chg: [event:AusCERT24] Slides rearrangements

- Switched the section on MISP features to the end
- Satisfied my pickyness in regards to indentation
pull/25/head
Christian Studer 2024-05-08 10:34:36 +02:00
parent 6851dd5fb2
commit 0ecc273202
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 114 additions and 114 deletions

View File

@ -14,9 +14,9 @@
\item How to get going?
\item Managing information sharing communities
\item []
\item Features for analysts
\item The importance of contextualisation
\item False-positive handling
\item Features for analysts
\end{itemize}
\end{frame}
@ -319,26 +319,6 @@
\end{itemize}
\end{frame}
\section{Interesting visual features \\ for analysts}
\begin{frame}
\frametitle{MISP feature - correlation}
\begin{itemize}
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes
\item Getting a direct benefit from shared information by other ISAC members
\end{itemize}
\includegraphics[scale=0.20]{../images/correlation.png}
\end{frame}
\begin{frame}
\frametitle{MISP feature - event graph}
\begin{itemize}
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes
\item ISACs users can directly understand the information shared
\end{itemize}
\includegraphics[scale=0.20]{../images/event-graph.png}
\end{frame}
\section{The importance of \\ contextualisation}
\begin{frame}
@ -389,20 +369,6 @@
\section{False-positive handling}
\begin{frame}
\frametitle{False-positives handling}
\begin{itemize}
\item You might often fall into the trap of discarding seemingly "junk" data
\item Besides volume limitations (which are absolutely valid, fear of false-positives is the most common reason why people discard data) - Our recommendation:
\begin{itemize}
\item Be lenient when considering what to keep
\item Be strict when you are feeding tools
\end{itemize}
\item MISP allows you to \textbf{filter out the relevant data on demand} when feeding protective tools
\item What may seem like \textbf{junk to you may} be absolutely \textbf{critical to other users}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Many objectives from different user-groups}
\begin{itemize}
@ -422,6 +388,20 @@
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{False-positives handling}
\begin{itemize}
\item You might often fall into the trap of discarding seemingly "junk" data
\item Besides volume limitations (which are absolutely valid, fear of false-positives is the most common reason why people discard data) - Our recommendation:
\begin{itemize}
\item Be lenient when considering what to keep
\item Be strict when you are feeding tools
\end{itemize}
\item MISP allows you to \textbf{filter out the relevant data on demand} when feeding protective tools
\item What may seem like \textbf{junk to you may} be absolutely \textbf{critical to other users}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{False-positive handling}
\begin{itemize}
@ -432,6 +412,26 @@
\centering\includegraphics[scale=0.8]{../images/false-positive.png}
\end{frame}
\section{Interesting visual features \\ for analysts}
\begin{frame}
\frametitle{MISP feature - correlation}
\begin{itemize}
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes
\item Getting a direct benefit from shared information by other ISAC members
\end{itemize}
\includegraphics[scale=0.20]{../images/correlation.png}
\end{frame}
\begin{frame}
\frametitle{MISP feature - event graph}
\begin{itemize}
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes
\item ISACs users can directly understand the information shared
\end{itemize}
\includegraphics[scale=0.20]{../images/event-graph.png}
\end{frame}
\section{Conclusion}
\begin{frame}