new: [a.4] added

FinCSIRT · Dec 29, 2018 · 91340e6 · 91340e6
1 parent 1b55cb1
commit 91340e6
Show file tree

Hide file tree

Showing 37 changed files with 530 additions and 1 deletion.
diff --git a/a.4-best-practices/bob-ross.jpg b/a.4-best-practices/bob-ross.jpg
diff --git a/a.4-best-practices/content.tex b/a.4-best-practices/content.tex
diff --git a/a.4-best-practices/dictator.jpg b/a.4-best-practices/dictator.jpg
diff --git a/a.4-best-practices/images/logo-circl.pdf b/a.4-best-practices/images/logo-circl.pdf
@@ -0,0 +1 @@
+../../logos/logo-circl.pdf
diff --git a/a.4-best-practices/images/misp.png b/a.4-best-practices/images/misp.png
diff --git a/a.4-best-practices/images/x-isac-logo.png b/a.4-best-practices/images/x-isac-logo.png
diff --git a/a.4-best-practices/logo-circl.pdf b/a.4-best-practices/logo-circl.pdf
diff --git a/a.4-best-practices/machinetag.pdf b/a.4-best-practices/machinetag.pdf
diff --git a/a.4-best-practices/misp-distributed.pdf b/a.4-best-practices/misp-distributed.pdf
diff --git a/a.4-best-practices/misp-expansion.pdf b/a.4-best-practices/misp-expansion.pdf
diff --git a/a.4-best-practices/misp-overview.pdf b/a.4-best-practices/misp-overview.pdf
diff --git a/a.4-best-practices/misplogo.pdf b/a.4-best-practices/misplogo.pdf
diff --git a/a.4-best-practices/normaltag.png b/a.4-best-practices/normaltag.png
diff --git a/a.4-best-practices/pmf.png b/a.4-best-practices/pmf.png
diff --git a/a.4-best-practices/screenshots/Sightings1.PNG b/a.4-best-practices/screenshots/Sightings1.PNG
diff --git a/a.4-best-practices/screenshots/Sightings2.PNG b/a.4-best-practices/screenshots/Sightings2.PNG
diff --git a/a.4-best-practices/screenshots/dashboard-live.png b/a.4-best-practices/screenshots/dashboard-live.png
diff --git a/a.4-best-practices/screenshots/dashboard-trendings.png b/a.4-best-practices/screenshots/dashboard-trendings.png
diff --git a/a.4-best-practices/screenshots/enrichment1.PNG b/a.4-best-practices/screenshots/enrichment1.PNG
diff --git a/a.4-best-practices/screenshots/enrichment2.PNG b/a.4-best-practices/screenshots/enrichment2.PNG
diff --git a/a.4-best-practices/screenshots/enrichment3.PNG b/a.4-best-practices/screenshots/enrichment3.PNG
diff --git a/a.4-best-practices/screenshots/enrichment4.PNG b/a.4-best-practices/screenshots/enrichment4.PNG
diff --git a/a.4-best-practices/screenshots/false-positive.png b/a.4-best-practices/screenshots/false-positive.png
diff --git a/a.4-best-practices/screenshots/freetext1.PNG b/a.4-best-practices/screenshots/freetext1.PNG
diff --git a/a.4-best-practices/screenshots/freetxt2.PNG b/a.4-best-practices/screenshots/freetxt2.PNG
diff --git a/a.4-best-practices/screenshots/freetxt3.PNG b/a.4-best-practices/screenshots/freetxt3.PNG
diff --git a/a.4-best-practices/screenshots/normaltag.png b/a.4-best-practices/screenshots/normaltag.png
diff --git a/a.4-best-practices/screenshots/power-responsibility.png b/a.4-best-practices/screenshots/power-responsibility.png
diff --git a/a.4-best-practices/screenshots/sharing.jpeg b/a.4-best-practices/screenshots/sharing.jpeg
diff --git a/a.4-best-practices/shakyfoundation.jpeg b/a.4-best-practices/shakyfoundation.jpeg
diff --git a/a.4-best-practices/slide.tex b/a.4-best-practices/slide.tex
@@ -0,0 +1,26 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+%\usepackage[T1]{fontenc}
+%\usepackage[scaled]{beramono}
+
+\author{Team CIRCL \\ \emph{TLP:WHITE}}
+\title{MISP workshop}
+\subtitle{Introduction into Information Sharing using MISP for CSIRTs}
+\institute{}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+\date{\input{../includes/location.txt}}
+
+\begin{document}
+\include{content}
+\end{document}
+
diff --git a/a.4-best-practices/tag-osint.png b/a.4-best-practices/tag-osint.png
diff --git a/a.4-best-practices/tags24.png b/a.4-best-practices/tags24.png
