mirror of https://github.com/MISP/misp-training
158 lines
14 KiB
Markdown
158 lines
14 KiB
Markdown
# MISP Training Materials
|
|
|
|
This repository includes all the training materials in use such as
|
|
|
|
- Core MISP (software and standard) trainings
|
|
- Threat intelligence and OSINT training
|
|
- Building information sharing communities workshop
|
|
|
|
All the materials are available with the complete LaTeX source code meant to assist in contributing or extending the training materials. A special attention is given to the open source licensing
|
|
given to the materials. We welcome contributions in order to improve the training set for threat intelligence, intelligence gathering and analysis along with specific aspects of information sharing/exchange in information and national security.
|
|
|
|
## Materials
|
|
|
|
|
|
| Slides (PDF) | Source Code |
|
|
| ------------ | ----------- |
|
|
| [0-misp-introduction-to-information-sharing](https://www.misp-project.org/misp-training/0-misp-introduction-to-information-sharing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/0-misp-introduction-to-information-sharing) |
|
|
| [MISP Data model overview (quick)](https://raw.githubusercontent.com/MISP/misp-training/477bdc9c71f77abd572f11c98f3ac8ecabe54310/complementary/other-slides/a.11.a-misp-data-model-overview.pdf) | |
|
|
| [MISP Ten Commandments](https://github.com/MISP/misp-training/blob/main/complementary/other-slides/MISP%2010%20Commandments%20-%20Recommendations%20and%20Best%20Practices%20when%20encoding%20data.pdf)||
|
|
| [1-misp-usage](https://www.misp-project.org/misp-training/1-misp-usage.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1-misp-usage) |
|
|
| [1.2-misp-integration](https://www.misp-project.org/misp-training/1.2-misp-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2-misp-integration) |
|
|
| [1.1-misp-viper-integration](https://www.misp-project.org/misp-training/1.1-misp-viper-integration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.1-misp-viper-integration) |
|
|
| [1.2.1-misp-integration-mail2misp](https://www.misp-project.org/misp-training/1.2.1-misp-integration-mail2misp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/1.2.1-misp-integration-mail2misp) |
|
|
| [2-misp-administration](https://www.misp-project.org/misp-training/2-misp-administration.pdf) | [source](https://github.com/MISP/misp-training/tree/main/2-misp-administration) |
|
|
| [3-misp-taxonomy-tagging](https://www.misp-project.org/misp-training/3-misp-taxonomy-tagging.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3-misp-taxonomy-tagging) |
|
|
| [3.1-misp-modules](https://www.misp-project.org/misp-training/3.1-misp-modules.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.1-misp-modules) |
|
|
| [3.2-misp-galaxy](https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.2-misp-galaxy) |
|
|
| [3.3-misp-object-template](https://www.misp-project.org/misp-training/3.3-misp-object-template.pdf) | [source](https://github.com/MISP/misp-training/tree/main/3.3-misp-object-template) |
|
|
| [6.0-misp-dashboard](https://www.misp-project.org/misp-training/6.0-misp-dashboard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/6.0-misp-dashboard) |
|
|
| [a.0-contributing](https://www.misp-project.org/misp-training/a.0-contributing.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.0-contributing) |
|
|
| [a.1-devintro](https://www.misp-project.org/misp-training/a.1-devintro.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.1-devintro) |
|
|
| [a.2-pymisp](https://www.misp-project.org/misp-training/a.2-pymisp.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.2-pymisp) |
|
|
| [a.3-misp-feed](https://www.misp-project.org/misp-training/a.3-misp-feed.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.3-misp-feed) |
|
|
| [a.4-best-practices](https://www.misp-project.org/misp-training/a.4-best-practices.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.4-best-practices) |
|
|
| [a.5-decaying-indicators](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-decaying-indicators) |
|
|
| [a.5-bis-decaying-indicators-light-version](https://www.misp-project.org/misp-training/a.5-bis-decaying-indicators-light-version.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.5-bis-decaying-indicators-light-version) |
|
|
| [a.6-forensic](https://www.misp-project.org/misp-training/a.6-forensic.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.6-forensic) |
|
|
| [a.7-rest-API](https://www.misp-project.org/misp-training/a.7-rest-API.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.7-rest-API) |
