misp-training/misp-summit/2019/summary/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}[t,plain]
\titlepage
\end{frame}

\begin{frame}
        \frametitle{2019 - A successful year for the MISP project}
\begin{itemize}
        \item {\bf Improving and extending MISP project and information sharing practices} at a faster rate than expected
        \item Increasing the reach-out to collect ideas and inspirations from EU CSIRTs, the private sector and security professionals whilst doing trainings/workshops (thanks to the CEF funding)
        \item Integrate MISP at a rapid rate with {\bf other standards} (such as MITRE ATT\&CK sighting, STIX 2, GoAML and many others)
        \item Increased pan-European collaboration and information exchanged compared to 2018\footnote{https://www.x-isac.org/publication.html}
        \item Reaching the {\bf establishment of a European standard\footnote{\url{https://www.misp-standard.org/}} and open source toolset for threat intelligence and information sharing}
\end{itemize}
\end{frame}

\begin{frame}
        \frametitle{Major outcomes in 2019}
\begin{itemize}
        \item 18 releases of the MISP core software which included more than 10 major new features. Attracting a large group of new users and contributors
\end{itemize}
        \includegraphics[scale=0.18]{cfd.png}
        \includegraphics[scale=0.18]{objects-cfd.png}
        \includegraphics[scale=0.18]{galaxy-cfd.png}
\begin{itemize}
        \item Increase of contributions during 2019 (MISP core, MISP objects and galaxy libraries)
\end{itemize}
\end{frame}

\begin{frame}
        \frametitle{Security vulnerabilities}
        \begin{itemize}
        \item {\bf "We love the smell of security vulnerabilities report in the morning, it smells like a great day!"}
        \item In 2019, we had 9 CVEs\footnote{\url{https://www.misp-project.org/security/}} for MISP core software
        \item If you find or have any ongoing security review of MISP, don't be afraid to contact us directly
        \end{itemize}
\end{frame}

\begin{frame}
        \frametitle{Major outcomes of 2019}
        \begin{itemize}
                \item Improvements to external tools were created during 2019, such as those to the {\bf misp-dashboard} (4 releases) - with a new release being foreseen within the next weeks
                \item The decaying model for indicators described as an academic paper in 2018 is now part of the core MISP software\footnote{\url{https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html}}
                \item {\bf All MISP training materials are released as open content}\footnote{\url{https://github.com/MISP/misp-training}} and contain more than 36 hours of training materials (e.g. MISP usage, administration, OSINT analysis and collection,  building sharing communities)
                        \begin{itemize}
                                \item Source code is available and translation(s)/contribution(s) are welcome
                        \end{itemize}
        \end{itemize}
\end{frame}

\begin{frame}
        \frametitle{Some cliffnotes of what changed in the MISP core since last year}
        \begin{itemize}
                \item Large focus on the APIs (rework of restSearch, {\bf modular export system}, rest client, templating)
                \item Support for {\bf Matrix-like galaxies} starting with ATT\&CK
                \item Strong focus on the {\bf graphing features} of MISP
                \item More work on the {\bf use of objects} (possibility to turn flat events into object-based ones, etc)
                \item More focus on features supporting {\bf multi-misp internal setups (local tags, CLI management, server caching)}
                \item Massive amounts of work within and around MISP on contextualisation, all building up to the inclusion of the {\bf decaying model}
        \end{itemize}
\end{frame}

\begin{frame}
        \frametitle{MISP object templates}
        \begin{itemize}
                \item The number of object templates rose from 89 (in 2018) to 147 (in 2019), thanks in a large part to the diligent work of many external contributors
                \item Object templates added include {\bf telecom objects} (such as SS7, GTP, Diameter or IMSI-catcher output), {\bf cyber security objects}, {\bf security objects} (such as vehicule, interpol-notice)
                \item Objects are more and more used in different sharing communities and have overtaken simple attributes in MISP as the go-to data structure, offering better contextualisation for the data shared
        \end{itemize}
\end{frame}

\begin{frame}
        \frametitle{MISP taxonomies}
        \begin{itemize}
                \item There are {\bf 102 taxonomies} available in MISP project contributed by various organisations and partners
                \item FIRST.org CTI SIG contributed an {\bf ICS/OT Threat Attribution Industrial Control System taxonomy}
                \item MISP taxonomies\footnote{\url{https://www.misp-project.org/taxonomies.html}} are common libraries and sharing communities select usually a subset to match their needs
        \end{itemize}
\end{frame}

