-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16 from google/obsidianforensics-patch-1
Create DFIQ_Question.yml
- Loading branch information
Showing
1 changed file
with
127 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,127 @@ | ||
| name: "New DFIQ Question" | ||
| description: A template for new DFIQ Questions with fields and descriptions | ||
| title: "[New Question]: " | ||
| labels: ["DFIQ Question", "📝 Triage"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: > | ||
| # DFIQ: Questions | ||
| Questions are the fundamental "building blocks" of DFIQ. All other DFIQ | ||
| components are relative to Questions: Approaches describe how to answer | ||
| the Questions, and Scenarios and Facets organize the Questions logically. | ||
| A Question should be specific enough that it can be readily answered | ||
| and not easily divided into multiple parts (if it can be, it likely | ||
| should be multiple Questions). A single Question can be reused in | ||
| multiple different Facets. | ||
| ## Fields from the DFIQ Specification | ||
| The following fields are based on the [DFIQ Specification](https://dfiq.org/spec). | ||
| The required fields are marked, but filling out as many as you can now will make | ||
| creating the DFIQ YAML file easier later. | ||
| - type: input | ||
| id: display_name | ||
| attributes: | ||
| label: Display Name | ||
| description: "The question, in natural language. Example: _What files were downloaded using a web browser?_" | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: description | ||
| attributes: | ||
| label: Description | ||
| description: A description of the question. Markdown syntax MAY be used for rich text representation. | ||
| placeholder: | ||
| validations: | ||
| required: false | ||
| - type: input | ||
| id: dfiq_version | ||
| attributes: | ||
| label: DFIQ Version | ||
| description: The [DFIQ Specification](https://dfiq.org/spec) version in the major.minor.patch scheme (probably leave this as-is). | ||
| value: "1.0.0" | ||
| validations: | ||
| required: true | ||
| - type: dropdown | ||
| id: type | ||
| attributes: | ||
| label: DFIQ Component Type | ||
| description: "Represent the type of DFIQ object. Should be `question` for questions." | ||
| multiple: false | ||
| options: | ||
| - question | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: id | ||
| attributes: | ||
| label: DFIQ ID | ||
| description: "DFIQ Identifier using the format defined in [identifiers](https://dfiq.org/contributing/specification/#identifiers). It's ok to leave this blank for now." | ||
| placeholder: Q1234 | ||
| validations: | ||
| required: false | ||
| - type: input | ||
| id: tags | ||
| attributes: | ||
| label: List of tags | ||
| description: A list of tags (categories or keywords) that apply to this Question. Optional. | ||
| placeholder: chrome, web browsers, downloads | ||
| validations: | ||
| required: false | ||
| - type: input | ||
| id: parent_ids | ||
| attributes: | ||
| label: Parent IDs | ||
| description: List of DFIQ facet IDs that this question belongs to. Optional. | ||
| placeholder: F1234, F5678 | ||
| validations: | ||
| required: false | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| ## Helpful Additional Information | ||
| The following fields are not part of the DFIQ Specification for Questions, but | ||
| are extra information that's useful when building out the Approaches to answer | ||
| the proposed Question. | ||
| - type: textarea | ||
| id: approach_ideas | ||
| attributes: | ||
| label: Ideas for Approaches to answer this Question | ||
| description: > | ||
| How would someone answer this Question? Even a sentance or two capturing the key parts of how to answer is very helpful. You can provide multiple different Approach suggestions. | ||
| Examples above apply to the Question "What files were downloaded using a web browser?") | ||
| placeholder: | | ||
| - Parse download records from web browsers' own databases, using one of several open source tools. | ||
| - Detect browser downloads via file system events (downloads by some web browsers create a specific pattern of events on the file system). | ||
| - ... | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: references | ||
| attributes: | ||
| label: Links to any references | ||
| description: | | ||
| Links to any research papers, blog posts, presentations, or other resources useful for either providing background for the Question, | ||
| or potentially useful when creating an Approach to answer the Question. | ||
| placeholder: | | ||
| - https://example.com/exampe | ||
| - "[Example using Markdown](https://another.example.com/paper)." | ||
| - ... | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: comments | ||
| attributes: | ||
| label: Anything else? | ||
| description: | | ||
| Any extra information that you'd like to provide - questions, comments, feedback, etc. | ||
| validations: | ||
| required: false |