mirror of https://github.com/MISP/misp-training
chg: [content] updated
parent
1859b73b64
commit
20ecc10039
|
@ -205,6 +205,26 @@
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{MISP objects}
|
||||||
|
\begin{itemize}
|
||||||
|
\item New {\bf ai-chat-prompt} to share AI chat prompt in MISP
|
||||||
|
\item New {\bf greynoise-intelligence}, {\bf risk-assessment-report}, {\bf transport-ticket}, {\bf AIS}, {\bf typosquatting}, {\bf telegram-bot} objects
|
||||||
|
\item Many improvements to existing objets to align with STIX 2.1 and updates
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{MISP stix}
|
||||||
|
\begin{itemize}
|
||||||
|
\item misp-stix\footnote{\url{https://github.com/MISP/misp-stix}} is standalone Python library support MISP standard format and all the STIX version (1.1.1, 1.2, 2.0 and 2.1)
|
||||||
|
\item Two people from CIRCL are {\bf co-sharing the OASIS Cyber Threat Intelligence (CTI) TC and CTI STIX subcommittee}
|
||||||
|
\item Ensuring alignment between the standards, interoperability and an open source standard library
|
||||||
|
\item Improvement in misp-stix such as STIX 2.0 and 2.1 patterning and {\bf generic way to support observable objects}
|
||||||
|
\item Import in MISP added for STIX 2
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Cerebrate}
|
\frametitle{Cerebrate}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
@ -329,6 +349,16 @@
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{MISP guard}
|
||||||
|
\begin{itemize}
|
||||||
|
\item misp-guard\footnote{\url{https://github.com/MISP/misp-guard}} is a mitmproxy addon that inspects the synchronization traffic (via PUSH or PULL) between different MISP instances and applies a set of customizable rules defined in a JSON file
|
||||||
|
\item {\bf Simple code base for doing complementary filtering} between different MISPs for sensitive or classified networks
|
||||||
|
\item misp-guard doesn't depend on MISP to apply the filtering
|
||||||
|
\item Next step code review and evaluate the different option for certification (ideas are welcome)
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\section{Conclusions}
|
\section{Conclusions}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
|
|
Loading…
Reference in New Issue