From a3aaa819e0b11a858df4e98a858c91a03a540af9 Mon Sep 17 00:00:00 2001 From: obsidianforensics Date: Thu, 8 Feb 2024 00:20:19 +0000 Subject: [PATCH] Setup redirects for dfiq.org for shortlinks --- .github/ISSUE_TEMPLATE/DFIQ_Facet.yml | 108 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/DFIQ_Question.yml | 21 +++-- .github/ISSUE_TEMPLATE/DFIQ_Scenario.yml | 102 +++++++++++++++++++++ 3 files changed, 222 insertions(+), 9 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/DFIQ_Facet.yml create mode 100644 .github/ISSUE_TEMPLATE/DFIQ_Scenario.yml diff --git a/.github/ISSUE_TEMPLATE/DFIQ_Facet.yml b/.github/ISSUE_TEMPLATE/DFIQ_Facet.yml new file mode 100644 index 0000000..ec258ea --- /dev/null +++ b/.github/ISSUE_TEMPLATE/DFIQ_Facet.yml @@ -0,0 +1,108 @@ +name: "New DFIQ Facet" +description: A template for new DFIQ Facets with fields and descriptions +title: "[New Facet]: " +labels: ["DFIQ Facet", "📝 Triage"] +body: + - type: markdown + attributes: + value: > + # DFIQ: Facets + + + Facets are used for intermediate-level grouping in DFIQ. A particular Facet + can be part of multiple different Scenarios and will contain multiple Questions. + A Facet breaks the larger Scenario into smaller logical pieces, but a Facet + is still too broad to answer directly; it must also be broken down (into Questions). + + + ## Fields from the DFIQ Specification + + + The following fields are based on the [DFIQ Specification](https://dfiq.org/spec). + The required fields are marked, but filling out as many as you can now will make + creating the DFIQ YAML file easier later. + - type: input + id: display_name + attributes: + label: Display Name + description: "The Facet, in natural language. Example: _Are there signs of staging data for future exfiltration?_" + validations: + required: true + - type: input + id: description + attributes: + label: Description + description: A description of the Facet. Markdown syntax may be used for rich text representation. + validations: + required: false + - type: input + id: dfiq_version + attributes: + label: DFIQ Version + description: The [DFIQ Specification](https://dfiq.org/spec) version in the major.minor.patch scheme (probably leave this as-is). + value: "1.0.0" + validations: + required: true + - type: dropdown + id: type + attributes: + label: DFIQ Component Type + description: "Represent the type of DFIQ object. Should be `facet` for Facets." + multiple: false + options: + - facet + validations: + required: true + - type: input + id: id + attributes: + label: DFIQ ID + description: "DFIQ Identifier using the format defined in [identifiers](https://dfiq.org/contributing/specification/#identifiers). It's ok to leave this blank for now." + placeholder: F1234 + validations: + required: false + - type: input + id: tags + attributes: + label: List of tags + description: A list of tags (categories or keywords) that apply to this Facet. Optional. + placeholder: chrome, web browsers, downloads + validations: + required: false + - type: input + id: parent_ids + attributes: + label: Parent IDs + description: List of DFIQ Scenario IDs that this Facet belongs to. Optional. + placeholder: S1234, S5678 + validations: + required: false + - type: markdown + attributes: + value: > + ## Helpful Additional Information + + + The following fields are not part of the DFIQ Specification, but + are extra information that may be useful. + - type: textarea + id: references + attributes: + label: Links to any references + description: | + Links to any research papers, blog posts, presentations, or other resources useful + for either providing background or prior art. + placeholder: | + - https://example.com/exampe + - "[Example using Markdown](https://another.example.com/paper)." + - ... + validations: + required: false + - type: textarea + id: comments + attributes: + label: Anything else? + description: | + Any extra information that you'd like to provide - questions, comments, feedback, etc. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/DFIQ_Question.yml b/.github/ISSUE_TEMPLATE/DFIQ_Question.yml index 88b4001..3aee0b2 100644 --- a/.github/ISSUE_TEMPLATE/DFIQ_Question.yml +++ b/.github/ISSUE_TEMPLATE/DFIQ_Question.yml @@ -29,15 +29,14 @@ body: id: display_name attributes: label: Display Name - description: "The question, in natural language. Example: _What files were downloaded using a web browser?_" + description: "The Question, in natural language. Example: _What files were downloaded using a web browser?