misp-training/training-support/compact-cheatsheet/cheatsheet.tex

125 lines
5.8 KiB
TeX

\documentclass[10pt,landscape]{article}
\usepackage{multicol}
\usepackage{calc}
\usepackage{ifthen}
\usepackage[landscape]{geometry}
\usepackage[colorlinks = true,
linkcolor = blue,
urlcolor = blue,
citecolor = blue,
anchorcolor = blue]{hyperref}
\usepackage{graphicx}
\usepackage[T1]{fontenc}
\usepackage[bitstream-charter]{mathdesign}
% Based on the LaTeX cheatsheet
% This sets page margins to .5 inch if using letter paper, and to 1cm
% if using A4 paper. (This probably isn't strictly necessary.)
% If using another size paper, use default 1cm margins.
\ifthenelse{\lengthtest { \paperwidth = 11in}}
{ \geometry{top=.5in,left=.5in,right=.5in,bottom=.5in} }
{\ifthenelse{ \lengthtest{ \paperwidth = 297mm}}
{\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} }
{\geometry{top=1cm,left=1cm,right=1cm,bottom=1cm} }
}
% Turn off header and footer
\pagestyle{empty}
% Redefine section commands to use less space
\makeatletter
\renewcommand{\section}{\@startsection{section}{1}{0mm}%
{-1ex plus -.5ex minus -.2ex}%
{0.5ex plus .2ex}%x
{\normalfont\large\bfseries}}
\renewcommand{\subsection}{\@startsection{subsection}{2}{0mm}%
{-1explus -.5ex minus -.2ex}%
{0.5ex plus .2ex}%
{\normalfont\normalsize\bfseries}}
\renewcommand{\subsubsection}{\@startsection{subsubsection}{3}{0mm}%
{-1ex plus -.5ex minus -.2ex}%
{1ex plus .2ex}%
{\normalfont\small\bfseries}}
\makeatother
% Define BibTeX command
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
% Don't print section numbers
\setcounter{secnumdepth}{0}
\setlength{\parindent}{0pt}
\setlength{\parskip}{0pt plus 0.5ex}
\begin{document}
\raggedright
\footnotesize
\begin{multicols}{3}
% multicol parameters
% These lengths are set only within the two main columns
%\setlength{\columnseprule}{0.25pt}
\setlength{\premulticols}{1pt}
\setlength{\postmulticols}{1pt}
\setlength{\multicolsep}{1pt}
\setlength{\columnsep}{2pt}
\begin{center}
\includegraphics{misp.pdf}\\
\Large{\textbf{MISP Training Cheat Sheet}} \\
\end{center}
\section{Virtual Machine (MISP Training VM)}
The MISP Training VM is available at the following location : \url{https://www.circl.lu/misp-images/latest/}.\\
The VM can be imported in VirtualBox or VMWare as an appliance (OVA).\\
{\it The MISP training VM includes multiple applications and packages which are configured by default without
production-ready secure settings. We strongly recommend to not use this VM for production and/or for storing sensitive information.}\\
\section{Default URL and (username/password)}
\begin{itemize}
\item MISP web interface - \url{http://127.0.0.1} (NAT: \url{http://127.0.0.1:8080}) ({\bf admin@admin.test/admin})
\item MISP-modules - \url{http://127.0.0.1:6666}
\item MISP-dashboard - \url{http://127.0.0.1:8001}
\item Viper-web - http://127.0.0.1:8888 (admin/Password1234)
\item jupyter-notebook - http://127.0.0.1:8889
\item system credentials via ssh/terminal - (misp/Password1234)
\end{itemize}
\section{How to get the API key of my user?}
Go to the MISP web interface, and simply click your username in the right upper corner to see your user profile which includes your API key.
\section{How to reset a password in MISP?}
If you did any specific mistake while setting up your password at the first loging. You can reset the password by login
on the system (via SSH or terminal) and type the following command:
{\tt /var/www/MISP/app/Console/cake Password admin@admin.test YourTemporaryPasssword}
\section{How to reset the bruteforce login protection?}
While trying to log into MISP multiple times unsuccessfuly, the bruteforce protection might be triggered. You can reset the bruteforce
login protection's state by loging into the system (via SSH or terminal) and typing the following command:
{\tt /var/www/MISP/app/Console/cake Admin clearBruteforce}
\section{How to upgrade MISP to the latest version?}
Log in via SSH or terminal and type the following commands (your VM must have an Internet access):
\begin{enumerate}
\item {\tt cd /var/www/MISP}
\item {\tt git pull origin 2.4}
\item {\tt git submodule update ----init ----recursive}
\end{enumerate}
\section{Getting OSINT information into your MISP}
By default, a fresh installation of MISP is emtpy as we prefer to leave it up to the users to store, gather and share the information they need. If you would like to populate your MISP with some real-life data, simply enable the CIRCL OSINT feed, which contains cybersecurity threat-related information. In order to enable the OSINT feed, go to $\rightarrow$ {\tt Sync Actions} then $\rightarrow$ {\tt List Feeds}. Then select the first feed's (called {\tt CIRCL OSINT Feed}) checkbox and click on top {\tt Enable Selected}. Then on the right side of the {\tt CIRCL OSINT Feed} row, simply click the icon depicting a downward pointing arrow in a circle. Once you go back to the event index, the events will start appearing gradually.
\section{Training materials and documentation}
The MISP training materials are available at the following location \url{https://www.circl.lu/services/misp-training-materials/} and are freely licensed under CC-BY-SA.
MISP book is available at the following location \url{https://www.circl.lu/doc/misp/}.
\rule{0.3\linewidth}{0.25pt}
\scriptsize
Copyright \copyright\ 2018 MISP Project licensed under CC-BY-SA
\end{multicols}
\end{document}