+
+## 格式
+
+用于分享的威胁情报标准化格式
+
+
+
+ |
+ CAPEC
+ |
+
+ Common Attack Pattern Enumeration and Classification (CAPEC) 是一个综合性的术语大全以及对已知攻击的分类,可以被分析、开发、测试以及教育工作者使用,推动社会的重视并且增加网络防御能力
+ |
+
+
+ |
+ CybOX
+ |
+
+ The Cyber Observable eXpression (CybOX) language provides a common structure for representing cyber observables across and among the operational areas of enterprise cyber security that improves the consistency, efficiency, and interoperability of deployed tools and processes, as well as increases overall situational awareness by enabling the potential for detailed automatable sharing, mapping, detection, and analysis heuristics.
+ |
+
+
+ |
+ IODEF (RFC5070)
+ |
+
+ The Incident Object Description Exchange Format (IODEF) defines a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents.
+ |
+
+
+ |
+ IDMEF (RFC4765)
+ |
+
+ Experimental - The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them.
+ |
+
+
+ |
+ MAEC
+ |
+
+ The Malware Attribute Enumeration and Characterization (MAEC) projects is aimed at creating and providing a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.
+ |
+
+
+ |
+ STIX
+ |
+
+ The Structured Threat Information eXpression (STIX) language is a standardized construct to represent cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, and automatable. STIX does not only allow tool-agnostic fields, but also provides so-called test mechanisms that provide means for embedding tool-specific elements, including OpenIOC, Yara and Snort.
+ |
+
+
+ |
+ TAXII
+ |
+
+ The Trusted Automated eXchange of Indicator Information (TAXII) standard defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries. TAXII defines concepts, protocols, and message exchanges to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats.
+ |
+
+
+ |
+ VERIS
+ |
+
+ The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS is a response to one of the most critical and persistent challenges in the security industry - a lack of quality information. In addition to providing a structuref format, VERIS also collects data from the community to report on breaches in the Verizon Data Breach Investigations Report (DBIR) and publishes this database online at VCDB.org.
+ |
+
+
+
+## 框架与平台
+
+收集、分析、构建、分享威胁情报的框架、平台与服务
+
+
+
+ |
+ AbuseHelper
+ |
+
+ AbuseHelper 是一个用来接收与重分配威胁情报订阅的开源框架
+ |
+
+
+ |
+ AIS
+ |
+
+ The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed. Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email (although they can also be much more complicated).
+ |
+
+
+ |
+ Barncat
+ |
+
+ Fidelis Cybersecurity offers free access to Barncat after registration. The platform is intended to be used by CERTs, researchers, governments, ISPs and other, large organizations. The database holds various configuration settings used by attackers.
+ |
+
+
+ |
+ Bearded Avenger
+ |
+
+ CIF 的接替者,最快处理威胁情报的方式
+ |
+
+
+ |
+ Blueliv Threat Exchange Network
+ |
+
+ 允许社区的参与者共享威胁情报信息
+ |
+
+
+ |
+ CRITS
+ |
+
+ CRITS is a platform that provides analysts with the means to conduct collaborative research into malware and threats. It plugs into a centralized intelligence data repository, but can also be used as a private instance.
+ |
+
+
+ |
+ CIF
+ |
+
+ Collective Intelligence Framework (CIF) 允许你将已知的多源恶意威胁信息联结起来,可以用于 IR、检测与缓解,代码在 GitHub 上可用
+ |
+
+
+ |
+ IntelMQ
+ |
+
+ IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
+ |
+
+
+ |
+ Interflow
+ |
+
+ Interflow is a security and threat information exchange platform created by Microsoft for professionals working in cybersecurity.
+ It uses a distributed architecture which enables sharing of security and threat information within and between communities for a collectively stronger ecosystem.
+ Offering multiple configuration options, Interflow allows users to decide what communities to form, what data feeds to consume, and with whom.
+ Interflow is currently in private preview.
