\item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg {\bf National CERT for the private sector}.
\item CIRCL runs multiple large MISP communities performing {\bf active daily threat-intelligenge sharing}
\item CIRCL leads the development of {\bf MISP and many other open source softwares}\footnote{AIL-Framework, D4-project, CVE-search, passive-(ssl/dns), lookyloo}.
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{The aim of this presentation}
\begin{itemize}
\item Provide a quick introduction into MISP
\item What sort of issues are we trying to tackle
\item A small update of what has happened around MISP's development over the past year
\item Where we're headed from here
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{What is MISP?}
\begin{itemize}
\item MISP is a {\bf threat information sharing} platform that is free \& open source software
\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
\item Normalises, {\bf correlates}, {\bf enriches} the data
\item Allows teams and communities to {\bf collaborate}
\item{\bf Feeds} automated protective tools and analyst tools with the output
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP Features Highlights}
\begin{itemize}
\item Extensive Rest {\bf API}
\item Automatic {\bf correlation}
\item Granular distribution levels and {\bf synchronisation} systems
\item A wide range of {\bf ingestion systems}
\item{\bf Visualisation tools} for dashboarding, graphing, statistics
\item A host of {\bf export formats}, covering a wide range of use-cases
\item MISP galaxies will be fully managed via MISP directly
\item Create, modify, {\bf share your custom galaxies} with the usual sync / ACL mechanisms
\item Fork and {\bf provide your own perspective} to already existing knowledge-base items
\item Build {\bf relationships between galaxy clusters} (Threat actor A uses Tool B and targets Sector C)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Reports}
\begin{itemize}
\item Create {\bf markdown reports} and share them along with your events
\item Structured information is great for automation, but sometimes plain prose helps telling a story
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Community management at scale}
\begin{itemize}
\item Cerebrate is a new OSS frameworks that we're building
\item Manage organisation, sharing group, encryption key data for communities
\item Instrument MISP instances and the interconnectivity between them via Cerebrate
\item Introduce information signing by validating signatures / ownership via trusted Cerebrate nodes
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Rework of the MISP internals}
\begin{itemize}
\item We are planning on moving MISP to a {\bf more modern stack} (cake4/bs4)
\item Cerebrate also acts as a {\bf test-bed} for this move and relies on MISP internals that have already been ported
\item We have been silently {\bf reworking a lot of the internals} of MISP to make the migration possible (UI generator systems for example)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{To sum it all up...}
\begin{itemize}
\item Many interesting things are happening
\item We are following {\bf several routes} of development (internal improvements, contextualisation, integrations, operational improvements, community building)
\item We have more ideas than can be implemented with days only having 24 hours, there are {\bf many ways to get involved}
\item Prioritisation is hard. {\bf Let us know what you think we should focus on}!
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Get in touch if you have any questions}