a.10-galaxy-2.0/pics/cluster-forks-tree.png differ diff --git a/a.10-galaxy-2.0/pics/cluster-forks.png b/a.10-galaxy-2.0/pics/cluster-forks.png new file mode 100644 index 0000000..812685a Binary files /dev/null and b/a.10-galaxy-2.0/pics/cluster-forks.png differ diff --git a/a.10-galaxy-2.0/pics/cluster-relations-tree.png b/a.10-galaxy-2.0/pics/cluster-relations-tree.png new file mode 100644 index 0000000..6239ce9 Binary files /dev/null and b/a.10-galaxy-2.0/pics/cluster-relations-tree.png differ diff --git a/a.10-galaxy-2.0/pics/cluster-relations.png b/a.10-galaxy-2.0/pics/cluster-relations.png new file mode 100644 index 0000000..901398a Binary files /dev/null and b/a.10-galaxy-2.0/pics/cluster-relations.png differ diff --git a/a.10-galaxy-2.0/slide.tex b/a.10-galaxy-2.0/slide.tex new file mode 100644 index 0000000..22ab4d3 --- /dev/null +++ b/a.10-galaxy-2.0/slide.tex @@ -0,0 +1,143 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +\usepackage[utf8x]{inputenc} +\usepackage{listings} +\usepackage{soul} +\usepackage{siunitx} +\usepackage{booktabs} +%\lstset{ +% backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor} +% basicstyle=\footnotesize, % the size of the fonts that are used for the code +% breakatwhitespace=false +%} + +\usepackage{tikz} +\usetikzlibrary{shapes,snakes,automata,positioning} + +\usepackage{xcolor} +\usepackage{colortbl} +\definecolor{mygreen}{rgb}{0,0.6,0} +\definecolor{mygreen2}{rgb}{0,0.56,0.16} +\definecolor{myred}{rgb}{0.6,0.066,0.066} +\definecolor{redCIRCL}{RGB}{213,43,30} +\definecolor{mygray}{rgb}{0.5,0.5,0.5} +\definecolor{mymauve}{rgb}{0.58,0,0.82} +\definecolor{mygray}{gray}{0.9} +\definecolor{mywhite}{rgb}{1,1,1} +\definecolor{myblack}{rgb}{0,0,0} +\definecolor{mybeige}{HTML}{eeeeee} +%\usepackage{tcolorbox} +\usepackage[listings]{tcolorbox} +\tcbuselibrary{listings} + +\lstdefinestyle{code}{ % + backgroundcolor=\color{mybeige}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument + basicstyle=\footnotesize\ttfamily, % the size of the fonts that are used for the code + breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace + breaklines=true, % sets automatic line breaking + captionpos=b, % sets the caption-position to bottom + commentstyle=\color{mygreen}, % comment style + deletekeywords={...}, % if you want to delete keywords from the given language + escapeinside={\%*}{*)}, % if you want to add LaTeX within your code + extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8 + frame=single, % adds a frame around the code + keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible) + keywordstyle=\color{blue}, % keyword style + language=Python, % the language of the code + morekeywords={*,...}, % if you want to add more keywords to the set + numbers=left, % where to put the line-numbers; possible values are (none, left, right) + numbersep=5pt, % how far the line-numbers are from the code + numberstyle=\tiny\color{myblack}, % the style that is used for the line-numbers + rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here)) + showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces' + showstringspaces=false, % underline spaces within strings only + showtabs=false, % show tabs within strings adding particular underscores + stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered + stringstyle=\color{mymauve}, % string literal style + tabsize=2, % sets default tabsize to 2 spaces + title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title +} +\lstdefinestyle{bash}{ % + backgroundcolor=\color{black!85}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument + basicstyle=\footnotesize\color{mywhite}, % the size of the fonts that are used for the code + breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace + breaklines=true, % sets automatic line breaking + captionpos=b, % sets the caption-position to bottom + commentstyle=\color{mygreen}, % comment style + deletekeywords={...}, % if you want to delete keywords from the given language + escapeinside={\%*}{*)}, % if you want to add LaTeX within your code + extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8 + frame=single % adds a frame around the code + keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible) + keywordstyle=\color{white}\bfseries, % keyword style + language=bash, % the language of the code + morekeywords={*,$,git, clone,... }, % if you want to add more keywords to the set + numbers=left, % where to put the line-numbers; possible values are (none, left, right) + numbersep=5pt, % how far the line-numbers are from the code + numberstyle=\tiny\color{mywhite}, % the style that is used for the line-numbers + rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here)) + showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces' + showstringspaces=false, % underline spaces within strings only + showtabs=false, % show tabs within strings adding particular underscores + stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered + stringstyle=\color{mymauve}, % string literal style + tabsize=2, % sets default tabsize to 2 spaces + title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title +} +\lstdefinestyle{default}{ % + backgroundcolor=\color{white}, % choose the background color; you must add \usepackage{color} or \usepackage{xcolor}; should come as last argument + basicstyle=\footnotesize\color{black}, % the size of the fonts that are used for the code + breakatwhitespace=false, % sets if automatic breaks should only happen at whitespace + breaklines=true, % sets automatic line breaking + captionpos=b, % sets the caption-position to bottom + commentstyle=\color{mygreen}, % comment style + deletekeywords={...}, % if you want to delete keywords from the given language + escapeinside={\%*}{*)}, % if you want to add LaTeX within your code + extendedchars=true, % lets you use non-ASCII characters; for 8-bits encodings only, does not work with UTF-8 + frame=single % adds a frame around the code + keepspaces=true, % keeps spaces in text, useful for keeping indentation of code (possibly needs columns=flexible) + keywordstyle=\color{white}\bfseries, % keyword style + language=bash, % the language of the code + morekeywords={*,$,git, clone,... }, % if you want to add more keywords to the set + numbers=left, % where to put the line-numbers; possible values are (none, left, right) + numbersep=5pt, % how far the line-numbers are from the code + numberstyle=\tiny\color{black}, % the style that is used for the line-numbers + rulecolor=\color{black}, % if not set, the frame-color may be changed on line-breaks within not-black text (e.g. comments (green here)) + showspaces=false, % show spaces everywhere adding particular underscores; it overrides 'showstringspaces' + showstringspaces=false, % underline spaces within strings only + showtabs=false, % show tabs within strings adding particular underscores + stepnumber=1, % the step between two line-numbers. If it's 1, each line will be numbered + stringstyle=\color{mymauve}, % string literal style + tabsize=2, % sets default tabsize to 2 spaces + title=\lstname % show the filename of files included with \lstinputlisting; also try caption instead of title +} +\lstset{style=code} + + +\AtBeginSection[]{ + \begin{frame} + \vfill + \centering + \begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title} + {\color{white} \usebeamerfont{title}\insertsectionhead}\par% + \end{beamercolorbox} + \vfill + \end{frame} +} + +\author{\small{Team CIRCL}} + +\title{MISP - Galaxy 2.0} +\subtitle{Method for sharing threat intelligence} +\institute{info@circl.lu} +\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} +\date{\today} + +\begin{document} +\include{content} +\end{document} +