misp-training/training-support/compact-cheatsheet/cheatsheet.tex

125 lines
6.0 KiB
TeX

\documentclass[10pt,landscape]{article}
\usepackage{multicol}
\usepackage{calc}
\usepackage{ifthen}
\usepackage[landscape]{geometry}
\usepackage[colorlinks = true,
linkcolor = blue,
urlcolor = blue,
citecolor = blue,
anchorcolor = blue]{hyperref}
\usepackage{graphicx}
\usepackage[T1]{fontenc}
\usepackage[bitstream-charter]{mathdesign}
% Based on the LaTeX cheatsheet
% This sets page margins to .5 inch if using letter paper, and to 1cm
% if using A4 paper. (This probably isn't strictly necessary.)
% If using another size paper, use default 1cm margins.
\ifthenelse{\lengthtest { \paperwidth = 11in}}
{ \geometry{top=.5in,left=.5in,right=.5in,bottom=.5in} }
{\ifthenelse{ \lengthtest{ \paperwidth = 297mm}}
{\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} }
{\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} }
}
% Turn off header and footer
\pagestyle{empty}
% Redefine section commands to use less space
\makeatletter
\renewcommand{\section}{\@startsection{section}{1}{0mm}%
{-1ex plus -.5ex minus -.2ex}%
{0.5ex plus .2ex}%x
{\normalfont\large\bfseries}}
\renewcommand{\subsection}{\@startsection{subsection}{2}{0mm}%
{-1explus -.5ex minus -.2ex}%
{0.5ex plus .2ex}%
{\normalfont\normalsize\bfseries}}
\renewcommand{\subsubsection}{\@startsection{subsubsection}{3}{0mm}%
{-1ex plus -.5ex minus -.2ex}%
{1ex plus .2ex}%
{\normalfont\small\bfseries}}
\makeatother
% Define BibTeX command
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
% Don't print section numbers
\setcounter{secnumdepth}{0}
\setlength{\parindent}{0pt}
\setlength{\parskip}{0pt plus 0.5ex}
\begin{document}
\raggedright
\footnotesize
\begin{multicols}{3}
% multicol parameters
% These lengths are set only within the two main columns
%\setlength{\columnseprule}{0.25pt}
\setlength{\premulticols}{1pt}
\setlength{\postmulticols}{1pt}
\setlength{\multicolsep}{1pt}
\setlength{\columnsep}{2pt}
\begin{center}
\includegraphics{misp.pdf}\\
\Large{\textbf{MISP Training Cheat Sheet}} \\
\end{center}
\section{Virtual Machine (MISP Training VM)}
The MISP Training VM is available at the following location : \url{https://vm.misp-project.org/}.\\
The VM can be imported into VirtualBox or VMWare as an appliance (OVA).\\
{\it The MISP training VM includes multiple applications and packages which are configured by default without
production-ready secure settings. We strongly recommend to not use this VM for production and/or for storing sensitive information.}\\
\section{Default URL and (username/password)}
\begin{itemize}
\item MISP web interface - \url{http://127.0.0.1} (NAT: \url{http://127.0.0.1:8080}) ({\bf admin@admin.test/admin})
\item MISP-modules - \url{http://127.0.0.1:6666}
\item MISP-dashboard - \url{http://127.0.0.1:8001}
\item Viper-web - http://127.0.0.1:8888 (admin/Password1234)
\item jupyter-notebook - http://127.0.0.1:8889
\item system credentials via ssh/terminal - (misp/Password1234)
\end{itemize}
\section{How to get the API key of my user?}
Go to the MISP web interface, and go to your profile ({\tt users/view/me}) and in the Auth Keys part you can add one or more API key to access MISP. When creating an API key, it will be visible at creation. Take note of the API key.
\section{How to reset a password in MISP?}
If you did any specific mistake while setting up your password at the first login. You can reset the password by logging in
on the system (via SSH or terminal) and typing the following command:
{\tt /var/www/MISP/app/Console/cake Password admin@admin.test YourTemporaryPasssword}
\section{How to reset the bruteforce login protection?}
While trying to log into MISP multiple times unsuccessfuly, the bruteforce protection might be triggered. You can reset the bruteforce
login protection's state by logging into the system (via SSH or terminal) and typing the following command:
{\tt /var/www/MISP/app/Console/cake Admin clearBruteforce}
\section{How to upgrade MISP to the latest version?}
Log in via SSH or terminal and type the following commands (your VM must have an Internet access):
\begin{enumerate}
\item {\tt cd /var/www/MISP}
\item {\tt git pull origin 2.4}
\item {\tt git submodule update ----init ----recursive}
\end{enumerate}
\section{Getting OSINT information into your MISP}
By default, a fresh installation of MISP is empty as we prefer to leave it up to the users to store, gather, and share the information they need. If you would like to populate your MISP with some real-life data, simply enable the CIRCL OSINT feed, which contains cybersecurity threat-related information. In order to enable the OSINT feed, go to $\rightarrow$ {\tt Sync Actions} then $\rightarrow$ {\tt List Feeds}. Then select the checkbox next to the first feed (called {\tt CIRCL OSINT Feed}) and click on top {\tt Enable Selected}. To fetch all events from the selected feed, scroll to the right side of the {\tt CIRCL OSINT Feed} row and simply click the icon depicting a downward pointing arrow in a circle. Once you go back to the Event Index, the events will start appearing gradually.
\section{Training materials and documentation}
MISP training materials are available at the following location \url{https://github.com/MISP/misp-training} and are freely licensed under CC-BY-SA.
MISP book is available at the following location \url{https://www.circl.lu/doc/misp/}.
\rule{0.3\linewidth}{0.25pt}
\scriptsize
Copyright \copyright\ 2018-2021 MISP Project licensed under CC-BY-SA
\end{multicols}
\end{document}