mirror of https://github.com/MISP/misp-website
Updated
parent
e7e95fbf2f
commit
c2497893b2
|
@ -472,14 +472,13 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
||||||
<i class="fa icon-note" title="Note"></i>
|
<i class="fa icon-note" title="Note"></i>
|
||||||
</td>
|
</td>
|
||||||
<td class="content">
|
<td class="content">
|
||||||
Improvement of analysis can range from simple notification of a false-positive, a typographic error up to a complete competitive or counter analysis of the original analysis.
|
Improvement of the analysis process can range from a simple notification of a false-positive or the correction of a typographic error, all the way up to a complete competitive or counter analysis of the original analysis.
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
<div class="paragraph">
|
<div class="paragraph">
|
||||||
<p>A common difficulty in threat intelligence is to improve existing analysis and how to do efficiently. One of the main question is to ask what will be the target audience
|
<p>A common difficulty in threat intelligence is to improve existing analyses and especially how to do it efficiently. One of the main questions to ask is: what will be the target audience of the improved analysis and the objective thereof?</p>
|
||||||
of the improved analysis and the objective:</p>
|
|
||||||
</div>
|
</div>
|
||||||
<div class="olist arabic">
|
<div class="olist arabic">
|
||||||
<ol class="arabic">
|
<ol class="arabic">
|
||||||
|
@ -487,18 +486,18 @@ of the improved analysis and the objective:</p>
|
||||||
<p>Informing the original analyst/author (e.g. a security vendor or a CSIRT) about a specific mistake or error which needs to be corrected.</p>
|
<p>Informing the original analyst/author (e.g. a security vendor or a CSIRT) about a specific mistake or error which needs to be corrected.</p>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<p>Improving an existing analysis by performing a complementary analysis or review which will be shared and used by another group (e.g. a specific constituency, team within your organisation or member of an ISAC).</p>
|
<p>Improving an existing analysis by performing a complementary analysis or review which will be shared to and used by another group (e.g. a specific constituent, or a team within your organisation or a member of an ISAC, etc).</p>
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
</ol>
|
||||||
</div>
|
</div>
|
||||||
<div class="paragraph">
|
<div class="paragraph">
|
||||||
<p>In the case number 1, MISP includes a mechanism to propose changes to the original creator. This mechanism is called proposal. By using proposal, you can propose a change in the value of an attribute (such as a typographic in an IP address, missing contextual information, type of the information, the category or the removal of an IDS flag). The proposal will be sent back to the original author who can decide to accept the proposal or discard it.</p>
|
<p>In the first case, MISP includes a mechanism to propose changes to the original creator, a mechanism we refer to as proposals. By using proposals, you can propose a change to the value or the context of an attribute (such as a typographic error in an IP address, missing contextual information, type of the information, the category or the removal of an IDS flag). The proposal will be sent back to the original author who can decide to accept or discard it.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="paragraph">
|
<div class="paragraph">
|
||||||
<p>Adding proposal has some major advantages such as being very quick and there is no need to create a new event. But such approach works only if you are willing to lose control over the data. This is pretty efficient for small changes but if additional information such as galaxy or objects need to be added then the event extension is more appropriate.</p>
|
<p>The advantages of using the proposal system include the lack of a need to create a new event as well as the process itself being very simple and fast. However, it assumes that the party providing the improvements is willing to lose control over the proposed data. This is pretty efficient for small changes but for more comprehensive changes, especially those that include non-attribute information such as galaxy clusters or objects, the event extension is more appropriate.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="paragraph">
|
<div class="paragraph">
|
||||||
<p>In the case number 2, the extend event functionality is very handy. The extend event allow to create your own information into a self-contained event (which can have custom distribution rules) and reference the original analysis. The information can be shared back to the original author or kept in a limited scope such as a specific sector or trust group.</p>
|
<p>Apart from being more suitable for more comprehensive changes, the second scenario is also a great fit for the extended event functionality, allowing users wanting to provide additional information or an alternate view-point with the opportunity of creating a self-contained event (which can have its own custom distribution rules) that references the original analysis. This information can be shared back to the original author or kept within a limited distribution scope such as a specific sector, a trust group or as internal information for the organisation providing the additional information.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="admonitionblock tip">
|
<div class="admonitionblock tip">
|
||||||
<table>
|
<table>
|
||||||
|
@ -507,7 +506,7 @@ of the improved analysis and the objective:</p>
|
||||||
<i class="fa icon-tip" title="Tip"></i>
|
<i class="fa icon-tip" title="Tip"></i>
|
||||||
</td>
|
</td>
|
||||||
<td class="content">
|
<td class="content">
|
||||||
For more information about the extend event functionality in MISP, the blog post <strong><a href="http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html">Introducing The New Extended Events Feature in MISP</a></strong> includes a lot of details.