+ |
+
+
+ |
+ Malstrom
+ |
+
+ Malstrom 的目的是来跟踪与取证的神器,还包括 YARA 的规则库与一些调查的笔记
+ |
+
+
+ |
+ MANTIS
+ |
+
+ The Model-based Analysis of Threat Intelligence Sources (MANTIS) Cyber Threat Intelligence Management Framework supports the management of cyber threat intelligence expressed in various standard languages, like STIX and CybOX. It is *not* ready for large-scale production though.
+ |
+
+
+ |
+ Megatron
+ |
+
+ Megatron is a tool implemented by CERT-SE which collects and analyses bad IPs, can be used to calculate statistics, convert and analyze log files and in abuse & incident handling.
+ |
+
+
+ |
+ MineMeld
+ |
+
+ An extensible Threat Intelligence processing framework created Palo Alto Networks.
+ It can be used to manipulate lists of indicators and transform and/or aggregate them for consumption by third party enforcement infrastructure.
+ |
+
+
+ |
+ MISP
+ |
+
+ Malware Information Sharing Platform (MISP) 是一个收集、存储、分发和分享网络安全指标和恶意软件分析信息的开源软件解决方案
+ |
+
+
+ |
+ OpenIOC
+ |
+
+ OpenIOC 是一个开放的共享威胁情报的框架,它的目的是用计读的格式互通内部与外部的威胁情报信息
+ |
+
+
+ |
+ OpenTAXII
+ |
+
+ OpenTAXII 是 TAXII 的一个 Python 实现,提供了一系列丰富的功能与友好的 Python API
+ |
+
+
+ |
+ OSTrICa
+ |
+
+ 一个开源的插件化框架来对威胁情报的收集与可视化
+ |
+
+
+ |
+ OTX - Open Threat Exchange
+ |
+
+ AlienVault Open Threat Exchange (OTX) provides open access to a global community of threat researchers and security professionals. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source.
+ |
+
+
+ |
+ Open Threat Partner eXchange
+ |
+
+ The Open Threat Partner eXchange (OpenTPX) consists of an open-source format and tools for exchanging machine-readable threat intelligence and network security operations data. It is a JSON-based format that allows sharing of data between connected systems.
+ |
+
+
+ |
+ PassiveTotal
+ |
+
+ The PassiveTotal platform offered by RiskIQ is a threat-analysis platform which provides analysts with as much data as possible in order to prevent attacks before they happen. Several types of solutions are offered, as well as integrations (APIs) with other systems.
+ |
+
+
+ |
+ Recorded Future
+ |
+
+ Recorded Future is a premium SaaS product that automatically unifies threat intelligence from open, closed, and technical sources into a single solution. Their technology uses natural language processing (NLP) and machine learning to deliver that threat intelligence in real time — making Recorded Future a popular choice for IT security teams.
+ |
+
+
+ |
+ Scumblr
+ |
+
+ Scumblr is a web application that allows performing periodic syncs of data sources (such as Github repositories and URLs) and performing analysis (such as static analysis, dynamic checks, and metadata collection) on the identified results.
+ Scumblr helps you streamline proactive security through an intelligent automation framework to help you identify, track, and resolve security issues faster.
+ |
+
+
+ |
+ Soltra Edge
+ |
+
+ Soltra Edge 的免费版本,支持扩展社区防御模型。扩展性好,操作性交互度很高,基于开箱即用的行业标准,包括 STIX 和 TAXII
+ |
+
+
+ |
+ STAXX (Anomali)
+ |
+
+ Anomali STAXX™ gives you a free, easy way to subscribe to any STIX/TAXII feed. Simply download the STAXX client, configure your data sources, and STAXX will handle the rest.
+ |
+
+
+ |
+ stoQ
+ |
+
+ stoQ is a framework that allows cyber analysts to organize and automate repetitive, data-driven tasks. It features plugins for many other systems to interact with.
+ One use case is the extraction of IOCs from documents, an example of which is shown here, but it can also be used for deobfuscationg and decoding of content and automated scanning with YARA, for example.
