# MISP Training Materials This repository includes all the training materials in use such as - Core MISP (software and standard) trainings - Threat intelligence and OSINT training - Building information sharing communities workshop All the materials are available with the complete LaTeX source code meant to assist in contributing or extending the training materials. A special attention is given to the open source licensing given to the materials. We welcome contributions in order to improve the training set for threat intelligence, intelligence gathering and analysis along with specific aspects of information sharing/exchange in information and national security. ## Materials | Slides (PDF) | Source Code | | ------------ | ----------- | | [0-misp-introduction-to-information-sharing](https://www.misp-project.org/misp-training/0-misp-introduction-to-information-sharing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/0-misp-introduction-to-information-sharing) | | [MISP Data model overview (quick)](https://raw.githubusercontent.com/MISP/misp-training/477bdc9c71f77abd572f11c98f3ac8ecabe54310/complementary/other-slides/a.11.a-misp-data-model-overview.pdf) | | | [MISP Ten Commandments](https://github.com/MISP/misp-training/blob/main/complementary/other-slides/MISP%2010%20Commandments%20-%20Recommendations%20and%20Best%20Practices%20when%20encoding%20data.pdf)|| | [1-misp-usage](https://www.misp-project.org/misp-training/1-misp-usage.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1-misp-usage) | | [1.2-misp-integration](https://www.misp-project.org/misp-training/1.2-misp-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2-misp-integration) | | [1.1-misp-viper-integration](https://www.misp-project.org/misp-training/1.1-misp-viper-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.1-misp-viper-integration) | | [1.2.1-misp-integration-mail2misp](https://www.misp-project.org/misp-training/1.2.1-misp-integration-mail2misp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2.1-misp-integration-mail2misp) | | [2-misp-administration](https://www.misp-project.org/misp-training/2-misp-administration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/2-misp-administration) | | [3-misp-taxonomy-tagging](https://www.misp-project.org/misp-training/3-misp-taxonomy-tagging.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3-misp-taxonomy-tagging) | | [3.1-misp-modules](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.1-misp-modules) | | [3.2-misp-galaxy](https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.2-misp-galaxy) | | [3.3-misp-object-template](https://www.misp-project.org/misp-training/3.3-misp-object-template.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.3-misp-object-template) | | [6.0-misp-dashboard](https://www.misp-project.org/misp-training/6.0-misp-dashboard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/6.0-misp-dashboard) | | [a.0-contributing](https://www.misp-project.org/misp-training/a.0-contributing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.0-contributing) | | [a.1-devintro](https://www.misp-project.org/misp-training/a.1-devintro.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.1-devintro) | | [a.2-pymisp](https://www.misp-project.org/misp-training/a.2-pymisp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.2-pymisp) | | [a.3-misp-feed](https://www.misp-project.org/misp-training/a.3-misp-feed.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.3-misp-feed) | | [a.4-best-practices](https://www.misp-project.org/misp-training/a.4-best-practices.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.4-best-practices) | | [a.5-decaying-indicators](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-decaying-indicators) | | [a.5-bis-decaying-indicators-light-version](https://www.misp-project.org/misp-training/a.5-bis-decaying-indicators-light-version.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-bis-decaying-indicators-light-version) | | [a.6-forensic](https://www.misp-project.org/misp-training/a.6-forensic.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.6-forensic) | | [a.7-rest-API](https://www.misp-project.org/misp-training/a.7-rest-API.