diff --git a/a.13-misp-stix/content.tex b/a.13-misp-stix/content.tex index 828cea1..f15936b 100755 --- a/a.13-misp-stix/content.tex +++ b/a.13-misp-stix/content.tex @@ -8,34 +8,90 @@ \begin{frame} \frametitle{MISP \& STIX} \begin{itemize} - \item{\bf Built-in integration} + \item \textbf{Built-in integration} + \begin{itemize} + \item Available from the UI + \item Accessible via restSearch + \end{itemize} + \item [] \item Export \& Import features \begin{itemize} - \item Export MISP Events collections + \item Export MISP data collections \item Import STIX files \end{itemize} + \item [] \item Supported version \begin{itemize} - \item STIX 1.1.1 - \item STIX 2.0 + \item STIX 1.1.1 \& 1.2 + \item STIX 2.0 \& 2.1 \end{itemize} - \item Accessible via restSearch \end{itemize} \end{frame} \begin{frame} - \frametitle{Limitations} + \frametitle{misp-stix - Key features} \begin{itemize} - \item Feature limitations + \item MISP $\Longleftrightarrow$ STIX conversion \begin{itemize} - \item Supported versions - \item Data type support + \item Used by MISP core to handle the conversion ability + \item Preserve as much content \& context as possible + \end{itemize} + \item Support all the STIX versions + \begin{itemize} + \item \textbf{STIX 2.1 Support} + \item 1.1.1, 1.2, 2.0 Support enhanced \end{itemize} \item [] - \item Practical limitations + \item \textbf{Mapping documentation}\footnote{https://github.com/misp/misp-stix/tree/main/documentation\#readme} + \item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Handling the conversion with a python library} + \begin{itemize} + \item Integration in python code \begin{itemize} - \item Export and import features only available via MISP rest client - \item {\bf Github}: STIX issues lost within the MISP core issues + \item Automation made easier by a close coupling with PyMISP + \begin{itemize} + \item Export content from MISP + \end{itemize} + \end{itemize} + \end{itemize} + \includegraphics[scale=0.15]{images/PyMISPrestSearchMISP.png} +\end{frame} + +\begin{frame} + \frametitle{Handling the conversion with a python library} + \begin{itemize} + \item Integration in python code + \begin{itemize} + \item Automation made easier by a close coupling with PyMISP + \begin{itemize} + \item Export content from MISP + \item Using the STIX return format directly + \end{itemize} + \end{itemize} + \end{itemize} + \includegraphics[scale=0.15]{images/PyMISPrestSearchSTIX.png} +\end{frame} + +\begin{frame} + \frametitle{Handling the conversion with a python library} + \begin{itemize} + \item Integration in python code + \begin{itemize} + \item Automation made easier by a close coupling with PyMISP + \begin{itemize} + \item Converting STIX content and adding the resulting Event + \begin{center} + \includegraphics[scale=0.15]{images/PyMISPaddEvent.png} + \end{center} + \item Using the API endpoint directly + \begin{center} + \includegraphics[scale=0.15]{images/PyMISPuploadSTIX.png} + \end{center} + \end{itemize} \end{itemize} \end{itemize} \end{frame} @@ -43,51 +99,41 @@ \begin{frame} \frametitle{Handling the conversion with a python library} \begin{itemize} - \item Revamp of the source code - \item Enable a standalone use of the python code + \item Addressing the limitations of a MISP built-in integration \begin{itemize} - \item MISP JSON format -> STIX - \item Pass files with MISP JSON format -> get file with the export results in STIX + \item Export \& import features available as a command-line application \end{itemize} - \item [] - \item Possible integration within python code \end{itemize} + \centering\includegraphics[scale=0.14]{images/command_line_help.png} \end{frame} \begin{frame} - \frametitle{Key features} + \frametitle{Handling the conversion with a python library} \begin{itemize} - \item Support all the STIX versions + \item Addressing the limitations of a MISP built-in integration \begin{itemize} - \item {\bf STIX 2.1 Support} - \item 1.1.1, 1.2, 2.0 Support enhanced + \item Export \& import features available as a command-line application \end{itemize} - \item Various MISP data collection supported - \item[] - \item {\bf Mapping documentation} - \item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/} \end{itemize} + \centering\includegraphics[scale=0.14]{images/stix_import_results.png} \end{frame} \begin{frame} - \frametitle{Work in Progress \& Next improvements} + \frametitle{Continuous Work in Progress \& Improvement} \begin{itemize} - \item WiP + \item {\bf Improve the import feature} \begin{itemize} - \item {\bf Implement the import feature} + \item Handle different content design from different sources \item Support of existing STIX objects libraries\footnote{https://github.com/mitre/cti} + \item Support custom STIX format + \item \textbf{Handle validation issues} \end{itemize} - \item Next features on the roadmap - \begin{itemize} - \item Extend the export feature to any kind of data collection - \item Support custom STIX format\footnote{Especially while importing STIX data, {\bf and as long as we can implement support of well defined versions}} - \end{itemize} - \item Continuous improvement - \begin{itemize} - \item Mapping improvement - \item More tests to avoid edge case issues - \end{itemize} + \item Continuous MISP $\Longleftrightarrow$ STIX mapping improvement + \item More tests to avoid edge case issues + \item [] + \item Participating in Oasis CTI TC \end{itemize} + \centering\includegraphics[scale=0.2]{images/oasis.png} \end{frame} \begin{frame} diff --git a/a.13-misp-stix/images/PyMISPaddEvent.png b/a.13-misp-stix/images/PyMISPaddEvent.png new file mode 100644 index 0000000..763ba8f Binary files /dev/null and b/a.13-misp-stix/images/PyMISPaddEvent.png differ diff --git a/a.13-misp-stix/images/PyMISPrestSearchMISP.png b/a.13-misp-stix/images/PyMISPrestSearchMISP.png new file mode 100644 index 0000000..8a8cd57 Binary files /dev/null and b/a.13-misp-stix/images/PyMISPrestSearchMISP.png differ diff --git a/a.13-misp-stix/images/PyMISPrestSearchSTIX.png b/a.13-misp-stix/images/PyMISPrestSearchSTIX.png new file mode 100644 index 0000000..911eb5f Binary files /dev/null and b/a.13-misp-stix/images/PyMISPrestSearchSTIX.png differ diff --git a/a.13-misp-stix/images/PyMISPuploadSTIX.png b/a.13-misp-stix/images/PyMISPuploadSTIX.png new file mode 100644 index 0000000..27b40ea Binary files /dev/null and b/a.13-misp-stix/images/PyMISPuploadSTIX.png differ diff --git a/a.13-misp-stix/images/command_line_help.png b/a.13-misp-stix/images/command_line_help.png new file mode 100644 index 0000000..c64f454 Binary files /dev/null and b/a.13-misp-stix/images/command_line_help.png differ diff --git a/a.13-misp-stix/images/oasis.png b/a.13-misp-stix/images/oasis.png new file mode 100644 index 0000000..549a72d Binary files /dev/null and b/a.13-misp-stix/images/oasis.png differ diff --git a/a.13-misp-stix/images/stix_import_results.png b/a.13-misp-stix/images/stix_import_results.png new file mode 100644 index 0000000..e196155 Binary files /dev/null and b/a.13-misp-stix/images/stix_import_results.png differ