MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [cheatsheet] Added data-model entries for analyst-*

pull/25/head
Sami Mokaddem 2024-04-12 09:28:53 +02:00
parent 3fca4fdc5c
commit feaa6a9bd3
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
cheatsheets/cheatsheet-data-model.tex
View File

@ -137,3 +137,53 @@
\end{itemize} \end{itemize}
} }
\end{multicols*} \end{multicols*}
\newpage
% Creates a box with a label taking 1/3 of the available width
% arg1[optional] = icon
% arg2[optional] = purpose
% arg3[optional] = usecase
% arg4[optional] = actions
% arg5[optional] = description
% arg6 = title
% arg7 = content
\begin{multicols*}{3}
% Analyst Note
\cheatbox[\faicon{sticky-note}]
[Share and add an analysis to any MISP data]
[Describe information about specific details, annotate elements]
[\distributable \synchronisable]
[Text element that can be attached to many element]
{\linkdest{note}Analyst Notes}
{
$\blacktriangleright$ Any user can attach \notes to data they don't own.
For example: \events, \attributes, \clusters, $\cdots$\\
$\blacktriangleright$ The note is actually attached to the target's UUID
}
% Analyst Opinion
\cheatbox[\faicon{gavel}]
[Share and add an opinion to any MISP data]
[Provide feedback to third-parties, Coordinate and Collaborate]
[\distributable \synchronisable]
[Text element with a numerical opinion that can be attached to many element]
{\linkdest{opinion}Analyst Opinions}
{
$\blacktriangleright$ Basically the same as a \note\\
$\blacktriangleright$ The numerical value of the \opinion is $\in [0, 100]$. where $50$ is the neutral point. Any values $<50$ are considered negatives, values $>50$ are considered positives.
}
% Analyst Relationship
\cheatbox[\faicon{arrow-up}]
[Create a relationship between elements]
[Manually create correlation link, add similarities]
[\distributable \synchronisable]
[Link between two entities using a verb]
{\linkdest{opinion}Analyst Relationships}
{
$\blacktriangleright$ Basically the same as a \note but includes the target element\\
$\blacktriangleright$ Example could be an \event $\rightarrow$ \event relationship where one is \textit{Suspected to be part of the same campaign based on HUMINT sources}
}
\end{multicols*}

6
cheatsheets/utils.tex
View File

@ -25,6 +25,12 @@
\newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} } \newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} }
\newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} } \newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} }
\newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} } \newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} }
\newcommand{\notes}{\hyperlink{note}{\texttt{Analyst Notes}} }
\newcommand{\note}{\hyperlink{note}{\texttt{Analyst Note}} }
\newcommand{\opinions}{\hyperlink{opinion}{\texttt{Analyst Opinions}} }
\newcommand{\opinion}{\hyperlink{opinion}{\texttt{Analyst Opinion}} }
\newcommand{\relationships}{\hyperlink{relationship}{\texttt{Analyst Relationships}} }
\newcommand{\relationship}{\hyperlink{relationship}{\texttt{Analyst Relationship}} }
\newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}} \newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}}
\newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}} \newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}}