+ |
+
+
+ |
+ TARDIS
+ |
+
+ Threat Analysis, Reconnaissance, and Data Intelligence System (TARDIS) 是一个使用攻击签名执行历史搜索的开源框架
+ |
+
+
+ |
+ ThreatCrowd
+ |
+
+ ThreatCrowd 是一个发现和研究有关网络威胁的系统
+ |
+
+
+ |
+ ThreatExchange
+ |
+
+ Facebook created ThreatExchange so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups. This project is still in beta. Reference code can be found at GitHub.
+ |
+
+
+ |
+ Threat_Note
+ |
+
+ DPS 的轻量级调查笔记本
+ |
+
+
+ |
+ XFE - X-Force Exchange
+ |
+
+ The X-Force Exhange (XFE) by IBM XFE is a free SaaS product that you can use to search for threat intelligence information, collect your findings, and share your insights with other members of the XFE community.
+ |
+
+
+
+
+
+## 工具
+
+用户创建、解析、编辑威胁情报的各种工具,大多数基于 IOC
+
+
+
+ |
+ ActorTrackr
+ |
+
+ ActorTrackr 是一个用来存储/搜索/链接事件相关数据的开源 Web 应用程序。主要来源是用户以及各种公共资料库,也有一些来自 GitHub
+ |
+
+
+ |
+ AIEngine
+ |
+
+ AIEngine 是下一代交互式支持 Python/Ruby/Java/Lua 编程的包检测引擎,无需任何人工干预,具有 NIDS 的功能、DNS 域名分类、网络流量收集、网络取证等许多功能,源码在Bitbucket
+ |
+
+
+ |
+ Automater
+ |
+
+ Automater 是一个集合 URL/Domain、IP Address 和 Md5 的 OSINT 工具,旨在让入侵分析变得更轻松
+ |
+
+
+ |
+ Google APT Search Engine
+ |
+
+ APT 组织与恶意软件搜索引擎,用于此 Google 自定义搜索的来源列表在 GitHub 中
+ |
+
+
+ |
+ bro-intel-generator
+ |
+
+ 从 PDF 或 HTML 报告中提取信息生成 Bro intel 文件的脚本
+ |
+
+
+ |
+ cabby
+ |
+
+ 一个用来和 TAXII 服务器进行交互的简单 Python 库
+ |
+
+
+ |
+ cacador
+ |
+
+ Cacador 是一个使用 Go 编写的工具,用来从一段文本中提取常见的威胁情报指标
+ |
+
+
+ |
+ Combine
+ |
+
+ Combine 聚合了多个公开源的威胁情报
+ |
+
+
+ |
+ CrowdFMS
+ |
+
+ CrowdFMS 是一个利用私有 API 来自动收集与处理来自 VirusTotal 的样本的框架,该框架会自动下载最近的样本,从而触发 YARA 提醒订阅的警报
+ |
+
+
+ |
+ Fenrir
+ |
+
+ 简单的 Bash IOC 扫描器
+ |
+
+
+ |
+ Forager
+ |
+
+ 多线程威胁情报收集脚本
+ |
+
+
+ |
+ GoatRider
+ |
+
+ GoatRider 会动态拉取 Artillery Threat Intelligence 订阅数据、TOR、AlienVaults OTX 以及 Alexa top 1 million websites 与给定的主机名或 IP 进行比较
+ |
+
+
+ |
+ Harbinger Threat Intelligence
+ |
+
+ 从单一接口查询多个在线威胁情报聚合服务的 Python 脚本
+ |
+
+
+ |
+ Hiryu
+ |
+
+ 一个用来组织 APT 组织信息的工具,并提供 IOC 之间关系的可视化展示
+ |
+
+
+ |
+ IOC Editor
+ |
+
+ 一个免费的 Indicators of Compromise (IOCs) 编辑器
+ |
+
+
+ |
+ ioc_parser
+ |
+
+ 从 PDF 格式的安全报告中提取 IOC 的工具
+ |
+
