save
This commit is contained in:
parent
399aee9ea6
commit
9ca84b7b7e
15 changed files with 29 additions and 87 deletions
2
.orgids
2
.orgids
File diff suppressed because one or more lines are too long
|
@ -1,33 +0,0 @@
|
||||||
# Created 2021-09-16 Thu 11:36
|
|
||||||
#+TITLE: Cisco Notes
|
|
||||||
#+AUTHOR: Yann Esposito
|
|
||||||
* FMC
|
|
||||||
|
|
||||||
#+begin_src javascript
|
|
||||||
{"name": "FMC",
|
|
||||||
"description": "FMC",
|
|
||||||
"scopes":["casebook",
|
|
||||||
"enrich:read",
|
|
||||||
"global-intel:read",
|
|
||||||
"inspect:read",
|
|
||||||
"integration:read",
|
|
||||||
"notification",
|
|
||||||
"orbital",
|
|
||||||
"profile",
|
|
||||||
"private-intel",
|
|
||||||
"response",
|
|
||||||
"registry/user/ribbon",
|
|
||||||
"telemetry:write",
|
|
||||||
"users:read"],
|
|
||||||
"grants":["device-grant"],
|
|
||||||
"client-type":"public"
|
|
||||||
"availability":"everyone"
|
|
||||||
}
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
|
|
||||||
- INT: =client-9bb6566d-36f6-4b18-b576-72a814522926=
|
|
||||||
- TEST: =client-c485b90e-1324-4e92-a174-06eccc31f59e=
|
|
||||||
- PROD NAM: =client-bdc01e2b-776c-4aa1-a530-5adef5313d4a=
|
|
||||||
- PROD EU: =client-fee0ce92-0b22-47cc-8345-2741f07a0e30=
|
|
||||||
- PROD APJC: =client-69859e78-fee4-4c7b-9d36-ef9fdee42ba2=
|
|
|
@ -1,33 +0,0 @@
|
||||||
# Created 2021-09-16 Thu 11:37
|
|
||||||
#+TITLE: Cisco Notes
|
|
||||||
#+AUTHOR: Yann Esposito
|
|
||||||
* FMC
|
|
||||||
|
|
||||||
#+begin_src javascript
|
|
||||||
{"name": "FMC",
|
|
||||||
"description": "FMC",
|
|
||||||
"scopes":["casebook",
|
|
||||||
"enrich:read",
|
|
||||||
"global-intel:read",
|
|
||||||
"inspect:read",
|
|
||||||
"integration:read",
|
|
||||||
"notification",
|
|
||||||
"orbital",
|
|
||||||
"profile",
|
|
||||||
"private-intel",
|
|
||||||
"response",
|
|
||||||
"registry/user/ribbon",
|
|
||||||
"telemetry:write",
|
|
||||||
"users:read"],
|
|
||||||
"grants":["device-grant"],
|
|
||||||
"client-type":"public"
|
|
||||||
"availability":"everyone"
|
|
||||||
}
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
|
|
||||||
- INT: =client-9bb6566d-36f6-4b18-b576-72a814522926=
|
|
||||||
- TEST: =client-c485b90e-1324-4e92-a174-06eccc31f59e=
|
|
||||||
- PROD NAM: =client-bdc01e2b-776c-4aa1-a530-5adef5313d4a=
|
|
||||||
- PROD EU: =client-fee0ce92-0b22-47cc-8345-2741f07a0e30=
|
|
||||||
- PROD APJC: =client-69859e78-fee4-4c7b-9d36-ef9fdee42ba2=
|
|
1
journal/2021-08-04--17-13-03Z--airss.org
Normal file
1
journal/2021-08-04--17-13-03Z--airss.org
Normal file
|
@ -0,0 +1 @@
|
||||||
|
#+TITLE: nrr
|
|
@ -1,5 +0,0 @@
|
||||||
#+TITLE: Note_1
|
|
||||||
|
|
||||||
Woo this is a minimal note.
|
|
||||||
Should be a side, note, but hey...
|
|
||||||
[[file:index.org:note_1][get back to index]]
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -17,10 +17,9 @@ The central notion of the product was /Playbooks/.
|
||||||
|
|
||||||
To my understanding, the main idea behind Playbooks was to have a kind of
|
To my understanding, the main idea behind Playbooks was to have a kind of
|
||||||
meta system built by domain experts to greatly improve Threat hunting.
|
meta system built by domain experts to greatly improve Threat hunting.
|
||||||
|
Typically by being able to discover complex links between different
|
||||||
|
warnings from different places in the system and how to react to them.
|
||||||
|
|
||||||
The end goal being to have a "smart view" of the complexity of a threat.
|
|
||||||
Being able to discover complex links between different warnings from
|
|
||||||
different places in the system.
|
|
||||||
For example one of the first mission given to the rule engine was to
|
For example one of the first mission given to the rule engine was to
|
||||||
generate COAs (Course of Actions) from Sightings.
|
generate COAs (Course of Actions) from Sightings.
|
||||||
This give a better idea about what the engine could bring to the product.
|
This give a better idea about what the engine could bring to the product.
|
||||||
|
@ -30,5 +29,10 @@ me.
|
||||||
As you all pointed out, if an incident is like a github-issue, having too
|
As you all pointed out, if an incident is like a github-issue, having too
|
||||||
much github issue should be fixed at the source of the problem.