|
For more information about the extended event functionality in MISP, the blog post <strong><a href="http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html">Introducing The New Extended Events Feature in MISP</a></strong> includes a lot of details.
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
/Creator (Asciidoctor PDF 1.5.0.alpha.16, based on Prawn 2.2.2)
|
/Creator (Asciidoctor PDF 1.5.0.alpha.16, based on Prawn 2.2.2)
|
||||||
/Producer (MISP Project)
|
/Producer (MISP Project)
|
||||||
/ModDate (D:20180701173908+02'00')
|
/ModDate (D:20180701173908+02'00')
|
||||||
/CreationDate (D:20180701175552+02'00')
|
/CreationDate (D:20180701185210+02'00')
|
||||||
>>
|
>>
|
||||||
endobj
|
endobj
|
||||||
2 0 obj
|
2 0 obj
|
||||||
|
@ -98,7 +98,7 @@ endobj
|
||||||
endobj
|
endobj
|
||||||
8 0 obj
|
8 0 obj
|
||||||
<< /Type /Font
|
<< /Type /Font
|
||||||
/BaseFont /4c327e+NotoSerif
|
/BaseFont /d573ac+NotoSerif
|
||||||
/Subtype /TrueType
|
/Subtype /TrueType
|
||||||
/FontDescriptor 62 0 R
|
/FontDescriptor 62 0 R
|
||||||
/FirstChar 32
|
/FirstChar 32
|
||||||
|
@ -571,7 +571,7 @@ endobj
|
||||||
>>
|
>>
|
||||||
endobj
|
endobj
|
||||||
19 0 obj
|
19 0 obj
|
||||||
<< /Length 8747
|
<< /Length 10443
|
||||||
>>
|
>>
|
||||||
stream
|
stream
|
||||||
q
|
q
|
||||||
|
@ -620,12 +620,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
1.1367 Tw
|
2.0587 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
120.24 709.126 Td
|
120.24 709.126 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<496d70726f76656d656e74206f6620616e616c797369732063616e2072> 20.0195 <616e67652066726f6d2073696d706c65206e6f74696669636174696f6e206f6620612066616c73652d706f7369746976652c2061>] TJ
|
[<496d70726f76656d656e74206f662074686520616e616c797369732070726f636573732063616e2072> 20.0195 <616e67652066726f6d20612073696d706c65206e6f74696669636174696f6e206f662061>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -635,12 +635,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.5406 Tw
|
0.2496 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
120.24 693.346 Td
|
120.24 693.346 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<7479706f6772> 20.0195 <6170686963206572726f7220757020746f206120636f6d706c65746520636f6d7065746974697665206f7220636f756e74657220616e616c79736973206f6620746865206f726967696e616c>] TJ
|
[<66616c73652d706f736974697665206f722074686520636f7272656374696f6e206f662061207479706f6772> 20.0195 <6170686963206572726f722c20616c6c20746865207761> 20.0195 <7920757020746f206120636f6d706c657465>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -653,7 +653,7 @@ ET
|
||||||
BT
|
BT
|
||||||
120.24 677.566 Td
|
120.24 677.566 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<616e616c797369732e> Tj
|
<636f6d7065746974697665206f7220636f756e74657220616e616c79736973206f6620746865206f726967696e616c20616e616c797369732e> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -661,12 +661,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.4701 Tw
|
0.5136 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 645.786 Td
|
48.24 645.786 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<4120636f6d6d6f6e20646966666963756c747920696e2074687265617420696e74656c6c6967656e636520697320746f20696d70726f7665206578697374696e6720616e616c7973697320616e6420686f7720746f20646f20656666696369656e746c79> 89.8438 <2e>] TJ
|
<4120636f6d6d6f6e20646966666963756c747920696e2074687265617420696e74656c6c6967656e636520697320746f20696d70726f7665206578697374696e6720616e616c7973657320616e6420657370656369616c6c7920686f7720746f20646f> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -676,12 +676,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
1.0131 Tw
|
0.6088 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 630.006 Td
|
