mirror of https://github.com/MISP/misp-training
chg: [event:AusCERT24] Slides rearrangements
- Switched the section on MISP features to the end - Satisfied my pickyness in regards to indentationpull/25/head
parent
6851dd5fb2
commit
0ecc273202
|
@ -14,9 +14,9 @@
|
|||
\item How to get going?
|
||||
\item Managing information sharing communities
|
||||
\item []
|
||||
\item Features for analysts
|
||||
\item The importance of contextualisation
|
||||
\item False-positive handling
|
||||
\item Features for analysts
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
@ -319,26 +319,6 @@
|
|||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\section{Interesting visual features \\ for analysts}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP feature - correlation}
|
||||
\begin{itemize}
|
||||
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes
|
||||
\item Getting a direct benefit from shared information by other ISAC members
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/correlation.png}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP feature - event graph}
|
||||
\begin{itemize}
|
||||
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes
|
||||
\item ISACs users can directly understand the information shared
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/event-graph.png}
|
||||
\end{frame}
|
||||
|
||||
\section{The importance of \\ contextualisation}
|
||||
|
||||
\begin{frame}
|
||||
|
@ -389,20 +369,6 @@
|
|||
|
||||
\section{False-positive handling}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{False-positives handling}
|
||||
\begin{itemize}
|
||||
\item You might often fall into the trap of discarding seemingly "junk" data
|
||||
\item Besides volume limitations (which are absolutely valid, fear of false-positives is the most common reason why people discard data) - Our recommendation:
|
||||
\begin{itemize}
|
||||
\item Be lenient when considering what to keep
|
||||
\item Be strict when you are feeding tools
|
||||
\end{itemize}
|
||||
\item MISP allows you to \textbf{filter out the relevant data on demand} when feeding protective tools
|
||||
\item What may seem like \textbf{junk to you may} be absolutely \textbf{critical to other users}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Many objectives from different user-groups}
|
||||
\begin{itemize}
|
||||
|
@ -422,6 +388,20 @@
|
|||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{False-positives handling}
|
||||
\begin{itemize}
|
||||
\item You might often fall into the trap of discarding seemingly "junk" data
|
||||
\item Besides volume limitations (which are absolutely valid, fear of false-positives is the most common reason why people discard data) - Our recommendation:
|
||||
\begin{itemize}
|
||||
\item Be lenient when considering what to keep
|
||||
\item Be strict when you are feeding tools
|
||||
\end{itemize}
|
||||
\item MISP allows you to \textbf{filter out the relevant data on demand} when feeding protective tools
|
||||
\item What may seem like \textbf{junk to you may} be absolutely \textbf{critical to other users}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{False-positive handling}
|
||||
\begin{itemize}
|
||||
|
@ -432,6 +412,26 @@
|
|||
\centering\includegraphics[scale=0.8]{../images/false-positive.png}
|
||||
\end{frame}
|
||||
|
||||
\section{Interesting visual features \\ for analysts}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP feature - correlation}
|
||||
\begin{itemize}
|
||||
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes
|
||||
\item Getting a direct benefit from shared information by other ISAC members
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/correlation.png}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP feature - event graph}
|
||||
\begin{itemize}
|
||||
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes
|
||||
\item ISACs users can directly understand the information shared
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/event-graph.png}
|
||||
\end{frame}
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
\begin{frame}
|
||||
|
|
Loading…
Reference in New Issue