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.7-rest-API) | | [b.1-best-practices-in-threat-intelligence](https://www.misp-project.org/misp-training/b.1-best-practices-in-threat-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.1-best-practices-in-threat-intelligence) | | [b.5-turning-data-into-actionable-intelligence-training](https://www.misp-project.org/misp-training/b.5-turning-data-into-actionable-intelligence-training.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.5-turning-data-into-actionable-intelligence-training) | | [a.8-dev-hands-on](https://www.misp-project.org/misp-training/a.8-dev-hands-on.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.8-dev-hands-on) | | [a.9-restsearch-dev](https://www.misp-project.org/misp-training/a.9-restsearch-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.9-restsearch-dev) | | [a.10-galaxy-2.0](https://www.misp-project.org/misp-training/a.10-galaxy-2.0.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.10-galaxy-2.0) | | [a.11-misp-data-model](https://www.misp-project.org/misp-training/a.11-misp-data-model.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.11-misp-data-model) | | [a.12-misp-workflows](https://www.misp-project.org/misp-training/a.12-misp-workflows.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.12-misp-workflows) | | [a.13-misp-stix](https://www.misp-project.org/misp-training/a.13-misp-stix.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.13-misp-stix) | | [a.a-widget-dev](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.a-widget-dev) | | [b.2-turning-data-into-actionable-intelligence](https://www.misp-project.org/misp-training/b.2-turning-data-into-actionable-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.2-turning-data-into-actionable-intelligence) | | [4-misp-standard](https://www.misp-project.org/misp-training/4-misp-standard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/4-misp-standard) | | [x.13-exercise-movie](https://www.misp-project.org/misp-training/x.13-exercise-movie.pdf) | [source](https://github.com/MISP/misp-training/tree/main/x.13-exercise-movie) | | [a.b-cli](https://www.misp-project.org/misp-training/a.b-cli.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.b-cli) | | [a.c-deployment](https://www.misp-project.org/misp-training/a.c-deployment.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.c-deployment) | ### Complementary materials | Slides (PDF) | Source Code | | ------------ | ----------- | | [complete slide desk in one PDF](https://www.misp-project.org/misp-training/misp-training.pdf) | [source](https://github.com/MISP/misp-training/) | | [MISP training cheat-sheet](https://www.misp-project.org/misp-training/cheatsheet.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/compact-cheatsheet) | | [MISP feature list (for the trainers)](https://www.misp-project.org/misp-training/usage.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/checklist) | ### Additional documentation - [MISP Book](https://github.com/MISP/misp-book/) - [PDF](https://www.circl.lu/doc/misp/book.pdf) [ePub](https://www.circl.lu/doc/misp/book.epub) [Kindle mobi](https://www.circl.lu/doc/misp/book.mobi) [HTML](https://www.circl.lu/doc/misp/) - [Best Practices in Threat Intelligence](https://github.com/MISP/best-practices-in-threat-intelligence) [PDF](https://www.misp-project.org/best-practices-in-threat-intelligence.pdf) [HTML](https://www.misp-project.org/best-practices-in-threat-intelligence.html) - [MISP Galaxy (HTML)](https://www.misp-project.org/galaxy.html) - [PDF](https://www.misp-project.org/galaxy.pdf) - [MISP Taxonomies (HTML)](https://www.misp-project.org/taxonomies.html) - [PDF](https://www.misp-project.org/taxonomies.pdf) - [MISP Objects template (HTML)](https://www.misp-project.org/objects.html) - [PDF](https://www.misp-project.org/objects.pdf) - [Guidelines to setting up an information sharing community such as an ISAC or ISAO](https://github.com/MISP/misp-compliance/blob/master/setting-up-ISACs/guidelines_to_set-up_an_ISAC.md) - [PDF](https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf) - [Official MISP Install Guides](https://misp.github.io/MISP/) ### MISP Training videos Sample videos which can be used to understand how the training materials are used in companion with a live MISP demo instance. - [MISP Workflow](https://www.youtube.com/watch?v=OyLE2g4zii0) - 16th December 2022 - [MISP Best Practices