diff --git a/a.4-best-practices/tagspush.png b/a.4-best-practices/tagspush.png
diff --git a/a.4-best-practices/test.txt b/a.4-best-practices/test.txt
@@ -0,0 +1,45 @@
+
+Model of governance
+- Dictatorship instead of democracy
+- Gathering ideas, issues, use-cases, code from the community is key, listen to them but reserve the right to veto
+  - Prevents malevolent community members from blocking the process / imposing tunnel-visioned ideas
+- Don't wait for the perfect implementation, start small extend it later
+- If the idea doesn't seem suitable for the above, shelf it as soon as possible
+
+Development process based on failures
+- Any idea needs real-world validation
+- Be willing to throw away features that "sure seemed like a good idea at the time"
+- Failures can often be used to pinpoint better alternatives
+- Format follows the implementation (code is law)
+
+PMF model
+
+On the flip-side, the dangers of sticking to theoretical format development for too long
+- The same mistakes will be made anyway
+- Piling mistakes on shaky foundation will be more difficult to undo later
+  - technical reasons
+  - sunk cost fallacy
+
+Designing a standard with sharing in mind (how not to do it)
+- Originally the sharing aspects were quite limited (private flag)
+  - If I want to keep it within my organisation, simply set the flag
+  - If not set any organisation can see it on the instance
+- Utterly simplistic, only worked on communities using a hosted MISP
+
+Designing a standard with sharing in mind (how to be a minimalist)
+- Needed to be extended once communities started self-hosting MISP to be able to control the distance of the data-flow
+- Distirbution levels
+  - Organisation only (private)
+  - Community
+  - Connected community
+  - All
+
+Designing a standard with sharing in mind (going all out)
+- Still not covering all use cases, certain types of users wanting more granularity
+  - Sharing groups (distribution lists)
+  - Complex system for persistent and special ad-hoc use-cases
+- Next step: Multiple sharing groups/nested sharing groups
+
+
+
+
diff --git a/a.4-best-practices/texput.log b/a.4-best-practices/texput.log
@@ -0,0 +1,21 @@
+This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016/Debian) (preloaded format=pdflatex 2017.6.14)  25 MAY 2018 13:50
+entering extended mode
+ restricted \write18 enabled.
+ %&-line parsing enabled.
+**infosharing-introduction.te
+
+! Emergency stop.
+<*> infosharing-introduction.te
+
+End of file on the terminal!
+
+
+Here is how much of TeX's memory you used:
+ 5 strings out of 494945
+ 133 string characters out of 6181032
+ 45270 words of memory out of 5000000
+ 3400 multiletter control sequences out of 15000+600000
+ 3640 words of font info for 14 fonts, out of 8000000 for 9000
+ 14 hyphenation exceptions out of 8191
+ 0i,0n,0p,34b,6s stack positions out of 5000i,500n,10000p,200000b,80000s
+!  ==> Fatal error occurred, no output PDF file produced!
diff --git a/build.sh b/build.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 
-slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.2-misp-integration" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration" "3-misp-taxonomy-tagging" "3.1-misp-modules" "3.2-misp-galaxy" "3.3-misp-object-template" "6.0-misp-dashboard" "a.0-contributing" "a.1-devintro" "a.2-pymisp" "a.3-misp-feed")
+slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.2-misp-integration" "1.1-misp-viper-integration" "1.2.1-misp-integration-mail2misp" "2-misp-administration" "3-misp-taxonomy-tagging" "3.1-misp-modules" "3.2-misp-galaxy" "3.3-misp-object-template" "6.0-misp-dashboard" "a.0-contributing" "a.1-devintro" "a.2-pymisp" "a.3-misp-feed" "a.4-best-practices")
 mkdir output
 export TEXINPUTS=::`pwd`/themes/
 echo ${TEXINPUTS}