misp-training/20200924-TW/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}
\titlepage
\end{frame}

\begin{frame}
  \frametitle{The aim of this presentation}
  \begin{itemize}
     \item Who are we (CIRCL)?
     \item Brief introduction to MISP
     \item What sort of communities are using MISP?
     \item How to get started
  \end{itemize}
\end{frame}

\begin{frame}
  \frametitle{MISP and CIRCL}
  \begin{center}
    \includegraphics[scale=0.45]{pics/circl.png}
    \hspace{2.5em}
    \includegraphics[scale=0.35]{pics/misp.pdf}
  \end{center}
  \begin{itemize}
    \item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg {\bf National CERT for the private sector}. 
    \item CIRCL runs multiple large MISP communities performing {\bf active daily threat-intelligenge sharing}
    \item CIRCL leads the development of {\bf MISP and many other open source softwares}\footnote{AIL-Framework, D4-project, CVE-search, passive-(ssl/dns), lookyloo}.
  \end{itemize}
\end{frame}

\begin{frame}
\frametitle{What is MISP?}
\begin{itemize}
       \item MISP is a {\bf threat information sharing} platform that is free \& open source software
       \item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
       \item Normalises, {\bf correlates}, {\bf enriches} the data
       \item Allows teams and communities to {\bf collaborate}
       \item {\bf Feeds} automated protective tools and analyst tools with the output
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{What are some key objectives of communities?}
\begin{itemize}
       \item To build "herd immunity" by sharing {\bf community relevant} threat information
       \item By allowing to share data both for {\bf automation} and to {\bf tell a story}
       \item {\bf Standardise} on how we {\bf express} and {\bf contextualise} threat information
       \item {\bf Monitor trends} about attacks against your community
       \item Rely on the shared data to {\bf bootstrap your investigations}
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{MISP Features Highlights}
    \begin{itemize}
        \item Functionalities to assist users in {\bf creating, collaborating and sharing}
        \begin{itemize}
            \item A wide range of imports
            \item Rest API
            \item Automatic correlation
            \item Proposals
            \item Granular distribution levels and sharing groups
            \item Advanced synchronisation mechanisms
        \end{itemize}
        \item A host of export formats
        \begin{itemize}
            \item {\bf IDSes / IPSes}: \texttt{Suricata, Bro/Zeek, Snort}
            \item {\bf SIEMs}: \texttt{CEF, STIX} 
            \item {\bf Host scanners}:  \texttt{OpenIOC, STIX, CSV, Yara}
            \item {\bf Analysis tools}: \texttt{Maltego}
            \item {\bf DNS policies}: \texttt{RPZ}
        \end{itemize}
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{What sort of MISP communities are there?}
\begin{itemize}
       \item {\bf Generalist} cyber securitity communities (CIRCL's Private sector community, FIRST, etc)
       \item {\bf Sectorial} communities (Financial, ISPs, GSMs, Law enforcement, Military, etc)
       \item {\bf Geographic communities} such as national, regional (Nordic, South American, etc)
       \item Communities centered around {\bf international organisations} (EU, NATO, etc)
       \item {\bf Topical} communities (disinformation, RATs, COVID-19, climate)
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{An example community in numbers: The CIRCL Private sector community}
\begin{itemize}
       \item {\bf Users}: 3.4k
       \item {\bf Organisations}: 1.6k
       \item {\bf Organisations having shared events}: 441
       \item {\bf Events}: ~77k
       \item {\bf Data points}: 12M
       \item {\bf Correlations}: 9M
       \item {\bf Proposals}: 78k
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Getting started}
\begin{itemize}
       \item Simplest: {\bf join an existing community} hosted by a trusted peer, use their instance
       \item {\bf Run your own} instance (simply install the OSS) and {\bf connect to} established communities
       \item {\bf Start your own} community with your own guidelines
       \item None of the above are exclusive
       \item {\bf Organic growth} from one to the other is expected
\end{itemize}
\end{frame}

\begin{frame}
  \frametitle{Get in touch if you have any questions}
  \begin{itemize}
    \item Contact CIRCL
    \begin{itemize}
      \item info@circl.lu
      \item \url{https://twitter.com/circl_lu}
      \item \url{https://www.circl.lu/}
    \end{itemize}
    \item Contact MISPProject 
    \begin{itemize}
      \item \url{https://github.com/MISP}
      \item \url{https://gitter.im/MISP/MISP}
      \item \url{https://twitter.com/MISPProject}
    \end{itemize}
  \end{itemize}
\end{frame}
added missing presentations 2021-01-28 08:23:56 +01:00			`% DO NOT COMPILE THIS FILE DIRECTLY!`
			`% This is included by the other .tex files.`

