diff --git a/cheatsheets/cheatsheet-data-model.tex b/cheatsheets/cheatsheet-data-model.tex index 8875ee7..a2830fe 100644 --- a/cheatsheets/cheatsheet-data-model.tex +++ b/cheatsheets/cheatsheet-data-model.tex @@ -136,4 +136,54 @@ \end{itemize} \end{itemize} } -\end{multicols*} \ No newline at end of file +\end{multicols*} + +\newpage + +% Creates a box with a label taking 1/3 of the available width +% arg1[optional] = icon +% arg2[optional] = purpose +% arg3[optional] = usecase +% arg4[optional] = actions +% arg5[optional] = description +% arg6 = title +% arg7 = content +\begin{multicols*}{3} + % Analyst Note + \cheatbox[\faicon{sticky-note}] + [Share and add an analysis to any MISP data] + [Describe information about specific details, annotate elements] + [\distributable \synchronisable] + [Text element that can be attached to many element] + {\linkdest{note}Analyst Notes} + { + $\blacktriangleright$ Any user can attach \notes to data they don't own. + For example: \events, \attributes, \clusters, $\cdots$\\ + $\blacktriangleright$ The note is actually attached to the target's UUID + } + + % Analyst Opinion + \cheatbox[\faicon{gavel}] + [Share and add an opinion to any MISP data] + [Provide feedback to third-parties, Coordinate and Collaborate] + [\distributable \synchronisable] + [Text element with a numerical opinion that can be attached to many element] + {\linkdest{opinion}Analyst Opinions} + { + $\blacktriangleright$ Basically the same as a \note\\ + $\blacktriangleright$ The numerical value of the \opinion is $\in [0, 100]$. where $50$ is the neutral point. Any values $<50$ are considered negatives, values $>50$ are considered positives. + } + + % Analyst Relationship + \cheatbox[\faicon{arrow-up}] + [Create a relationship between elements] + [Manually create correlation link, add similarities] + [\distributable \synchronisable] + [Link between two entities using a verb] + {\linkdest{opinion}Analyst Relationships} + { + $\blacktriangleright$ Basically the same as a \note but includes the target element\\ + $\blacktriangleright$ Example could be an \event $\rightarrow$ \event relationship where one is \textit{Suspected to be part of the same campaign based on HUMINT sources} + } + +\end{multicols*} diff --git a/cheatsheets/utils.tex b/cheatsheets/utils.tex index 4a88fde..c31687a 100644 --- a/cheatsheets/utils.tex +++ b/cheatsheets/utils.tex @@ -25,6 +25,12 @@ \newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} } \newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} } \newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} } +\newcommand{\notes}{\hyperlink{note}{\texttt{Analyst Notes}} } +\newcommand{\note}{\hyperlink{note}{\texttt{Analyst Note}} } +\newcommand{\opinions}{\hyperlink{opinion}{\texttt{Analyst Opinions}} } +\newcommand{\opinion}{\hyperlink{opinion}{\texttt{Analyst Opinion}} } +\newcommand{\relationships}{\hyperlink{relationship}{\texttt{Analyst Relationships}} } +\newcommand{\relationship}{\hyperlink{relationship}{\texttt{Analyst Relationship}} } \newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}} \newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}}