|
|
| [b.1-best-practices-in-threat-intelligence](https://www.misp-project.org/misp-training/b.1-best-practices-in-threat-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.1-best-practices-in-threat-intelligence) |
|
|
| [b.5-turning-data-into-actionable-intelligence-training](https://www.misp-project.org/misp-training/b.5-turning-data-into-actionable-intelligence-training.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.5-turning-data-into-actionable-intelligence-training) |
|
|
| [a.8-dev-hands-on](https://www.misp-project.org/misp-training/a.8-dev-hands-on.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.8-dev-hands-on) |
|
|
| [a.9-restsearch-dev](https://www.misp-project.org/misp-training/a.9-restsearch-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.9-restsearch-dev) |
|
|
| [a.10-galaxy-2.0](https://www.misp-project.org/misp-training/a.10-galaxy-2.0.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.10-galaxy-2.0) |
|
|
| [a.11-misp-data-model](https://www.misp-project.org/misp-training/a.11-misp-data-model.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.11-misp-data-model) |
|
|
| [a.12-misp-workflows](https://www.misp-project.org/misp-training/a.12-misp-workflows.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.12-misp-workflows) |
|
|
| [a.13-misp-stix](https://www.misp-project.org/misp-training/a.13-misp-stix.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.13-misp-stix) |
|
|
| [a.a-widget-dev](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.a-widget-dev) |
|
|
| [b.2-turning-data-into-actionable-intelligence](https://www.misp-project.org/misp-training/b.2-turning-data-into-actionable-intelligence.pdf) | [source](https://github.com/MISP/misp-training/tree/main/b.2-turning-data-into-actionable-intelligence) |
|
|
| [4-misp-standard](https://www.misp-project.org/misp-training/4-misp-standard.pdf) | [source](https://github.com/MISP/misp-training/tree/main/4-misp-standard) |
|
|
| [x.13-exercise-movie](https://www.misp-project.org/misp-training/x.13-exercise-movie.pdf) | [source](https://github.com/MISP/misp-training/tree/main/x.13-exercise-movie) |
|
|
| [a.b-cli](https://www.misp-project.org/misp-training/a.b-cli.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.b-cli) |
|
|
| [a.c-deployment](https://www.misp-project.org/misp-training/a.c-deployment.pdf) | [source](https://github.com/MISP/misp-training/tree/main/a.c-deployment) |
|
|
|
|
### Complementary materials
|
|
|
|
| Slides (PDF) | Source Code |
|
|
| ------------ | ----------- |
|
|
| [complete slide desk in one PDF](https://www.misp-project.org/misp-training/misp-training.pdf) | [source](https://github.com/MISP/misp-training/) |
|
|
| [MISP training cheat-sheet](https://www.misp-project.org/misp-training/cheatsheet.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/compact-cheatsheet) |
|
|
| [MISP feature list (for the trainers)](https://www.misp-project.org/misp-training/usage.pdf) | [source](https://github.com/MISP/misp-training/tree/master/training-support/checklist) |
|
|
|
|
### Additional documentation
|
|
|
|
- [MISP Book](https://github.com/MISP/misp-book/) - [PDF](https://www.circl.lu/doc/misp/book.pdf) [ePub](https://www.circl.lu/doc/misp/book.epub) [Kindle mobi](https://www.circl.lu/doc/misp/book.mobi) [HTML](https://www.circl.lu/doc/misp/)
|
|
- [Best Practices in Threat Intelligence](https://github.com/MISP/best-practices-in-threat-intelligence) [PDF](https://www.misp-project.org/best-practices-in-threat-intelligence.pdf) [HTML](https://www.misp-project.org/best-practices-in-threat-intelligence.html)
|
|
- [MISP Galaxy (HTML)](https://www.misp-project.org/galaxy.html) - [PDF](https://www.misp-project.org/galaxy.pdf)
|
|
- [MISP Taxonomies (HTML)](https://www.misp-project.org/taxonomies.html) - [PDF](https://www.misp-project.org/taxonomies.pdf)
|
|
- [MISP Objects template (HTML)](https://www.misp-project.org/objects.html) - [PDF](https://www.misp-project.org/objects.pdf)
|
|
- [Guidelines to setting up an information sharing community such as an ISAC or ISAO](https://github.com/MISP/misp-compliance/blob/master/setting-up-ISACs/guidelines_to_set-up_an_ISAC.md) - [PDF](https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf)
|
|
- [Official MISP Install Guides](https://misp.github.io/MISP/)
|
|
|
|
### MISP Training videos
|
|
|
|
Sample videos which can be used to understand how the training materials are used in companion with a live MISP demo instance.