+
+ |
+ ioc_writer
+ |
+
+ 一个可以创建/编辑基本 OpenIOC 对象的 Python 库
+ |
+
+
+ |
+ IOCextractor
+ |
+
+ IOC (Indicator of Compromise) Extractor 是一个帮助从文本文件中提取 IOC 的程序,旨在加速从非结构化数据/半结构化数据中提取结构化数据的过程
+ |
+
+
+ |
+ ibmxforceex.checker.py
+ |
+
+ IBM X-Force Exchange 的 Python 客户端
+ |
+
+
+ |
+ jager
+ |
+
+ Jager 是一个从各种数据源(现在已支持 PDF,很快支持纯文本,最终会支持网页)提取有用的 IOC 并将其变成易于操作的 JSON 格式的工具
+ |
+
+
+ |
+ libtaxii
+ |
+
+ 可以调用 TAXII 服务处理 TAXII 信息的 Python 库
+ |
+
+
+ |
+ Loki
+ |
+
+ 简单的 IOC 与事件响应扫描器
+ |
+
+
+ |
+ LookUp
+ |
+
+ LookUp 是一个有关 IP 地址的各种威胁信息的聚合页面,可以轻松的被集成到工具的上下文菜单中,如 SIEM 或其他调查工具
+ |
+
+
+ |
+ Machinae
+ |
+
+ Machinae 是一个用于从公开站点/订阅源收集各种与安全相关数据的工具,包括 IP 地址、域名、URL、电子邮件地址、文件哈希值与 SSL 指纹
+ |
+
+
+ |
+ MISP Workbench
+ |
+
+ 将 MISP 的 MySQL 数据库导出,使之可以在外部应用
+ |
+
+
+ |
+ MISP-Taxii-Server
+ |
+
+ 一组用于使用 EclecticIQ 的 OpenTAXII 实例的配置文件,当数据送达 TAXII 服务器的收件箱时带有回调
+ |
+
+
+ |
+ nyx
+ |
+
+ 该项目的目标是促进威胁情报分发到防御系统中,并增强从开源和商业工具中获得的价值
+ |
+
+
+ |
+ openioc-to-stix
+ |
+
+ 转换 STIX XML 为 OpenIOC XML
+ |
+
+
+ |
+ OSTIP
+ |
+
+ 自制的威胁数据平台
+ |
+
+
+ |
+ poortego
+ |
+
+ 用于处理/链接开源威胁情报的开源 Ruby 项目
+ |
+
+
+ |
+ PyIOCe
+ |
+
+ PyIOCe 是一个使用 Python 编写的 IOC 编辑器
+ |
+
+
+ |
+ QRadio
+ |
+
+ QRadio 是一个旨在巩固网络威胁情报源的工具/框架,该项目试图建立一个强大的框架来审查提取得到的威胁情报数据
+ |
+
+
+ |
+ rastrea2r
+ |
+
+ 收集与整理 Indicators of Compromise (IOC)
+ |
+
+
+ |
+ Redline
+ |
+
+ 主机调查工具,分析其可用于 ICO 分析的数据
+ |
+
+
+ |
+ RITA
+ |
+
+ Real Intelligence Threat Analytics (RITA) 旨在帮助不同规模的企业在网络中搜索 IOC
+ |
+
+
+ |
+ stix-viz
+ |
+
+ STIX 可视化工具
+ |
+
+
+ |
+ TAXII Test Server
+ |
+
+ 允许你通过连接给定的服务并执行 TAXII 给定的各种功能来测试你的 TAXII 环境
+ |
+
+
+ |
+ threataggregator
+ |
+
+ ThreatAggregrator 聚合了许多在线的威胁情报源,支持输出到各种格式,包括 CEF、Snort 和 iptables 的规则
+ |
+
+
+ |
+ threatcrowd_api
+ |
+
+ 使用 ThreatCrowd API 的 Python 库
+ |
+
+
+ |
+ threatcmd
+ |
+
+ ThreatCrowd 的命令行接口
+ |
+
+
+ |
+ Threatelligence
+ |
+
+ Threatelligence 是一个简单的威胁情报订阅收集器,使用 Elasticsearch、Kibana 和 Python 来自动收集自定义或开源的情报,自动跟踪数据更新,但是项目似乎以及放弃更新了
+ |
+
+
+ |
+ ThreatPinch Lookup
+ |
+
+ 一个用于在每个页面查找 IPv4、MD5、SHA2 以及 CVEs 的 Chrome 扩展程序
+ |
+
+
+ |
+ ThreatScanner
+ |
+
