mirror of https://github.com/MISP/misp-training
Compare commits
2 Commits
3fca4fdc5c
...
a84e06b134
| Author | SHA1 | Date |
|---|---|---|
Sami Mokaddem
|
a84e06b134 | |
|
Sami Mokaddem
|
feaa6a9bd3 |
|
|
@ -136,4 +136,56 @@
|
|||
\end{itemize}
|
||||
\end{itemize}
|
||||
}
|
||||
\end{multicols*}
|
||||
\end{multicols*}
|
||||
|
||||
\newpage
|
||||
|
||||
\begin{multicols*}{3}
|
||||
% Analyst Note
|
||||
\cheatbox[\faicon{sticky-note}]
|
||||
[Share and add an analysis to any MISP data]
|
||||
[Describe information about specific details, annotate elements]
|
||||
[\distributable \synchronisable]
|
||||
[Text element that can be attached to many element]
|
||||
{\linkdest{note}Analyst Notes}
|
||||
{
|
||||
$\blacktriangleright$ Any user can attach \notes to data they don't own.
|
||||
For example: \events, \attributes, \clusters, $\cdots$\\
|
||||
$\blacktriangleright$ The note is actually attached to the target's UUID
|
||||
}
|
||||
|
||||
% Analyst Opinion
|
||||
\cheatbox[\faicon{gavel}]
|
||||
[Share and add an opinion to any MISP data]
|
||||
[Provide feedback to third-parties, Coordinate and Collaborate]
|
||||
[\distributable \synchronisable]
|
||||
[Text element with a numerical opinion that can be attached to many element]
|
||||
{\linkdest{opinion}Analyst Opinions}
|
||||
{
|
||||
$\blacktriangleright$ Basically the same as a \note\\
|
||||
$\blacktriangleright$ The numerical value of the \opinion is $\in [0, 100]$. where $50$ is the neutral point. Any values $<50$ are considered negatives, values $>50$ are considered positives.
|
||||
}
|
||||
|
||||
% Analyst Relationship
|
||||
\cheatbox[\faicon{arrow-up}]
|
||||
[Create a relationship between elements]
|
||||
[Manually create correlation link, add similarities]
|
||||
[\distributable \synchronisable]
|
||||
[Link between two entities using a verb]
|
||||
{\linkdest{opinion}Analyst Relationships}
|
||||
{
|
||||
$\blacktriangleright$ Basically the same as a \note but includes the target element\\
|
||||
$\blacktriangleright$ Example could be an \event $\rightarrow$ \event relationship where one is \textit{Suspected to be part of the same campaign based on HUMINT sources}
|
||||
}
|
||||
|
||||
% Element Collection
|
||||
\cheatbox[\faicon{object-group}]
|
||||
[Allow groupping multiple elements into a single collection]
|
||||
[Grouping \events together if they are part of the same campaing]
|
||||
[\distributable]
|
||||
[Group element into collection]
|
||||
{\linkdest{collection}Element Collection}
|
||||
{
|
||||
}
|
||||
|
||||
\end{multicols*}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,14 @@
|
|||
\newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} }
|
||||
\newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} }
|
||||
\newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} }
|
||||
\newcommand{\notes}{\hyperlink{note}{\texttt{Analyst Notes}} }
|
||||
\newcommand{\note}{\hyperlink{note}{\texttt{Analyst Note}} }
|
||||
\newcommand{\opinions}{\hyperlink{opinion}{\texttt{Analyst Opinions}} }
|
||||
\newcommand{\opinion}{\hyperlink{opinion}{\texttt{Analyst Opinion}} }
|
||||
\newcommand{\relationships}{\hyperlink{relationship}{\texttt{Analyst Relationships}} }
|
||||
\newcommand{\relationship}{\hyperlink{relationship}{\texttt{Analyst Relationship}} }
|
||||
\newcommand{\collections}{\hyperlink{collection}{\texttt{Element Collections}} }
|
||||
\newcommand{\collection}{\hyperlink{collection}{\texttt{Element Collection}} }
|
||||
|
||||
\newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}}
|
||||
\newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}}
|
||||
|
|
|
|||
Loading…
Reference in New Issue