misp-training/a.13-misp-stix/content.tex

170 lines
5.6 KiB
TeX
Raw Permalink Normal View History

2022-09-14 17:35:25 +02:00
% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}
\frametitle{MISP \& STIX}
\begin{itemize}
\item \textbf{Built-in integration}
\begin{itemize}
\item Available from the UI
\item Accessible via restSearch
\end{itemize}
\item []
2022-09-14 17:35:25 +02:00
\item Export \& Import features
\begin{itemize}
\item Export MISP data collections
2022-09-14 17:35:25 +02:00
\item Import STIX files
\end{itemize}
\item []
2022-09-14 17:35:25 +02:00
\item Supported version
\begin{itemize}
\item STIX 1.1.1 \& 1.2
\item STIX 2.0 \& 2.1
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{misp-stix - Key features}
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item MISP $\Longleftrightarrow$ STIX conversion
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Used by MISP core to handle the conversion ability
\item Preserve as much content \& context as possible
\end{itemize}
\item Support all the STIX versions
\begin{itemize}
\item \textbf{STIX 2.1 Support}
\item 1.1.1, 1.2, 2.0 Support enhanced
2022-09-14 17:35:25 +02:00
\end{itemize}
\item []
\item \textbf{Mapping documentation}\footnote{https://github.com/misp/misp-stix/tree/main/documentation\#readme}
\item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Handling the conversion with a python library}
\begin{itemize}
\item Integration in python code
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Automation made easier by a close coupling with PyMISP
\begin{itemize}
\item Export content from MISP
\end{itemize}
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\includegraphics[scale=0.15]{images/PyMISPrestSearchMISP.png}
2022-09-14 17:35:25 +02:00
\end{frame}
\begin{frame}
\frametitle{Handling the conversion with a python library}
\begin{itemize}
\item Integration in python code
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Automation made easier by a close coupling with PyMISP
\begin{itemize}
\item Export content from MISP
\item Using the STIX return format directly
\end{itemize}
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\includegraphics[scale=0.15]{images/PyMISPrestSearchSTIX.png}
2022-09-14 17:35:25 +02:00
\end{frame}
\begin{frame}
\frametitle{Handling the conversion with a python library}
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Integration in python code
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Automation made easier by a close coupling with PyMISP
\begin{itemize}
\item Converting STIX content and adding the resulting Event
\begin{center}
\includegraphics[scale=0.15]{images/PyMISPaddEvent.png}
\end{center}
\item Using the API endpoint directly
\begin{center}
\includegraphics[scale=0.15]{images/PyMISPuploadSTIX.png}
\end{center}
\end{itemize}
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Handling the conversion with a python library}
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Addressing the limitations of a MISP built-in integration
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Export \& import features available as a command-line application
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\centering\includegraphics[scale=0.14]{images/command_line_help.png}
\end{frame}
\begin{frame}
\frametitle{Handling the conversion with a python library}
\begin{itemize}
\item Addressing the limitations of a MISP built-in integration
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Export \& import features available as a command-line application
2022-09-14 17:35:25 +02:00
\end{itemize}
\end{itemize}
\centering\includegraphics[scale=0.14]{images/stix_import_results.png}
\end{frame}
\begin{frame}
\frametitle{Continuous Work in Progress \& Improvement}
\begin{itemize}
\item {\bf Improve the import feature}
2022-09-14 17:35:25 +02:00
\begin{itemize}
\item Handle different content design from different sources
\item Support of existing STIX objects libraries\footnote{https://github.com/mitre/cti}
\item Support custom STIX format
\item \textbf{Handle validation issues}
2022-09-14 17:35:25 +02:00
\end{itemize}
\item Continuous MISP $\Longleftrightarrow$ STIX mapping improvement
\item More tests to avoid edge case issues
\item []
\item Participating in Oasis CTI TC
2022-09-14 17:35:25 +02:00
\end{itemize}
\centering\includegraphics[scale=0.2]{images/oasis.png}
2022-09-14 17:35:25 +02:00
\end{frame}
\begin{frame}
\frametitle{How to report bugs/issues}
\begin{itemize}
\item Github issues
\begin{itemize}
\item {\bf https://github.com/MISP/misp-stix/issues}
\item https://github.com/MISP/MISP/issues
\end{itemize}
\item []
\item Please provide details
\begin{itemize}
\item How did the issue happen
2022-09-15 17:22:08 +02:00
\item {\bf Recommendation}: provide samples
2022-09-14 17:35:25 +02:00
\end{itemize}
\item[]
\item Any feedback welcome
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{To get in touch with us}
\begin{itemize}
\item \url{https://github.com/MISP/misp-stix}
\item \url{https://github.com/MISP/misp-stix/tree/main/documentation}
\item []
\item \url{https://github.com/MISP}
\item \url{https://www.misp-project.org/}
\item \url{https://twitter.com/MISPProject}
\item \url{https://twitter.com/chrisred_68}
\end{itemize}
\end{frame}