48.24 630.006 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<4f6e65206f6620746865206d61696e207175657374696f6e20697320746f2061736b20776861742077696c6c20626520746865207461726765742061756469656e6365206f662074686520696d70726f76656420616e616c7973697320616e64> Tj
|
[<697420656666696369656e746c79> 89.8438 <2e204f6e65206f6620746865206d61696e207175657374696f6e7320746f2061736b2069733a20776861742077696c6c20626520746865207461726765742061756469656e6365206f662074686520696d70726f766564>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -694,7 +694,7 @@ ET
|
||||||
BT
|
BT
|
||||||
48.24 614.226 Td
|
48.24 614.226 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<746865206f626a6563746976653a> Tj
|
<616e616c7973697320616e6420746865206f626a6563746976652074686572656f663f> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -773,12 +773,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
4.953 Tw
|
2.2513 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
66.24 533.106 Td
|
66.24 533.106 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<62652073686172656420616e6420757365642062> 20.0195 <7920616e6f746865722067726f75702028652e672e206120737065636966696320636f6e7374697475656e6379> 89.8438 <2c207465616d2077697468696e20796f7572>] TJ
|
[<62652073686172656420746f20616e6420757365642062> 20.0195 <7920616e6f746865722067726f75702028652e672e206120737065636966696320636f6e7374697475656e742c206f722061207465616d2077697468696e20796f7572>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -791,7 +791,7 @@ ET
|
||||||
BT
|
BT
|
||||||
66.24 517.326 Td
|
66.24 517.326 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<6f7267616e69736174696f6e206f72206d656d626572206f6620616e204953> 20.0195 <41> 20.0195 <43292e>] TJ
|
[<6f7267616e69736174696f6e206f722061206d656d626572206f6620616e204953> 20.0195 <41> 20.0195 <432c20657463292e>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -799,12 +799,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.6948 Tw
|
3.6475 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 489.546 Td
|
48.24 489.546 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<496e207468652063617365206e756d62657220312c204d49535020696e636c756465732061206d656368616e69736d20746f2070726f706f7365206368616e67657320746f20746865206f726967696e616c2063726561746f722e2054686973> Tj
|
<496e2074686520666972737420636173652c204d49535020696e636c756465732061206d656368616e69736d20746f2070726f706f7365206368616e67657320746f20746865206f726967696e616c2063726561746f722c2061> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -814,12 +814,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
2.0172 Tw
|
0.5718 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 473.766 Td
|
48.24 473.766 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<6d656368616e69736d2069732063616c6c65642070726f706f73616c2e2042> 20.0195 <79207573696e672070726f706f73616c2c20796f752063616e2070726f706f73652061206368616e676520696e207468652076616c7565206f6620616e>] TJ
|
[<6d656368616e69736d20776520726566657220746f2061732070726f706f73616c732e2042> 20.0195 <79207573696e672070726f706f73616c732c20796f752063616e2070726f706f73652061206368616e676520746f207468652076616c7565206f72>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -829,12 +829,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
2.6166 Tw
|
2.8425 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 457.986 Td
|
48.24 457.986 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<6174747269627574652028737563682061732061207479706f6772> 20.0195 <617068696320696e20616e20495020616464726573732c206d697373696e6720636f6e7465787475616c20696e666f726d6174696f6e2c2074797065206f6620746865>] TJ
|
[<74686520636f6e74657874206f6620616e206174747269627574652028737563682061732061207479706f6772> 20.0195 <6170686963206572726f7220696e20616e20495020616464726573732c206d697373696e6720636f6e7465787475616c>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -844,12 +844,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