\begin{frame}
        \frametitle{MISP galaxies}
        \begin{itemize}
                \item There are {\bf 40 galaxies}\footnote{\url{https://www.misp-project.org/galaxy.html}} available in MISP project contributed by various organisations and partners
                \item We introduced a specific matrix-like format (such as MITRE ATT\&CK model) and many new matrix-like were contributed such AM!TT Tactic (misinformation model), o365-exchange-techniques, attck4fraud, election guidelines
        \end{itemize}
\end{frame}


\begin{frame}
        \frametitle{Conclusion}
        \begin{itemize}
                \item 2019 was a busy and successful year for the MISP project
                \item The 2-year CEF grant was a bootstrap to improve MISP to its next level
                \item New partnerships and projects are ongoing in 2020-2021 (such as the CEF VARIoT project or H2020 Enforce)
                \item As the MISP project becomes larger, we are {\bf improving the structure of the project} (misp-standard.org is the first step)
        \end{itemize}
\end{frame}

\begin{frame}
        \includegraphics[scale=0.3]{misp-core-contributors.png}
\end{frame}
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`% DO NOT COMPILE THIS FILE DIRECTLY!`
			`% This is included by the other .tex files.`

			`\begin{frame}[t,plain]`
			`\titlepage`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{2019 - A successful year for the MISP project}`
			`\begin{itemize}`
			`\item {\bf Improving and extending MISP project and information sharing practices} at a faster rate than expected`
minor changes 2019-10-20 22:55:43 +02:00			`\item Increasing the reach-out to collect ideas and inspirations from EU CSIRTs, the private sector and security professionals whilst doing trainings/workshops (thanks to the CEF funding)`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\item Integrate MISP at a rapid rate with {\bf other standards} (such as MITRE ATT\&CK sighting, STIX 2, GoAML and many others)`
			`\item Increased pan-European collaboration and information exchanged compared to 2018\footnote{https://www.x-isac.org/publication.html}`
minor changes 2019-10-20 22:55:43 +02:00			`\item Reaching the {\bf establishment of a European standard\footnote{\url{https://www.misp-standard.org/}} and open source toolset for threat intelligence and information sharing}`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Major outcomes in 2019}`
			`\begin{itemize}`
chg: [intro] taxonomies added + clarification that not everyone is using everything 2019-10-21 08:38:28 +02:00			`\item 18 releases of the MISP core software which included more than 10 major new features. Attracting a large group of new users and contributors`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{itemize}`
			`\includegraphics[scale=0.18]{cfd.png}`
			`\includegraphics[scale=0.18]{objects-cfd.png}`
			`\includegraphics[scale=0.18]{galaxy-cfd.png}`
			`\begin{itemize}`
chg: [intro] taxonomies added + clarification that not everyone is using everything 2019-10-21 08:38:28 +02:00			`\item Increase of contributions during 2019 (MISP core, MISP objects and galaxy libraries)`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{itemize}`
chg: [intro] vulnerabilities mentioned 2019-10-21 09:09:19 +02:00			`\end{frame}`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00
chg: [intro] vulnerabilities mentioned 2019-10-21 09:09:19 +02:00			`\begin{frame}`
			`\frametitle{Security vulnerabilities}`
			`\begin{itemize}`
			`\item {\bf "We love the smell of security vulnerabilities report in the morning, it smells like a great day!"}`
			`\item In 2019, we had 9 CVEs\footnote{\url{https://www.misp-project.org/security/}} for MISP core software`
			`\item If you find or have any ongoing security review of MISP, don't be afraid to contact us directly`
			`\end{itemize}`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{frame}`

