MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [content] updated

main
Alexandre Dulaunoy 2023-05-22 09:05:47 +02:00
parent 1859b73b64
commit 20ecc10039
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
202305-NATO-MUG-update/content.tex
View File

@ -205,6 +205,26 @@
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP objects}
\begin{itemize}
\item New {\bf ai-chat-prompt} to share AI chat prompt in MISP
\item New {\bf greynoise-intelligence}, {\bf risk-assessment-report}, {\bf transport-ticket}, {\bf AIS}, {\bf typosquatting}, {\bf telegram-bot} objects
\item Many improvements to existing objets to align with STIX 2.1 and updates
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP stix}
\begin{itemize}
\item misp-stix\footnote{\url{https://github.com/MISP/misp-stix}} is standalone Python library support MISP standard format and all the STIX version (1.1.1, 1.2, 2.0 and 2.1)
\item Two people from CIRCL are {\bf co-sharing the OASIS Cyber Threat Intelligence (CTI) TC and CTI STIX subcommittee}
\item Ensuring alignment between the standards, interoperability and an open source standard library
\item Improvement in misp-stix such as STIX 2.0 and 2.1 patterning and {\bf generic way to support observable objects}
\item Import in MISP added for STIX 2
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Cerebrate}
\begin{itemize}
@ -329,6 +349,16 @@
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP guard}
\begin{itemize}
\item misp-guard\footnote{\url{https://github.com/MISP/misp-guard}} is a mitmproxy addon that inspects the synchronization traffic (via PUSH or PULL) between different MISP instances and applies a set of customizable rules defined in a JSON file
\item {\bf Simple code base for doing complementary filtering} between different MISPs for sensitive or classified networks
\item misp-guard doesn't depend on MISP to apply the filtering
\item Next step code review and evaluate the different option for certification (ideas are welcome)
\end{itemize}
\end{frame}
\section{Conclusions}
\begin{frame}