Skip to content

Commit

Permalink
Setup redirects for dfiq.org for shortlinks
Browse files Browse the repository at this point in the history
  • Loading branch information
@obsidianforensics
obsidianforensics committed Feb 8, 2024
1 parent dd64895 commit a3aaa81
Show file tree
Hide file tree
Showing 3 changed files with 222 additions and 9 deletions.
108 changes: 108 additions & 0 deletions .github/ISSUE_TEMPLATE/DFIQ_Facet.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
name: "New DFIQ Facet"
description: A template for new DFIQ Facets with fields and descriptions
title: "[New Facet]: "
labels: ["DFIQ Facet", "📝 Triage"]
body:
- type: markdown
attributes:
value: >
# DFIQ: Facets
Facets are used for intermediate-level grouping in DFIQ. A particular Facet
can be part of multiple different Scenarios and will contain multiple Questions.
A Facet breaks the larger Scenario into smaller logical pieces, but a Facet
is still too broad to answer directly; it must also be broken down (into Questions).
## Fields from the DFIQ Specification
The following fields are based on the [DFIQ Specification](https://dfiq.org/spec).
The required fields are marked, but filling out as many as you can now will make
creating the DFIQ YAML file easier later.
- type: input
id: display_name
attributes:
label: Display Name
description: "The Facet, in natural language. Example: _Are there signs of staging data for future exfiltration?_"
validations:
required: true
- type: input
id: description
attributes:
label: Description
description: A description of the Facet. Markdown syntax may be used for rich text representation.
validations:
required: false
- type: input
id: dfiq_version
attributes:
label: DFIQ Version
description: The [DFIQ Specification](https://dfiq.org/spec) version in the major.minor.patch scheme (probably leave this as-is).
value: "1.0.0"
validations:
required: true
- type: dropdown
id: type
attributes:
label: DFIQ Component Type
description: "Represent the type of DFIQ object. Should be `facet` for Facets."
multiple: false
options:
- facet
validations:
required: true
- type: input
id: id
attributes:
label: DFIQ ID
description: "DFIQ Identifier using the format defined in [identifiers](https://dfiq.org/contributing/specification/#identifiers). It's ok to leave this blank for now."
placeholder: F1234
validations:
required: false
- type: input
id: tags
attributes:
label: List of tags
description: A list of tags (categories or keywords) that apply to this Facet. Optional.
placeholder: chrome, web browsers, downloads
validations:
required: false
- type: input
id: parent_ids
attributes:
label: Parent IDs
description: List of DFIQ Scenario IDs that this Facet belongs to. Optional.
placeholder: S1234, S5678
validations:
required: false
- type: markdown
attributes:
value: >
## Helpful Additional Information
The following fields are not part of the DFIQ Specification, but
are extra information that may be useful.
- type: textarea
id: references
attributes:
label: Links to any references
description: |
Links to any research papers, blog posts, presentations, or other resources useful
for either providing background or prior art.
placeholder: |
- https://example.com/exampe
- "[Example using Markdown](https://another.example.com/paper)."
- ...
validations:
required: false
- type: textarea
id: comments
attributes:
label: Anything else?
description: |
Any extra information that you'd like to provide - questions, comments, feedback, etc.
validations:
required: false
21 changes: 12 additions & 9 deletions .github/ISSUE_TEMPLATE/DFIQ_Question.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,14 @@ body:
id: display_name
attributes:
label: Display Name
description: "The question, in natural language. Example: _What files were downloaded using a web browser?_"
description: "The Question, in natural language. Example: _What files were downloaded using a web browser?_"
validations:
required: true
- type: input
id: description
attributes:
label: Description
description: A description of the question. Markdown syntax MAY be used for rich text representation.
placeholder:
description: A description of the Question. Markdown syntax may be used for rich text representation.
validations:
required: false
- type: input
Expand All @@ -52,7 +51,7 @@ body:
id: type
attributes:
label: DFIQ Component Type
description: "Represent the type of DFIQ object. Should be `question` for questions."
description: "Represent the type of DFIQ object. Should be `question` for Questions."
multiple: false
options:
- question
Expand All @@ -78,14 +77,16 @@ body:
id: parent_ids
attributes:
label: Parent IDs