			`\begin{frame}`
minor changes 2019-10-20 22:55:43 +02:00			`\frametitle{Major outcomes of 2019}`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\begin{itemize}`
minor changes 2019-10-20 22:55:43 +02:00			`\item Improvements to external tools were created during 2019, such as those to the {\bf misp-dashboard} (4 releases) - with a new release being foreseen within the next weeks`
			`\item The decaying model for indicators described as an academic paper in 2018 is now part of the core MISP software\footnote{\url{https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html}}`
			`\item {\bf All MISP training materials are released as open content}\footnote{\url{https://github.com/MISP/misp-training}} and contain more than 36 hours of training materials (e.g. MISP usage, administration, OSINT analysis and collection, building sharing communities)`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\begin{itemize}`
			`\item Source code is available and translation(s)/contribution(s) are welcome`
			`\end{itemize}`
			`\end{itemize}`
			`\end{frame}`

misp core stuff 2019-10-21 09:19:29 +02:00			`\begin{frame}`
			`\frametitle{Some cliffnotes of what changed in the MISP core since last year}`
			`\begin{itemize}`
			`\item Large focus on the APIs (rework of restSearch, {\bf modular export system}, rest client, templating)`
			`\item Support for {\bf Matrix-like galaxies} starting with ATT\&CK`
			`\item Strong focus on the {\bf graphing features} of MISP`
			`\item More work on the {\bf use of objects} (possibility to turn flat events into object-based ones, etc)`
			`\item More focus on features supporting {\bf multi-misp internal setups (local tags, CLI management, server caching)}`
			`\item Massive amounts of work within and around MISP on contextualisation, all building up to the inclusion of the {\bf decaying model}`
			`\end{itemize}`
			`\end{frame}`

chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\begin{frame}`
			`\frametitle{MISP object templates}`
			`\begin{itemize}`
minor changes 2019-10-20 22:55:43 +02:00			`\item The number of object templates rose from 89 (in 2018) to 147 (in 2019), thanks in a large part to the diligent work of many external contributors`
			`\item Object templates added include {\bf telecom objects} (such as SS7, GTP, Diameter or IMSI-catcher output), {\bf cyber security objects}, {\bf security objects} (such as vehicule, interpol-notice)`
			`\item Objects are more and more used in different sharing communities and have overtaken simple attributes in MISP as the go-to data structure, offering better contextualisation for the data shared`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{itemize}`
			`\end{frame}`

chg: [intro] taxonomies added + clarification that not everyone is using everything 2019-10-21 08:38:28 +02:00			`\begin{frame}`
			`\frametitle{MISP taxonomies}`
			`\begin{itemize}`
			`\item There are {\bf 102 taxonomies} available in MISP project contributed by various organisations and partners`
			`\item FIRST.org CTI SIG contributed an {\bf ICS/OT Threat Attribution Industrial Control System taxonomy}`
			`\item MISP taxonomies\footnote{\url{https://www.misp-project.org/taxonomies.html}} are common libraries and sharing communities select usually a subset to match their needs`
			`\end{itemize}`
			`\end{frame}`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00
chg: [summary] galaxies updated 2019-10-21 08:59:55 +02:00			`\begin{frame}`
			`\frametitle{MISP galaxies}`
			`\begin{itemize}`
			`\item There are {\bf 40 galaxies}\footnote{\url{https://www.misp-project.org/galaxy.html}} available in MISP project contributed by various organisations and partners`
			`\item We introduced a specific matrix-like format (such as MITRE ATT\&CK model) and many new matrix-like were contributed such AM!TT Tactic (misinformation model), o365-exchange-techniques, attck4fraud, election guidelines`
			`\end{itemize}`
			`\end{frame}`

chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00
			`\begin{frame}`
			`\frametitle{Conclusion}`
			`\begin{itemize}`
			`\item 2019 was a busy and successful year for the MISP project`
			`\item The 2-year CEF grant was a bootstrap to improve MISP to its next level`
			`\item New partnerships and projects are ongoing in 2020-2021 (such as the CEF VARIoT project or H2020 Enforce)`
chg: [intro] taxonomies added + clarification that not everyone is using everything 2019-10-21 08:38:28 +02:00			`\item As the MISP project becomes larger, we are {\bf improving the structure of the project} (misp-standard.org is the first step)`
chg: [misp-summit] first draft for the summit 2019 2019-10-20 22:32:48 +02:00			`\end{itemize}`
			`\end{frame}`

chg: [summary] contributors and security vulnerability 2019-10-21 09:18:24 +02:00			`\begin{frame}`
			`\includegraphics[scale=0.3]{misp-core-contributors.png}`
			`\end{frame}`