for encoding threat intelligence (3 hours - online)](https://www.youtube.com/watch?v=JIeiwzY7Fvs) - 15th December 2022 - [MISP Training Administration and Deployment of MISP software](https://youtu.be/sIHTRIwF-Mk) - 14th September 2022 - [MISP Training Threat Intelligence Introduction for Analysts and Security Professional](https://youtu.be/sb36MMRTtLM) - 13th September 2022 - [Fundamentals MISP given FIRSTdotOrg 2021 Virtual Symposium African and Arab regions](https://www.youtube.com/watch?v=00jq7Gbqdz8) - 18th December 2021 - [MISP General Usage Training - Part 1 of 2](https://www.youtube.com/watch?v=-NuODyh1YJE) - [MISP General Usage Training - Part 2 of 2](https://www.youtube.com/watch?v=LlKnh5b0bgw) - [MISP Training Usage - Training given the 2nd March 2021 - 2h50 min](https://cra.circl.lu/videos/MISP-Usage-Training-20210302.mp4) - [MISP Training Administration and Building Communities- Training given the 3rd March 2021 - 2h56min](https://cra.circl.lu/videos/MISP-Administration-and-Building-Communities-20210303.mp4) - [MISP Training Module 1 - An Introduction to Cybersecurity Information Sharing](https://www.youtube.com/watch?v=aM7czPsQyaI) - [MISP Training Module 2 - General usage of MISP](https://www.youtube.com/watch?v=Jqp8CVHtNVk) - [MISP covid-19 sharing community - introduction](https://peertube.opencloud.lu/videos/watch/4f7acd4c-a909-4315-87aa-38ba95cceaf2) #### Passive DNS and MISP - Training videos - [Farsight Passive DNS and MISP - Part I](https://vimeo.com/561877178/ac09629591) - [Farsight Passive DNS and MISP - Part II](https://vimeo.com/561903295/8af1d6692b) - [Farsight Passive DNS and MISP - Part III](https://vimeo.com/561908216/764a2e19e4) ### MISP Training support videos Those are videos to support MISP trainings or demonstrations at large: - [MISP Event graph demo](https://www.youtube.com/watch?v=NYvKLwoBYwc&t=8s) - [MISP Tutorial - Enablings Feeds](https://www.youtube.com/watch?v=k3l-CtOgQro) ### MISP Training VMs Pre-built MISP training VMs are available at [https://vm.misp-project.org/](https://vm.misp-project.org/). ## Source Code The full source code of the training slide decks are available. You'll need to have an operating system with a recent installation of LaTeX including latex-beamer to work with them. To build the complete set of training materials: ~~~~bash bash build.sh ~~~~ The output directory will contain all the generated PDF files and the PDF file called `misp-training.pdf` which is the complete handout of all the slides. **Note**: In case the rendering is somewhat broken, it might be related to latex using the styles installed systemwide in `/usr/share/texlive/texmf-dist/tex/latex/beamertheme-focus`. Removing this directory will solve the problem. ## Dependencies [FiraMath Font](https://github.com/firamath/firamath/releases) XeLaTex, can be parametered in .tex header (works in TeXshop): ``` % !TEX TS-program = xelatex % !TEX encoding = UTF-8 Unicode ``` ## License, Attribution and Funding All the materials are dual-licensed under GNU Affero General Public License version 3 or later and the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending of your use case of the training materials. The MISP project training materials are co-financed and supported by CIRCL Computer Incident Response Center Luxembourg[](https://www.circl.lu/) and co-financed by a CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security as *Improving MISP as building blocks for next-generation information sharing*. ![](https://www.misp-project.org/assets/images/en_cef.png) ![](https://www.circl.lu/assets/images/logo.png) All the source code is available at [https://www.github.com/MISP/misp-training](https://www.github.com/MISP/misp-training). If you reuse the training materials, don't forget to include the above for attribution. ## Contributors in alphabetical order - Steve Clement [:house:](https://github.com/SteveClement) - Alexandre Dulaunoy [:house:](https://github.com/adulau) - Andras Iklody [:house:](https://github.com/iglocska) - Sami Mokaddem [:house:](https://github.com/mokaddem) - Sascha Rommelfangen [:house:](https://github.com/rommelfs) - Christian Studer [:house:](https://github.com/chrisr3d) - Raphaƫl Vinot [:house:](https://github.com/rafiot) - Gerard Wagener [:house:](https://github.com/haegardev)