1.9522 Tw
|
0.4533 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 442.206 Td
|
48.24 442.206 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<696e666f726d6174696f6e2c207468652063617465676f7279206f72207468652072656d6f76616c206f6620616e2049445320666c6167292e205468652070726f706f73616c2077696c6c2062652073656e74206261636b20746f20746865> Tj
|
<696e666f726d6174696f6e2c2074797065206f662074686520696e666f726d6174696f6e2c207468652063617465676f7279206f72207468652072656d6f76616c206f6620616e2049445320666c6167292e205468652070726f706f73616c2077696c6c> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -862,7 +862,7 @@ ET
|
||||||
BT
|
BT
|
||||||
48.24 426.426 Td
|
48.24 426.426 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<6f726967696e616c20617574686f722077686f2063616e2064656369646520746f20616363657074207468652070726f706f73616c206f7220646973636172642069742e> Tj
|
<62652073656e74206261636b20746f20746865206f726967696e616c20617574686f722077686f2063616e2064656369646520746f20616363657074206f7220646973636172642069742e> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -870,12 +870,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
2.0388 Tw
|
1.2523 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 398.646 Td
|
48.24 398.646 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<41> 20.0195 <6464696e672070726f706f73616c2068617320736f6d65206d616a6f7220616476616e74616765732073756368206173206265696e67207665727920717569636b20616e64207468657265206973206e6f206e65656420746f>] TJ
|
<54686520616476616e7461676573206f66207573696e67207468652070726f706f73616c2073797374656d20696e636c75646520746865206c61636b206f662061206e65656420746f206372656174652061206e6577206576656e74206173> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -885,12 +885,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.8177 Tw
|
0.7572 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 382.866 Td
|
48.24 382.866 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<6372656174652061206e6577206576656e742e20427574207375636820617070726f61636820776f726b73206f6e6c7920696620796f75206172652077696c6c696e6720746f206c6f736520636f6e74726f6c206f7665722074686520646174612e> Tj
|
<77656c6c206173207468652070726f6365737320697473656c66206265696e6720766572792073696d706c6520616e6420666173742e20486f77657665722c20697420617373756d65732074686174207468652070617274792070726f766964696e67> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -900,12 +900,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
1.7617 Tw
|
0.3299 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 367.086 Td
|
48.24 367.086 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<546869732069732070726574747920656666696369656e7420666f7220736d616c6c206368616e67657320627574206966206164646974696f6e616c20696e666f726d6174696f6e20737563682061732067616c617879206f72206f626a65637473> Tj
|
<74686520696d70726f76656d656e74732069732077696c6c696e6720746f206c6f736520636f6e74726f6c206f766572207468652070726f706f73656420646174612e20546869732069732070726574747920656666696369656e7420666f7220736d616c6c> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -915,23 +915,12 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
5.2739 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 351.306 Td
|
48.24 351.306 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<6e65656420746f206265206164646564207468656e20746865206576656e7420657874656e73696f6e206973206d6f726520617070726f7072696174652e> Tj
|
<6368616e6765732062757420666f72206d6f726520636f6d70726568656e73697665206368616e6765732c20657370656369616c6c792074686f7365207468617420696e636c756465206e6f6e2d617474726962757465> Tj
|
||||||
ET
|
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
|
||||||
0.0 0.0 0.0 scn
|
|
||||||
0.2 0.2 0.2 scn
|
|
||||||
0.2 0.2 0.2 SCN