+ Fidelis Cybersecurity 开发的 ThreatScanner 在本地运行一个搜索 IOC 或 YARA 规则的脚本,并自动生成可疑信息的报告
+ |
+
+
+ |
+ ThreatTracker
+ |
+
+ 用于监控并生成一组由 Google 自定义搜索引擎得出的 IOC 数据集
+ |
+
+
+ |
+ threat_intel
+ |
+
+ 多个威胁情报的 API 聚合在一个包中,其中包括 OpenDNS Investigate、VirusTotal 和 ShadowServer
+ |
+
+
+ |
+ Threat-Intelligence-Hunter
+ |
+
+ TIH 是一个可以帮助你在多个可公开提取的安全订阅源与知名 API 中提取 IOC 的智能工具,创建这个工具的初衷就是为了方便搜索、存储 IOC,以方便你创建自己的本地数据库
+ |
+
+
+ |
+ tiq-test
+ |
+
+ Threat Intelligence Quotient (TIQ) 测试工具提供对威胁情报的可视化与统计分析
+ |
+
+
+ |
+ YETI
+ |
+
+ YETI 是一个 TAXII 的概念验证,带有收件箱、轮询和 TAXII 的特定服务支持
+ |
+
+
+ |
+ yeti
+ |
+
+ Your Everyday Threat Intelligence (YETI) 每日威胁情报
+ |
+
+
+
+
+
+##
+
+ |
+ APT & Cyber Criminal Campaign Collection
+ |
+
+ 广泛收集各种组织信息,来源多样
+ |
+
+
+ |
+ APTnotes
+ |
+
+ 关于 APT 的信息收集,通常包括战略、战术知识或建议
+ |
+
+
+ |
+ ATT&CK
+ |
+
+ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) 是用于描述攻击者在企业内网可能采取行动的一个模型与框架。ATT&CK 对于 post-access 是一个持续进步的共同参考,其可以在网络入侵中意识到什么行动最可能发生。MITRE 正在积极致力于相关信息的构建,就像 CAPEC、STIX 和 MAEC
+ |
+
+
+ |
+ Building Threat Hunting Strategies with the Diamond Model
+ |
+
+ Sergio Caltagirone 的博客:如何利用钻石模型开发威胁情报战略
+ |
+
+
+ |
+ Cyber Analytics Repository by MITRE
+ |
+
+ Cyber Analytics Repository (CAR) 是 MITRE 基于 ATT&CK™ 开发的知识库
+ |
+
+
+ |
+ Definitive Guide to Cyber Threat Intelligence
+ |
+
+ Describes the elements of cyber threat intelligence and discusses how it is collected, analyzed, and used by a variety of human and technology consumers.Fruther examines how intelligence can improve cybersecurity at tactical, operational, and strategic levels, and how it can help you stop attacks sooner, improve your defenses, and talk more productively about cybersecurity issues with executive management in typical for Dummies style.
+ |
+
+
+ |
+ The Detection Maturity Level (DML)
+ |
+
+ The DML model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
+ It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program.
+ The maturity of an organization is not measured by it's ability to merely obtain relevant intelligence, but rather it's capacity to apply that intelligence effectively to detection and response functions.
