chg: [misp-stix] Updated slides with more recent information
|
@ -8,34 +8,90 @@
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{MISP \& STIX}
|
\frametitle{MISP \& STIX}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item{\bf Built-in integration}
|
\item \textbf{Built-in integration}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Available from the UI
|
||||||
|
\item Accessible via restSearch
|
||||||
|
\end{itemize}
|
||||||
|
\item []
|
||||||
\item Export \& Import features
|
\item Export \& Import features
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Export MISP Events collections
|
\item Export MISP data collections
|
||||||
\item Import STIX files
|
\item Import STIX files
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
\item []
|
||||||
\item Supported version
|
\item Supported version
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item STIX 1.1.1
|
\item STIX 1.1.1 \& 1.2
|
||||||
\item STIX 2.0
|
\item STIX 2.0 \& 2.1
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item Accessible via restSearch
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Limitations}
|
\frametitle{misp-stix - Key features}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Feature limitations
|
\item MISP $\Longleftrightarrow$ STIX conversion
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Supported versions
|
\item Used by MISP core to handle the conversion ability
|
||||||
\item Data type support
|
\item Preserve as much content \& context as possible
|
||||||
|
\end{itemize}
|
||||||
|
\item Support all the STIX versions
|
||||||
|
\begin{itemize}
|
||||||
|
\item \textbf{STIX 2.1 Support}
|
||||||
|
\item 1.1.1, 1.2, 2.0 Support enhanced
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item []
|
\item []
|
||||||
\item Practical limitations
|
\item \textbf{Mapping documentation}\footnote{https://github.com/misp/misp-stix/tree/main/documentation\#readme}
|
||||||
|
\item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Handling the conversion with a python library}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Export and import features only available via MISP rest client
|
\item Integration in python code
|
||||||
\item {\bf Github}: STIX issues lost within the MISP core issues
|
\begin{itemize}
|
||||||
|
\item Automation made easier by a close coupling with PyMISP
|
||||||
|
\begin{itemize}
|
||||||
|
\item Export content from MISP
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\includegraphics[scale=0.15]{images/PyMISPrestSearchMISP.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Handling the conversion with a python library}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Integration in python code
|
||||||
|
\begin{itemize}
|
||||||
|
\item Automation made easier by a close coupling with PyMISP
|
||||||
|
\begin{itemize}
|
||||||
|
\item Export content from MISP
|
||||||
|
\item Using the STIX return format directly
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\includegraphics[scale=0.15]{images/PyMISPrestSearchSTIX.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Handling the conversion with a python library}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Integration in python code
|
||||||
|
\begin{itemize}
|
||||||
|
\item Automation made easier by a close coupling with PyMISP
|
||||||
|
\begin{itemize}
|
||||||
|
\item Converting STIX content and adding the resulting Event
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.15]{images/PyMISPaddEvent.png}
|
||||||
|
\end{center}
|
||||||
|
\item Using the API endpoint directly
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.15]{images/PyMISPuploadSTIX.png}
|
||||||
|
\end{center}
|
||||||
|
\end{itemize}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
@ -43,51 +99,41 @@
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Handling the conversion with a python library}
|
\frametitle{Handling the conversion with a python library}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Revamp of the source code
|
\item Addressing the limitations of a MISP built-in integration
|
||||||
\item Enable a standalone use of the python code
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item MISP JSON format -> STIX
|
\item Export \& import features available as a command-line application
|
||||||
\item Pass files with MISP JSON format -> get file with the export results in STIX
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item []
|
|
||||||
\item Possible integration within python code
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
\centering\includegraphics[scale=0.14]{images/command_line_help.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Key features}
|
\frametitle{Handling the conversion with a python library}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Support all the STIX versions
|
\item Addressing the limitations of a MISP built-in integration
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item {\bf STIX 2.1 Support}
|
\item Export \& import features available as a command-line application
|
||||||
\item 1.1.1, 1.2, 2.0 Support enhanced
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item Various MISP data collection supported
|
|
||||||
\item[]
|
|
||||||
\item {\bf Mapping documentation}
|
|
||||||
\item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/}
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
\centering\includegraphics[scale=0.14]{images/stix_import_results.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Work in Progress \& Next improvements}
|
\frametitle{Continuous Work in Progress \& Improvement}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item WiP
|
\item {\bf Improve the import feature}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item {\bf Implement the import feature}
|
\item Handle different content design from different sources
|
||||||
\item Support of existing STIX objects libraries\footnote{https://github.com/mitre/cti}
|
\item Support of existing STIX objects libraries\footnote{https://github.com/mitre/cti}
|
||||||
|
\item Support custom STIX format
|
||||||
|
\item \textbf{Handle validation issues}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item Next features on the roadmap
|
\item Continuous MISP $\Longleftrightarrow$ STIX mapping improvement
|
||||||
\begin{itemize}
|
|
||||||
\item Extend the export feature to any kind of data collection
|
|
||||||
\item Support custom STIX format\footnote{Especially while importing STIX data, {\bf and as long as we can implement support of well defined versions}}
|
|
||||||
\end{itemize}
|
|
||||||
\item Continuous improvement
|
|
||||||
\begin{itemize}
|
|
||||||
\item Mapping improvement
|
|
||||||
\item More tests to avoid edge case issues
|
\item More tests to avoid edge case issues
|
||||||
|
\item []
|
||||||
|
\item Participating in Oasis CTI TC
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{itemize}
|
\centering\includegraphics[scale=0.2]{images/oasis.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
|
|
After Width: | Height: | Size: 154 KiB |
After Width: | Height: | Size: 441 KiB |
After Width: | Height: | Size: 458 KiB |
After Width: | Height: | Size: 57 KiB |
After Width: | Height: | Size: 294 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 414 KiB |