MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [a.4] remove old misp-dashboard + updates

pull/20/head
Alexandre Dulaunoy 2022-09-14 13:16:05 +02:00
parent 068996fcbe
commit 192dd6bc9f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
a.4-best-practices/content.tex
View File

@ -29,8 +29,8 @@
\item Private sector community \item Private sector community
\begin{itemize} \begin{itemize}
\item Our largest sharing community \item Our largest sharing community
\item Over {\bf 1250 organisations} \item Over {\bf +1500 organisations}
\item {\bf ~3600 users} \item {\bf +4000 users}
\item Functions as a central hub for a lot of sharing communities \item Functions as a central hub for a lot of sharing communities
\item Private organisations, Researchers, Various SoCs, some CSIRTs, etc \item Private organisations, Researchers, Various SoCs, some CSIRTs, etc
\end{itemize} \end{itemize}
@ -82,11 +82,11 @@
\item Often come with their {\bf own taxonomies and domain specific object definitions} \item Often come with their {\bf own taxonomies and domain specific object definitions}
\end{itemize} \end{itemize}
\item FIRST.org's MISP community \item FIRST.org's MISP community
\item Telecom and Mobile operators' community \item Telecom and Mobile operators' such as GSMA T-ISAC community
\item Various ad-hoc communities for exercises for example \item Various ad-hoc communities for exercises for example
\begin{itemize} \begin{itemize}
\item The ENISA exercise for example \item The ENISA exercise for example
\item Locked Shields exercise \item Locked Shields exercise
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -138,15 +138,15 @@
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame} %\begin{frame}
\frametitle{CSIRT proactive services - MISP dashboard} %\frametitle{CSIRT proactive services - MISP dashboard}
\includegraphics[scale=0.18]{screenshots/dashboard-live.png} %\includegraphics[scale=0.18]{screenshots/dashboard-live.png}
\end{frame} %\end{frame}
\begin{frame} %\begin{frame}
\frametitle{CSIRT proactive services - MISP dashboard} %\frametitle{CSIRT proactive services - MISP dashboard}
\includegraphics[scale=0.18]{screenshots/dashboard-trendings.png} %\includegraphics[scale=0.18]{screenshots/dashboard-trendings.png}
\end{frame} %\end{frame}
\begin{frame} \begin{frame}
\frametitle{CSIRT advanced services} \frametitle{CSIRT advanced services}
@ -158,7 +158,6 @@
\item {\bf Notifications} to the constituency about relevant vulnerabilities \item {\bf Notifications} to the constituency about relevant vulnerabilities
\item {\bf Co-ordinating} with vendors for notifications (*) \item {\bf Co-ordinating} with vendors for notifications (*)
\item Internal / closed community sharing of pentest results \item Internal / closed community sharing of pentest results
\item We're planning on starting a series of hackathons to find
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -171,7 +170,7 @@
\item {\bf Seeking} and engaging in {\bf collaboration} with CSIRT or other parties during an incident \item {\bf Seeking} and engaging in {\bf collaboration} with CSIRT or other parties during an incident
\item Pre-sharing information to {\bf request for help} / additional information from the community \item Pre-sharing information to {\bf request for help} / additional information from the community
\item {\bf Pseudo-anonymised sharing} through 3rd parties to {\bf avoid attribution} of a potential target \item {\bf Pseudo-anonymised sharing} through 3rd parties to {\bf avoid attribution} of a potential target
\item Building processes for {\bf other types of sharing} to get the community engaged and acquainted with the methodologies of sharing (mule account information, border control, etc) \item Building processes for {\bf other types of sharing} to get the community engaged and acquainted with the methodologies of sharing (mule account information, disinformation campaigns, border control, etc)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -290,7 +289,7 @@
\begin{frame} \begin{frame}
\frametitle{So how does one convert the passive organisations into actively sharing ones?} \frametitle{So how does one convert the passive organisations into actively sharing ones?}
\begin{itemize} \begin{itemize}
\item Rely on {\bf organic growth} \item Rely on {\bf organic growth} and it takes time (+2 years is common)
\item {\bf Help} them increase their capabilities \item {\bf Help} them increase their capabilities
\item As mentioned before, lead by example \item As mentioned before, lead by example
\item Rely on the inherent value to one's self when sharing information (validation, enrichments, correlations) \item Rely on the inherent value to one's self when sharing information (validation, enrichments, correlations)
@ -356,7 +355,7 @@
\item The MISPProject in co-operation with partners provides a {\bf curated list of galaxy information} \item The MISPProject in co-operation with partners provides a {\bf curated list of galaxy information}
\item Can include information packages of different types, for example: \item Can include information packages of different types, for example:
\begin{itemize} \begin{itemize}
\item Threat actor information \item Threat actor information (event different models or approaches)
\item Specialised information such as Ransomware, Exploit kits, etc \item Specialised information such as Ransomware, Exploit kits, etc
\item Methodology information such as preventative actions \item Methodology information such as preventative actions
\item Classification systems for methodologies used by adversaries - ATT\&CK \item Classification systems for methodologies used by adversaries - ATT\&CK