+ |
+
+
+ |
+ The Diamond Model of Intrusion Analysis
+ |
+
+ This paper presents the Diamond Model, a cognitive framework and analytic instrument to support and improve intrusion analysis. Supporint increased measurability, testability and repeatability
+ in intrusion analysis in order to attain higher effectivity, efficiency and accuracy in defeating adversaries is one of its main contributions.
+ |
+
+
+ |
+ F3EAD
+ |
+
+ F3EAD 是一个将行动与情报相结合的军事方法
+ |
+
+
+ |
+ Guide to Cyber Threat Information Sharing by NIST
+ |
+
+ The Guide to Cyber Threat Information Sharing (NIST Special Publication 800-150) assists organizations in establishing computer security incident response capabilities that leverage the collective knowledge, experience, and abilities of their partners by actively sharing threat intelligence and ongoing coordination. The guide provides guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident-related data.
+ |
+
+
+ |
+ Intelligence Preparation of the Battlefield/Battlespace
+ |
+
+ 探讨了 intelligence preparation of the battlespace (IPB) 战场的情报准备,讲述了 IPB 作为军事决策与规划的一个重要组成部分是如何支持决策以及整合流程
+ |
+
+
+ |
+ Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
+ |
+
+ 此文提出的入侵杀伤链为入侵分析、指标提取与执行防御行动提供了一种结构化的方法
+ |
+
+
+ |
+ Joint Publication 2-0: Joint Intelligence
+ |
+
+ This publication by the U.S army forms the core of joint intelligence doctrine and lays the foundation to fully integrate operations, plans and intelligence into a cohesive team. The concepts presented are applicable to (Cyber) Threat Intelligence too.
+ |
+
+
+ |
+ Microsoft Research Paper
+ |
+
+ 网络安全信息共享与风险降低的框架,微软高级概述文档
+ |
+
+
+ |
+ MISP Core Format (draft)
+ |
+
+ 文档主要介绍了在 MISP 实例间进行指标与威胁情报交换的核心格式
+ |
+
+
+ |
+ NECOMA Project
+ |
+
+ The Nippon-European Cyberdefense-Oriented Multilayer threat Analysis (NECOMA) research project is aimed at improving threat data collection and analysis to develop and demonstratie new cyberdefense mechanisms.
+ As part of the project several publications and software projects have been published.
+ |
+
+
+ |
+ Pyramid of Pain
+ |
+
+ The Pyramid of Pain is a graphical way to express the difficulty of obtaining different levels of indicators and the amount of resources adversaries have to expend when obtained by defenders.
+ |
+
+
+ |
+ Structured Analytic Techniques For Intelligence Analysis
+ |
+
+ 这本书包含了代表威胁情报、法律执行、国土安全以及商业分析最佳实践的方法
+ |
+
+
+ |
+ Threat Intelligence: Collecting, Analysing, Evaluating
+ |
+
+ This report by MWR InfoSecurity clearly describes several diffent types of threat intelligence, including strategic, tactical and operational variations. It also discusses the processes of requirements elicitation, collection, analysis, production and evaluation of threat intelligence. Also included are some quick wins and a maturity model for each of the types of threat intelligence defined by MWR InfoSecurity.
+ |
+
+
+ |
+ Traffic Light Protocol
+ |
+
+ Traffic Light Protocol (TLP) 是一组用来确保敏感信息可以被正确发布接收的信号组合。其使用四种颜色来标定不同程度的敏感信息和与其敏感程度相适应的接收人
+ |
+
+
+ |
+ Who's Using Cyberthreat Intelligence and How?
+ |
+
+ 由 SANS 研究所出品,描述包括策略执行在内的威胁情报使用情况的白皮书
+ |
+
+
+ |
+ WOMBAT Project
+ |
+
+ The WOMBAT project aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. To reach this goal, the proposal includes three key workpackages: (i) real time gathering of a diverse set of security related raw data, (ii) enrichment of this input by means of various analysis techniques, and (iii) root cause identification and understanding of the phenomena under scrutiny.
+ |
+
+
+
+
+
+## 许可证
+
+Licensed under [Apache License 2.0](LICENSE).