_" validations: required: true - type: input id: description attributes: label: Description - description: A description of the question. Markdown syntax MAY be used for rich text representation. - placeholder: + description: A description of the Question. Markdown syntax may be used for rich text representation. validations: required: false - type: input @@ -52,7 +51,7 @@ body: id: type attributes: label: DFIQ Component Type - description: "Represent the type of DFIQ object. Should be `question` for questions." + description: "Represent the type of DFIQ object. Should be `question` for Questions." multiple: false options: - question @@ -78,14 +77,16 @@ body: id: parent_ids attributes: label: Parent IDs - description: List of DFIQ facet IDs that this question belongs to. Optional. + description: List of DFIQ Facet IDs that this Question belongs to. Optional. placeholder: F1234, F5678 validations: required: false - type: markdown attributes: - value: | + value: > ## Helpful Additional Information + + The following fields are not part of the DFIQ Specification for Questions, but are extra information that's useful when building out the Approaches to answer the proposed Question. @@ -94,7 +95,8 @@ body: attributes: label: Ideas for Approaches to answer this Question description: > - How would someone answer this Question? Even a sentance or two capturing the key parts of how to answer is very helpful. You can provide multiple different Approach suggestions. + How would someone answer this Question? Even a sentence or two capturing the key + parts of how to answer is very helpful. You can provide multiple different Approach suggestions. Examples above apply to the Question "What files were downloaded using a web browser?") @@ -109,8 +111,9 @@ body: attributes: label: Links to any references description: | - Links to any research papers, blog posts, presentations, or other resources useful for either providing background for the Question, - or potentially useful when creating an Approach to answer the Question. + Links to any research papers, blog posts, presentations, or other resources + useful for either providing background for the Question, or potentially + useful when creating an Approach to answer the Question. placeholder: | - https://example.com/exampe - "[Example using Markdown](https://another.example.com/paper)." diff --git a/.github/ISSUE_TEMPLATE/DFIQ_Scenario.yml b/.github/ISSUE_TEMPLATE/DFIQ_Scenario.yml new file mode 100644 index 0000000..3250cd9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/DFIQ_Scenario.yml @@ -0,0 +1,102 @@ +name: "New DFIQ Scenario" +description: A template for new DFIQ Scenarios with fields and descriptions +title: "[New Scenario]: " +labels: ["DFIQ Scenario", "📝 Triage"] +body: + - type: markdown + attributes: + value: > + # DFIQ: Scenarios + + + A Scenario is the highest-level grouping in DFIQ. A Scenario is made of + one or more Facets (different "sides" of an investigation), which in + turn are made up of investigative Questions. + + + ## Fields from the DFIQ Specification + + + The following fields are based on the [DFIQ Specification](https://dfiq.org/spec). + The required fields are marked, but filling out as many as you can now will make + creating the DFIQ YAML file easier later. + - type: input + id: display_name + attributes: + label: Display Name + description: "A human-readable name for the Scenario. Example: _Data Exfiltration_" + validations: + required: true + - type: input + id: description + attributes: + label: Description + description: > + A description of the Scenario. Markdown syntax may be used for rich text representation. + Example: _An employee is suspected of unauthorized copying of sensitive data (code, + trade secrets, etc) from internal systems to those outside of the company's control._ + validations: + required: true + - type: input + id: dfiq_version + attributes: + label: DFIQ Version + description: The [DFIQ Specification](https://dfiq.org/spec) version in the major.minor.patch scheme (probably leave this as-is). + value: "1.0.0" + validations: + required: true + - type: dropdown + id: type + attributes: + label: DFIQ Component Type + description: "Represent the type of DFIQ object. Should be `scenario` for Scenarios." + multiple: false + options: + - scenario + validations: + required: true + - type: input + id: id + attributes: + label: DFIQ ID + description: "DFIQ Identifier using the format defined in [identifiers](https://dfiq.org/contributing/specification/#identifiers). It's ok to leave this blank for now." + placeholder: S1234 + validations: + required: false + - type: input + id: tags + attributes: + label: List of tags + description: A list of tags (categories or keywords) that apply to this Scenario. Optional. + placeholder: chrome, web browsers, downloads + validations: + required: false + - type: markdown + attributes: + value: > + ## Helpful Additional Information + + + The following fields are not part of the DFIQ Specification, but + are extra information that may be useful. + - type: textarea + id: references + attributes: + label: Links to any references + description: | + Links to any research papers, blog posts, presentations, or other resources useful + for either providing background or prior art. + placeholder: | + - https://example.com/exampe + - "[Example using Markdown](https://another.example.com/paper)." + - ... + validations: + required: false + - type: textarea + id: comments + attributes: + label: Anything else? + description: | + Any extra information that you'd like to provide - questions, comments, feedback, etc. + validations: + required: false