|
much github issue should be fixed at the source of the problem.
|
||||||
Prevent the automatic creation of too much similar issues.
|
Prevent the automatic creation of too much similar issues.
|
||||||
If that could help to put the engine in a place where they could show
|
If that could help to put the engine in a place where they could show their
|
||||||
their strength I am all for it.
|
strength I am all for it.
|
||||||
|
|
||||||
|
Mainly I think that keeping this idea of "Playbook" gives a better argument
|
||||||
|
about what problem is trying to be solved by the incident merging.
|
||||||
|
I think the main problem to solve might not be for the user but to give the
|
||||||
|
engine a real concrete use case.
|
||||||
|
|
|
@ -39,4 +39,3 @@ pas pu rentrer dans l'enceinte de l'école.
|
||||||
Je vais amener Oslo chez le vétérinaire.
|
Je vais amener Oslo chez le vétérinaire.
|
||||||
|
|
||||||
Voilà à peu près tout.
|
Voilà à peu près tout.
|
||||||
** 09:12
|
|
||||||
|
|
|
@ -25,14 +25,18 @@
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:CREATED: 20210918
|
:CREATED: 20210918
|
||||||
:END:
|
:END:
|
||||||
| activité φ | ?/5 | au lit -> sport |
|
| activité φ | 1/5 | au lit -> sport |
|
||||||
| nourriture | ?/5 | mal-bouffe -> saine |
|
| nourriture | 1/5 | mal-bouffe -> saine |
|
||||||
| humeur | ?/5 | exécrable -> excellente |
|
| humeur | 2/5 | exécrable -> excellente |
|
||||||
| énergie | ?/5 | exécrable -> excellente |
|
| énergie | 1/5 | exécrable -> excellente |
|
||||||
| intérêt | ?/5 | ennuie -> exceptionnel |
|
| intérêt | 1/5 | ennuie -> exceptionnel |
|
||||||
* 2021-09-18 Saturday
|
* 2021-09-18 Saturday
|
||||||
** 12:24
|
** 12:24
|
||||||
Ce matin nous sommes allés à la plage avec mes beaux parents et Bastien.
|
Ce matin nous sommes allés à la plage avec mes beaux parents et Bastien.
|
||||||
C'était bien agréable.
|
C'était bien agréable.
|
||||||
Anna est resté à l'appartement.
|
Anna est resté à l'appartement.
|
||||||
Ce soir nous avons réservé pour l'Amandier.
|
Ce soir nous avons réservé pour l'Amandier.
|
||||||
|
** 23:50
|
||||||
|
L'amandier était très agréable.
|
||||||
|
Je m'étais trompé de jour pour la réservation.
|
||||||
|
Mais on a tout de même pu avoir des places.
|
||||||
|
|
|
@ -70,8 +70,7 @@ La classe.
|
||||||
|
|
||||||
#+begin_src emacs-lisp
|
#+begin_src emacs-lisp
|
||||||
(setq spell-fu-faces-exclude
|
(setq spell-fu-faces-exclude
|
||||||
'(org-block
|
'(org-block-begin-line
|
||||||
org-block-begin-line
|
|
||||||
org-block-end-line
|
org-block-end-line
|
||||||
org-code
|
org-code
|
||||||
org-date
|
org-date
|
||||||
|
|
|
@ -45,4 +45,10 @@ Les tailles de fontes, pour avoir une expérience douce les week-end.
|
||||||
Bon je sais pas ce qui ne va pas avec les fontes et ma conf emacs.
|
Bon je sais pas ce qui ne va pas avec les fontes et ma conf emacs.
|
||||||
Mais j'imagine que je finirai par trouver.
|
Mais j'imagine que je finirai par trouver.
|
||||||
|
|
||||||
]
|
** 21:18
|
||||||
|
Nous avons reçu Laurent Pina.
|
||||||
|
Celà faisait bien longtemps.
|
||||||
|
Nous avons mangé des pates fraiches au pesto.
|
||||||
|
Bien préparées ce fut très agréable.
|
||||||
|
Il nous avais ramené un vin rouge du Larzac délicieux.
|
||||||
|
Krystelle avait préparé un Paris-Brest vraiment extraordinaire aussi.
|
||||||
|
|
BIN
roam/org-roam.db
BIN
roam/org-roam.db
Binary file not shown.
|
@ -606,7 +606,7 @@ CLOCK: [2021-10-08 Fri 17:33]--[2021-10-08 Fri 20:33] => 3:00
|
||||||
*** 2021-10-14 Thursday
|
*** 2021-10-14 Thursday
|
||||||
**** IN-PROGRESS Write Customer Manager doc :work:
|
**** IN-PROGRESS Write Customer Manager doc :work:
|
||||||
:LOGBOOK:
|
:LOGBOOK:
|
||||||
CLOCK: [2021-10-14 Thu 15:23]
|
CLOCK: [2021-10-14 Thu 15:23]--[2021-10-14 Thu 16:33] => 1:10
|
||||||
:END:
|
:END:
|
||||||
[2021-10-14 Thu 15:23]
|
[2021-10-14 Thu 15:23]
|
||||||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*write attack on Webhooks with JWT from emitters][write attack on Webhooks with JWT from emitters]]
|
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*write attack on Webhooks with JWT from emitters][write attack on Webhooks with JWT from emitters]]
|
||||||
|
|
Loading…
Reference in a new issue