|
|
|
|
- [MISP Workflow](https://www.youtube.com/watch?v=OyLE2g4zii0) - 16th December 2022
|
|
- [MISP Best Practices for encoding threat intelligence (3 hours - online)](https://www.youtube.com/watch?v=JIeiwzY7Fvs) - 15th December 2022
|
|
- [MISP Training Administration and Deployment of MISP software](https://youtu.be/sIHTRIwF-Mk) - 14th September 2022
|
|
- [MISP Training Threat Intelligence Introduction for Analysts and Security Professional](https://youtu.be/sb36MMRTtLM) - 13th September 2022
|
|
- [Fundamentals MISP given FIRSTdotOrg 2021 Virtual Symposium African and Arab regions](https://www.youtube.com/watch?v=00jq7Gbqdz8) - 18th December 2021
|
|
- [MISP General Usage Training - Part 1 of 2](https://www.youtube.com/watch?v=-NuODyh1YJE)
|
|
- [MISP General Usage Training - Part 2 of 2](https://www.youtube.com/watch?v=LlKnh5b0bgw)
|
|
- [MISP Training Usage - Training given the 2nd March 2021 - 2h50 min](https://cra.circl.lu/videos/MISP-Usage-Training-20210302.mp4)
|
|
- [MISP Training Administration and Building Communities- Training given the 3rd March 2021 - 2h56min](https://cra.circl.lu/videos/MISP-Administration-and-Building-Communities-20210303.mp4)
|
|
- [MISP Training Module 1 - An Introduction to Cybersecurity Information Sharing](https://www.youtube.com/watch?v=aM7czPsQyaI)
|
|
- [MISP Training Module 2 - General usage of MISP](https://www.youtube.com/watch?v=Jqp8CVHtNVk)
|
|
- [MISP covid-19 sharing community - introduction](https://peertube.opencloud.lu/videos/watch/4f7acd4c-a909-4315-87aa-38ba95cceaf2)
|
|
|
|
#### Passive DNS and MISP - Training videos
|
|
|
|
- [Farsight Passive DNS and MISP - Part I](https://vimeo.com/561877178/ac09629591)
|
|
- [Farsight Passive DNS and MISP - Part II](https://vimeo.com/561903295/8af1d6692b)
|
|
- [Farsight Passive DNS and MISP - Part III](https://vimeo.com/561908216/764a2e19e4)
|
|
|
|
### MISP Training support videos
|
|
|
|
Those are videos to support MISP trainings or demonstrations at large:
|
|
|
|
- [MISP Event graph demo](https://www.youtube.com/watch?v=NYvKLwoBYwc&t=8s)
|
|
- [MISP Tutorial - Enablings Feeds](https://www.youtube.com/watch?v=k3l-CtOgQro)
|
|
|
|
|
|
### MISP Training VMs
|
|
|
|
Pre-built MISP training VMs are available at [https://vm.misp-project.org/](https://vm.misp-project.org/).
|
|
|
|
## Source Code
|
|
|
|
The full source code of the training slide decks are available. You'll need to have an operating system with a recent installation of LaTeX including latex-beamer to work with them.
|
|
|
|
To build the complete set of training materials:
|
|
|
|
~~~~bash
|
|
bash build.sh
|
|
~~~~
|
|
|
|
The output directory will contain all the generated PDF files and the PDF file called `misp-training.pdf` which is the complete handout of all the slides.
|
|
|
|
**Note**: In case the rendering is somewhat broken, it might be related to latex using the styles installed systemwide in `/usr/share/texlive/texmf-dist/tex/latex/beamertheme-focus`. Removing this directory will solve the problem.
|
|
|
|
## Dependencies
|
|
|
|
[FiraMath Font](https://github.com/firamath/firamath/releases)
|
|
|
|
XeLaTex, can be parametered in .tex header (works in TeXshop):
|
|
|
|
```
|
|
% !TEX TS-program = xelatex
|
|
% !TEX encoding = UTF-8 Unicode
|
|
```
|
|
|
|
## License, Attribution and Funding
|
|
|
|
All the materials are dual-licensed under GNU Affero General Public License version 3 or later and
|
|
the Creative Commons Attribution-ShareAlike 4.0 International. You can use either one of the licenses depending
|
|
of your use case of the training materials.
|
|
|
|
The MISP project training materials are co-financed and supported by CIRCL Computer Incident Response Center Luxembourg[](https://www.circl.lu/) and co-financed by a CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security as *Improving MISP as building blocks for next-generation information sharing*.
|
|
|
|
![](https://www.misp-project.org/assets/images/en_cef.png)
|
|
![](https://www.circl.lu/assets/images/logo.png)
|
|
|
|
All the source code is available at [https://www.github.com/MISP/misp-training](https://www.github.com/MISP/misp-training).
|
|
|
|
If you reuse the training materials, don't forget to include the above for attribution.
|
|
|
|
## Contributors in alphabetical order
|
|
|
|
- Steve Clement [:house:](https://github.com/SteveClement)
|
|
- Alexandre Dulaunoy [:house:](https://github.com/adulau)
|
|
- Andras Iklody [:house:](https://github.com/iglocska)
|
|
- Sami Mokaddem [:house:](https://github.com/mokaddem)
|
|
- Sascha Rommelfangen [:house:](https://github.com/rommelfs)
|
|
- Christian Studer [:house:](https://github.com/chrisr3d)
|
|
- Raphaël Vinot [:house:](https://github.com/rafiot)
|
|
- Gerard Wagener [:house:](https://github.com/haegardev)
|
|
|