\item CSIRTs (or private organisations) build their {\bf own honeypot, honeynet or blackhole monitoring network}
\item Designing, managing and operating such infrastructure is a tedious and resource intensive task
\item{\bf Automatic sharing} between monitoring networks from different organisations is missing
\item Sensors and processing are often seen as blackbox or difficult to audit
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Objective}
\begin{itemize}
\item Based on our experience with MISP\footnote{\url{https://github.com/MISP/MISP}} where sharing played an important role, we transpose
the model in D4 project
\item Keeping the protocol and code base {\bf simple and minimal}
\item Allowing every organisation to {\bf control and audit their own sensor network}
\item Extending D4 or {\bf encapsulating legacy monitoring protocols} must be as simple as possible
\item Ensuring that the sensor server has {\bf no control on the sensor} (unidirectional streaming)
\item Don't force users to use dedicated sensors and allow {\bf flexibility of sensor support} (software, hardware, virtual)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{(short) History}
\begin{itemize}
\item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
\item D4 encapsulation protocol version 1 published - 1st December 2018
\item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - 21st January 2018
\item First version of a golang D4 client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}} running on ARM, MIPS, PPC and x86 - January 2018
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{D4 Overview}
\includegraphics[scale=0.41]{d4-overview.pdf}
\end{frame}
\begin{frame}
\frametitle{Roadmap (next 2 months)}
\begin{itemize}
\item Passive DNS analyzer (alpha version released)
\item Passive SSL collector and analyzer
\item Backscatter DDoS traffic analyzer
\item{\bf Default server} (blackhole monitoring or Passive DNS collector) at CIRCL for organisations willing to contribute without running their own D4 server