Dear friends of IntelMQ,
just wondering: are their tutorial out there to get a beginner to have IntelMQ running and doing something useful?
Possible steps to cover: * Get a first feed in, using a public feed * Setup a simble "botnet", e.g. one that filters for my country, ASN or network range * Do a simple output task, e.g. like creating a DNS RPZ file (once)
Not covering installation, but first setup Maybe setup with IntelMQ Manager or without.
Can be textual or otherwise. Background of the question: For new users or development setups, it is needed to get an up-to-date, working IntelMQ setup. Doing a few searches on the internet I did not see a tutorial for this and the current documentation is geared towards being a comprensive reference.
Saw https://github.com/certtools/intelmq/issues/256 Request for a Video Tutorial Just to saw: For me videos do not work best and they probably are a lot of work compared to a classic text and screenshot based tutorial.
So is anything already out there? :)
Regards, Bernhard
Hi Bernhard,
On 10.01.2020, at 13:15, Bernhard Reiter bernhard@intevation.de wrote:
Signed PGP part Dear friends of IntelMQ,
just wondering: are their tutorial out there to get a beginner to have IntelMQ running and doing something useful?
We started a video tutorial with shadowserver on how to get the shadowserver feeds working with IntelMQ. I know they have been using a couple of playbooks / scripts for their workshops. However, I'd have to ask what happened with the video tutorial. That would be awesome.
In addition there is workshop material from Sebix, mine and Sebix's upcoming workshop end of Januar (that is still in the making) and from Celine from France who gave a nice workshop of IntelMQ at hack.lu in autumn 2019.
So, since Sebix and me will be holding a workshop end of January anyways, I suggest that we takle this problem now. Yes, I agree... better tutorials are needed.
Best, a.
Possible steps to cover:
- Get a first feed in, using a public feed
- Setup a simble "botnet", e.g. one that filters for my country, ASN or network range
- Do a simple output task, e.g. like creating a DNS RPZ file (once)
Not covering installation, but first setup Maybe setup with IntelMQ Manager or without.
Can be textual or otherwise. Background of the question: For new users or development setups, it is needed to get an up-to-date, working IntelMQ setup. Doing a few searches on the internet I did not see a tutorial for this and the current documentation is geared towards being a comprensive reference.
Saw https://github.com/certtools/intelmq/issues/256 Request for a Video Tutorial Just to saw: For me videos do not work best and they probably are a lot of work compared to a classic text and screenshot based tutorial.
So is anything already out there? :)
Regards, Bernhard
-- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
Aaron,
Am Sonntag 12 Januar 2020 22:06:56 schrieb L. Aaron Kaplan:
I'd have to ask what happened with the video tutorial.
will you ask? (I do not have enough info on who it is.)
In addition there is workshop material from Sebix, mine and Sebix's upcoming workshop end of Januar (that is still in the making) and from Celine from France who gave a nice workshop of IntelMQ at hack.lu in autumn 2019.
Found a link to the hack.lu workshop about IntelMQ https://cfp.hack.lu/hacklu19/talk/H3DSV8/ (though there is a no-video symbol whatever that meant)
If you'll find producue tutorial material, where will we collect references to it?
Best, Bernhard
On 13.01.2020, at 09:49, Bernhard Reiter bernhard@intevation.de wrote:
Signed PGP part Aaron,
Am Sonntag 12 Januar 2020 22:06:56 schrieb L. Aaron Kaplan:
I'd have to ask what happened with the video tutorial.
will you ask? (I do not have enough info on who it is.)
of course. But I assume it's not done yet.
In addition there is workshop material from Sebix, mine and Sebix's upcoming workshop end of Januar (that is still in the making) and from Celine from France who gave a nice workshop of IntelMQ at hack.lu in autumn 2019.
Found a link to the hack.lu workshop about IntelMQ https://cfp.hack.lu/hacklu19/talk/H3DSV8/ (though there is a no-video symbol whatever that meant)
If you'll find producue tutorial material, where will we collect references to it?
I will put it to the documentation on the official site of course :)
Best, a.
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
Dear Bernhard,
On 10/01/2020 13.15, Bernhard Reiter wrote:
just wondering: are their tutorial out there to get a beginner to have IntelMQ running and doing something useful?
At https://github.com/certtools/intelmq-tutorial/ you can find a tutorial which we created over the last weeks. It already covers a handful of topics and has some tasks which can help in familiarization with IntelMQ.
We of course appreciate any feedback and pull requests.
best regards, Sebastian
On 28.01.2020, at 17:00, Sebastian Wagner wagner@cert.at wrote:
Signed PGP part Dear Bernhard,
On 10/01/2020 13.15, Bernhard Reiter wrote:
just wondering: are their tutorial out there to get a beginner to have IntelMQ running and doing something useful?
At https://github.com/certtools/intelmq-tutorial/ you can find a tutorial which we created over the last weeks. It already covers a handful of topics and has some tasks which can help in familiarization with IntelMQ.
We of course appreciate any feedback and pull requests.
Addition: it's not 100% bulletproof yet nor complete. I need to practice it with some people the next few days.
So, yes, in this context - Bernhard I would be really happy if you could review it. (giving a first workshop with the new tutorial material on FR)
Thanks for forwarding this to Bernhard, Sebix.
@Dear list - also feedback from you on the tutorial material would be very much appreciated.
Thanks, Aaron Kaplan.