MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-training/training-support/checklist/usage.tex

167 lines
12 KiB
TeX
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

\documentclass[nofootinbib, a4paper]{revtex4}
%\documentclass{memoir}
\renewcommand{\familydefault}{\sfdefault}
\usepackage[x11names,svgnames,dvipsnames]{xcolor}
\usepackage{progressbar}
\usepackage{lastpage}
\usepackage{pageslts}
\usepackage{booktabs}
\usepackage{scalerel,amssymb}
\usepackage[perpage]{footmisc}
\usepackage[most]{tcolorbox}
\usepackage[unicode=true,
bookmarks=true,bookmarksnumbered=false,bookmarksopen=false,
breaklinks=false,pdfborder={0.1 0.1 0.1},backref=false,colorlinks=false,linktoc=all]
{hyperref}
\hypersetup{pdftitle={Status report 2017},
pdfauthor={CIRCL}}
\renewcommand{\arraystretch}{1.2}
\makeatletter
%\renewcommand{\bf}{\textbf}
%\renewcommand{\it}{\textit}
\usepackage{fancyhdr}
\newcommand{\ourOrganizationName}{CIRCL - Computer Incident Response Center Luxembourg - TLP:GREEN}
\newcommand{\ourOrganizationNameTitle}{CIRCL - Computer Incident Response Center Luxembourg}
\newcommand{\ourAuthors}{Team CIRCL}
\newcommand{\ourOrganizationAddress}{(+352) 247 88444 - info@circl.lu www.circl.lu}
\begin{document}
\section*{List of features to explain: User}
\begin{center}
\begin{tabular}{@{}lll@{}}
\hline
Check & Description&Length\\
\hline
$\Box$ & {\bf Add events} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via Standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Distribution levels and publication & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Different type of timestamps & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Add attributes} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - via Freetext & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via Standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via Template & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via ReST API (including freetext API?) & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via EventGraph & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Object} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add Object & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add References & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - show via EventGraph & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add additional elements via the EventGraph & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf *-lists} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Warninglists: show warnings raised in steps above & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Noticelists: show warnings when adding data & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Import Regexp: avoid leaking private/personal data & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Correlations} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - show correlations that were added & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - pivot to events via correlations & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - show correlations graph & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - feeds \& servers correlation & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Tags and Galaxies} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add Tag from Taxonomy & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add GalaxyCluster & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - add ATT\&CK pattern & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Creating and using Tag Collection & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Sighting} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via UI + custom via UI (new source or expiration sighting) & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - via API & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Delegation} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Proposal} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Delete (including soft versus hard delete) } & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Event blacklist when deleting & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Extending event} (how and when to use it) & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Exporting data} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - download from & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - download from via modules & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - .json routing & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - RestSearch & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Searching for data} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Attribute search & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Event index filter search & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & {\bf Advanced features} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Event graph, Event timeline, Event report & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Decaying of IoC & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
$\Box$ & - Galaxy 2.0 & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.1}\\
\hline
\end{tabular}
\end{center}
\newpage
\section*{List of features to explain: Administrator (Community)}
\begin{center}
\begin{tabular}{@{}lll@{}}
\hline
Check & Description&Length\\
\hline
$\Box$ & {\bf User} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - administration and contact via standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Pasword/Auth key reset & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Disabling (never remove) & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Roles & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Organisations} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - local and remote & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - administration: Creation and merge & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Org admins and sync users & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Sharing group} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - administration via standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Roles and permissions} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Constraints \& special sync-user & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Black listing} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Events & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Organisations & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Synchronisation} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - MISP to MISP & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - MISP to tool & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Pub-Sub & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Collaboration settings} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - `proposal\_block\_attributes`, `sanitise\_attribute\_on\_delete`, `Sightings\_anonymise` & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Templates} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - administration via standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Pulling and Updating & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
\hline
\end{tabular}
\end{center}
\newpage
\section*{List of features to explain: Administrator (Instance)}
\begin{center}
\begin{tabular}{@{}lll@{}}
\hline
Check & Description&Length\\
\hline
$\Box$ & {\bf Advanced Auth keys} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Migration from old system & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Usage & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Server settings} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Maintenance} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Updating \& release process & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Submodules and populate DB & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Diagnostic & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Jobs and Workers} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - administration via standard UI & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Scheduled Tasks and CRON jobs & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf User settings \& User management} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - User settings & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - User monitoring, self-management, auto-registration & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Logging \& auditing} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Logs (and constraints: event history) & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Paranoid, IP \& Auth log, Sync audit & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & {\bf Troubleshooting} & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Clean cache \& DB Schema diagnostic & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Stuck workers & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Update in progress & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
$\Box$ & - Apache logs \& workers logs & \progressbar[filledcolor=ForestGreen, emptycolor=white]{0.3}\\
\hline
\end{tabular}
\end{center}
\end{document}
Reference in New Issue View Git Blame Copy Permalink