description: List of DFIQ facet IDs that this question belongs to. Optional.
description: List of DFIQ Facet IDs that this Question belongs to. Optional.
placeholder: F1234, F5678
validations:
required: false
- type: markdown
attributes:
value: |
value: >
## Helpful Additional Information
The following fields are not part of the DFIQ Specification for Questions, but
are extra information that's useful when building out the Approaches to answer
the proposed Question.
Expand All @@ -94,7 +95,8 @@ body:
attributes:
label: Ideas for Approaches to answer this Question
description: >
How would someone answer this Question? Even a sentance or two capturing the key parts of how to answer is very helpful. You can provide multiple different Approach suggestions.
How would someone answer this Question? Even a sentence or two capturing the key
parts of how to answer is very helpful. You can provide multiple different Approach suggestions.
Examples above apply to the Question "What files were downloaded using a web browser?")
Expand All @@ -109,8 +111,9 @@ body:
attributes:
label: Links to any references
description: |
Links to any research papers, blog posts, presentations, or other resources useful for either providing background for the Question,
or potentially useful when creating an Approach to answer the Question.
Links to any research papers, blog posts, presentations, or other resources
useful for either providing background for the Question, or potentially
useful when creating an Approach to answer the Question.
placeholder: |
- https://example.com/exampe
- "[Example using Markdown](https://another.example.com/paper)."
Expand Down
102 changes: 102 additions & 0 deletions .github/ISSUE_TEMPLATE/DFIQ_Scenario.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
name: "New DFIQ Scenario"
description: A template for new DFIQ Scenarios with fields and descriptions
title: "[New Scenario]: "
labels: ["DFIQ Scenario", "📝 Triage"]
body:
- type: markdown
attributes:
value: >
# DFIQ: Scenarios
A Scenario is the highest-level grouping in DFIQ. A Scenario is made of
one or more Facets (different "sides" of an investigation), which in
turn are made up of investigative Questions.
## Fields from the DFIQ Specification
The following fields are based on the [DFIQ Specification](https://dfiq.org/spec).
The required fields are marked, but filling out as many as you can now will make
creating the DFIQ YAML file easier later.
- type: input
id: display_name
attributes:
label: Display Name
description: "A human-readable name for the Scenario. Example: _Data Exfiltration_"
validations:
required: true
- type: input
id: description
attributes:
label: Description
description: >
A description of the Scenario. Markdown syntax may be used for rich text representation.
Example: _An employee is suspected of unauthorized copying of sensitive data (code,
trade secrets, etc) from internal systems to those outside of the company's control._
validations:
required: true
- type: input
id: dfiq_version
attributes:
label: DFIQ Version
description: The [DFIQ Specification](https://dfiq.org/spec) version in the major.minor.patch scheme (probably leave this as-is).
value: "1.0.0"
validations:
required: true
- type: dropdown
id: type
attributes:
label: DFIQ Component Type
description: "Represent the type of DFIQ object. Should be `scenario` for Scenarios."
multiple: false
options:
- scenario
validations:
required: true
- type: input
id: id
attributes:
label: DFIQ ID
description: "DFIQ Identifier using the format defined in [identifiers](https://dfiq.org/contributing/specification/#identifiers). It's ok to leave this blank for now."
placeholder: S1234
validations:
required: false
- type: input
id: tags
attributes:
label: List of tags
description: A list of tags (categories or keywords) that apply to this Scenario. Optional.
placeholder: chrome, web browsers, downloads
validations:
required: false
- type: markdown
attributes:
value: >
## Helpful Additional Information
The following fields are not part of the DFIQ Specification, but
are extra information that may be useful.
- type: textarea
id: references
attributes:
label: Links to any references
description: |
Links to any research papers, blog posts, presentations, or other resources useful
for either providing background or prior art.
placeholder: |
- https://example.com/exampe
- "[Example using Markdown](https://another.example.com/paper)."
- ...
validations:
required: false
- type: textarea
id: comments
attributes:
label: Anything else?
description: |
Any extra information that you'd like to provide - questions, comments, feedback, etc.
validations:
required: false

0 comments on commit a3aaa81

Please sign in to comment.