|
|
||||||
|
|
||||||
0.0214 Tw
|
|
||||||
|
|
||||||
BT
|
|
||||||
48.24 323.526 Td
|
|
||||||
/F1.0 10.5 Tf
|
|
||||||
[<496e207468652063617365206e756d62657220322c2074686520657874656e64206576656e742066756e6374696f6e616c69747920697320766572792068616e6479> 89.8438 <2e2054686520657874656e64206576656e7420616c6c6f7720746f20637265617465>] TJ
|
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -941,12 +930,23 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.9981 Tw
|
BT
|
||||||
|
48.24 335.526 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<696e666f726d6174696f6e20737563682061732067616c61787920636c757374657273206f72206f626a656374732c20746865206576656e7420657874656e73696f6e206973206d6f726520617070726f7072696174652e> Tj
|
||||||
|
ET
|
||||||
|
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
1.7721 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 307.746 Td
|
48.24 307.746 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<796f7572206f776e20696e666f726d6174696f6e20696e746f20612073656c662d636f6e7461696e6564206576656e74202877686963682063616e206861766520637573746f6d20646973747269627574696f6e2072756c65732920616e64> Tj
|
<41706172742066726f6d206265696e67206d6f7265207375697461626c6520666f72206d6f726520636f6d70726568656e73697665206368616e6765732c20746865207365636f6e64207363656e6172696f20697320616c736f2061> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -956,12 +956,72 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.8384 Tw
|
3.9503 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 291.966 Td
|
48.24 291.966 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<7265666572656e636520746865206f726967696e616c20616e616c797369732e2054686520696e666f726d6174696f6e2063616e20626520736861726564206261636b20746f20746865206f726967696e616c20617574686f72206f72206b> 20.0195 <657074>] TJ
|
[<67726561742066697420666f722074686520657874656e646564206576656e742066756e6374696f6e616c697479> 89.8438 <2c20616c6c6f77696e672075736572732077616e74696e6720746f2070726f76696465206164646974696f6e616c>] TJ
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
2.3982 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
48.24 276.186 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<696e666f726d6174696f6e206f7220616e20616c7465726e61746520766965772d706f696e74207769746820746865206f70706f7274756e697479206f66206372656174696e6720612073656c662d636f6e7461696e6564206576656e74> Tj
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
2.7823 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
48.24 260.406 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<2877686963682063616e206861766520697473206f776e20637573746f6d20646973747269627574696f6e2072756c6573292074686174207265666572656e63657320746865206f726967696e616c20616e616c797369732e2054686973> Tj
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
1.068 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
48.24 244.626 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
[<696e666f726d6174696f6e2063616e20626520736861726564206261636b20746f20746865206f726967696e616c20617574686f72206f72206b> 20.0195 <6570742077697468696e2061206c696d6974656420646973747269627574696f6e2073636f7065>] TJ
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
0.2433 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
48.24 228.846 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<73756368206173206120737065636966696320736563746f722c20612074727573742067726f7570206f7220617320696e7465726e616c20696e666f726d6174696f6e20666f7220746865206f7267616e69736174696f6e2070726f766964696e6720746865> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -972,9 +1032,9 @@ ET
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
BT
|
BT
|
||||||
48.24 276.186 Td
|
48.24 213.066 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<696e2061206c696d697465642073636f70652073756368206173206120737065636966696320736563746f72206f722074727573742067726f75702e> Tj