			`\begin{frame}`
			`\titlepage`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{The aim of this presentation}`
			`\begin{itemize}`
			`\item Who are we (CIRCL)?`
			`\item Brief introduction to MISP`
			`\item What sort of communities are using MISP?`
			`\item How to get started`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{MISP and CIRCL}`
			`\begin{center}`
			`\includegraphics[scale=0.45]{pics/circl.png}`
			`\hspace{2.5em}`
			`\includegraphics[scale=0.35]{pics/misp.pdf}`
			`\end{center}`
			`\begin{itemize}`
			`\item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg {\bf National CERT for the private sector}.`
			`\item CIRCL runs multiple large MISP communities performing {\bf active daily threat-intelligenge sharing}`
			`\item CIRCL leads the development of {\bf MISP and many other open source softwares}\footnote{AIL-Framework, D4-project, CVE-search, passive-(ssl/dns), lookyloo}.`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{What is MISP?}`
			`\begin{itemize}`
			`\item MISP is a {\bf threat information sharing} platform that is free \& open source software`
			`\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds`
			`\item Normalises, {\bf correlates}, {\bf enriches} the data`
			`\item Allows teams and communities to {\bf collaborate}`
			`\item {\bf Feeds} automated protective tools and analyst tools with the output`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{What are some key objectives of communities?}`
			`\begin{itemize}`
			`\item To build "herd immunity" by sharing {\bf community relevant} threat information`
			`\item By allowing to share data both for {\bf automation} and to {\bf tell a story}`
			`\item {\bf Standardise} on how we {\bf express} and {\bf contextualise} threat information`
			`\item {\bf Monitor trends} about attacks against your community`
			`\item Rely on the shared data to {\bf bootstrap your investigations}`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{MISP Features Highlights}`
			`\begin{itemize}`
			`\item Functionalities to assist users in {\bf creating, collaborating and sharing}`
			`\begin{itemize}`
			`\item A wide range of imports`
			`\item Rest API`
			`\item Automatic correlation`
			`\item Proposals`
			`\item Granular distribution levels and sharing groups`
			`\item Advanced synchronisation mechanisms`
			`\end{itemize}`
			`\item A host of export formats`
			`\begin{itemize}`
			`\item {\bf IDSes / IPSes}: \texttt{Suricata, Bro/Zeek, Snort}`
			`\item {\bf SIEMs}: \texttt{CEF, STIX}`
			`\item {\bf Host scanners}: \texttt{OpenIOC, STIX, CSV, Yara}`
			`\item {\bf Analysis tools}: \texttt{Maltego}`
			`\item {\bf DNS policies}: \texttt{RPZ}`
			`\end{itemize}`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{What sort of MISP communities are there?}`
			`\begin{itemize}`
			`\item {\bf Generalist} cyber securitity communities (CIRCL's Private sector community, FIRST, etc)`
			`\item {\bf Sectorial} communities (Financial, ISPs, GSMs, Law enforcement, Military, etc)`
			`\item {\bf Geographic communities} such as national, regional (Nordic, South American, etc)`
			`\item Communities centered around {\bf international organisations} (EU, NATO, etc)`
			`\item {\bf Topical} communities (disinformation, RATs, COVID-19, climate)`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{An example community in numbers: The CIRCL Private sector community}`
			`\begin{itemize}`
			`\item {\bf Users}: 3.4k`
			`\item {\bf Organisations}: 1.6k`
			`\item {\bf Organisations having shared events}: 441`
			`\item {\bf Events}: ~77k`
			`\item {\bf Data points}: 12M`
			`\item {\bf Correlations}: 9M`
			`\item {\bf Proposals}: 78k`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Getting started}`
			`\begin{itemize}`
			`\item Simplest: {\bf join an existing community} hosted by a trusted peer, use their instance`
			`\item {\bf Run your own} instance (simply install the OSS) and {\bf connect to} established communities`
			`\item {\bf Start your own} community with your own guidelines`
			`\item None of the above are exclusive`
			`\item {\bf Organic growth} from one to the other is expected`
			`\end{itemize}`
			`\end{frame}`

			`\begin{frame}`
			`\frametitle{Get in touch if you have any questions}`
			`\begin{itemize}`
			`\item Contact CIRCL`
			`\begin{itemize}`
			`\item info@circl.lu`
			`\item \url{https://twitter.com/circl_lu}`
			`\item \url{https://www.circl.lu/}`
			`\end{itemize}`
			`\item Contact MISPProject`
			`\begin{itemize}`
			`\item \url{https://github.com/MISP}`
			`\item \url{https://gitter.im/MISP/MISP}`
			`\item \url{https://twitter.com/MISPProject}`
			`\end{itemize}`
			`\end{itemize}`
			`\end{frame}`