|
<6164646974696f6e616c20696e666f726d6174696f6e2e> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -982,15 +1042,15 @@ ET
|
||||||
q
|
q
|
||||||
0.5 w
|
0.5 w
|
||||||
0.9333 0.9333 0.9333 SCN
|
0.9333 0.9333 0.9333 SCN
|
||||||
108.24 260.37 m
|
108.24 197.25 m
|
||||||
108.24 220.81 l
|
108.24 141.91 l
|
||||||
S
|
S
|
||||||
Q
|
Q
|
||||||
0.0667 0.0667 0.0667 scn
|
0.0667 0.0667 0.0667 scn
|
||||||
0.0667 0.0667 0.0667 SCN
|
0.0667 0.0667 0.0667 SCN
|
||||||
|
|
||||||
BT
|
BT
|
||||||
71.388 232.022 Td
|
71.388 161.012 Td
|
||||||
/F3.1 24 Tf
|
/F3.1 24 Tf
|
||||||
<22> Tj
|
<22> Tj
|
||||||
ET
|
ET
|
||||||
|
@ -1000,12 +1060,27 @@ ET
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
0.9563 Tw
|
2.0971 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
120.24 244.406 Td
|
120.24 181.286 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
[<46> 40.0391 <6f72206d6f726520696e666f726d6174696f6e2061626f75742074686520657874656e64206576656e742066756e6374696f6e616c69747920696e204d495350> 120.1172 <2c2074686520626c6f6720706f7374>] TJ
|
[<46> 40.0391 <6f72206d6f726520696e666f726d6174696f6e2061626f75742074686520657874656e646564206576656e742066756e6374696f6e616c69747920696e204d495350> 120.1172 <2c2074686520626c6f67>] TJ
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
1.6125 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
120.24 165.506 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<706f737420> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
@ -1015,21 +1090,40 @@ ET
|
||||||
0.2588 0.5451 0.7922 scn
|
0.2588 0.5451 0.7922 scn
|
||||||
0.2588 0.5451 0.7922 SCN
|
0.2588 0.5451 0.7922 SCN
|
||||||
|
|
||||||
|
1.6125 Tw
|
||||||
|
|
||||||
BT
|
BT
|
||||||
120.24 228.626 Td
|
145.4985 165.506 Td
|
||||||
/F2.0 10.5 Tf
|
/F2.0 10.5 Tf
|
||||||
[<496e74726f647563696e6720546865204e657720457874656e646564204576656e74732046> 40.0391 <65617475726520696e204d495350>] TJ
|
[<496e74726f647563696e6720546865204e657720457874656e646564204576656e74732046> 40.0391 <65617475726520696e204d495350>] TJ
|
||||||
ET
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
|
0.0 0.0 0.0 SCN
|
||||||
|
0.0 0.0 0.0 scn
|
||||||
|
0.2 0.2 0.2 scn
|
||||||
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
|
1.6125 Tw
|
||||||
|
|
||||||
|
BT
|
||||||
|
446.8792 165.506 Td
|
||||||
|
/F1.0 10.5 Tf
|
||||||
|
<20696e636c756465732061206c6f74206f66> Tj
|
||||||
|
ET
|
||||||
|
|
||||||
|
|
||||||
|
0.0 Tw
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
0.0 0.0 0.0 scn
|
0.0 0.0 0.0 scn
|
||||||
0.2 0.2 0.2 scn
|
0.2 0.2 0.2 scn
|
||||||
0.2 0.2 0.2 SCN
|
0.2 0.2 0.2 SCN
|
||||||
|
|
||||||
BT
|
BT
|
||||||
410.3336 228.626 Td
|
120.24 149.726 Td
|
||||||
/F1.0 10.5 Tf
|
/F1.0 10.5 Tf
|
||||||
<20696e636c756465732061206c6f74206f662064657461696c732e> Tj
|
<64657461696c732e> Tj
|
||||||
ET
|
ET
|
||||||
|
|
||||||
0.0 0.0 0.0 SCN
|
0.0 0.0 0.0 SCN
|
||||||
|
@ -1102,7 +1196,7 @@ endobj
|
||||||
/URI (http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html)
|
/URI (http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html)
|
||||||
>>
|
>>
|
||||||
/Subtype /Link
|
/Subtype /Link
|
||||||
/Rect [120.24 225.56 410.3336 239.84]
|
/Rect [145.4985 162.44 446.8792 176.72]
|
||||||
/Type /Annot
|
/Type /Annot
|
||||||
>>
|
>>
|
||||||
endobj
|
endobj
|
||||||
|
@ -2183,40 +2277,46 @@ endobj
|
||||||
>>
|
>>
|
||||||
endobj
|
endobj
|
||||||
61 0 obj
|
61 0 obj
|
||||||
<< /Length1 10956
|
<< /Length1 11140
|
||||||
/Length 7036
|
/Length 7096
|
||||||
/Filter [/FlateDecode]
|
/Filter [/FlateDecode]
|
||||||
>>
|
>>
|
||||||
stream
|
stream
|
||||||
xœ<EFBFBD>zXç™îÿÏŒ.$èŠ$èB$$î7q1!À`@€¸Ø€0—ؘ$>Žë¸¶ãÄ]'®ãx7vX7ñ““¶YÇiÚlžœØí>9Ù6ÛºiÒõIÓ6Û´ñ&9©·Ç<C2B7>
ãóÍH€ŒéE<£ÑÿÏÌ÷½ÿwÿþa„<61> |