mirror of https://github.com/MISP/misp-training
Merge branch 'main' of github.com:MISP/misp-training into main
chrisr3d
commit
444f98d784
|
|
@ -23,15 +23,16 @@
|
|||
\begin{frame}
|
||||
\frametitle{The aim of this presentation}
|
||||
\begin{itemize}
|
||||
\item Provide a quick introduction into MISP
|
||||
\item What sort of issues are we trying to tackle
|
||||
\item Provide a quick intro what MISP is and what issues we try to tackle
|
||||
\item A small update of what has happened around MISP's development over the past year
|
||||
\item Where we're headed from here
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\section{Intro on MISP}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What is MISP?}
|
||||
\frametitle{Objectives of MISP}
|
||||
\begin{itemize}
|
||||
\item MISP is a {\bf threat information sharing} platform that is free \& open source software
|
||||
\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
|
||||
|
|
@ -60,6 +61,7 @@
|
|||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\section{High level overview of the past year's changes}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP's evolution since the last AusCERT}
|
||||
|
|
@ -77,15 +79,17 @@
|
|||
\begin{frame}
|
||||
\frametitle{So what were the main changes?}
|
||||
\begin{itemize}
|
||||
\item Loads of bug fixes
|
||||
\item Loads of {\bf bug fixes}
|
||||
\item A host of improvements to how MISP behaves in general
|
||||
\item Security fixes, including several CVEs (keep your MISP up to date!)
|
||||
\item Generally loads of internal tuning for better scaling
|
||||
\item Massively expanding context libraries
|
||||
\item {\bf Security fixes}, including several CVEs (keep your MISP up to date!)
|
||||
\item {\bf Internal tuning} for better scaling and performance altogether
|
||||
\item Massively expanding {\bf context libraries}
|
||||
\item Several major features (let's talk about these)
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\section{Major features since last year}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Timelining in MISP}
|
||||
\begin{itemize}
|
||||
|
|
@ -113,7 +117,10 @@
|
|||
\item Dashboard widgets are modular and {\bf easy to build}
|
||||
\item Create widgets that are {\bf ACL aware}
|
||||
\item The COVID-19 MISP community turned out to be a massive success
|
||||
\item COVID-19 use-cases are just an example though (admin widgets, trend widgets, etc)
|
||||
\begin{itemize}
|
||||
\item Just register if you would like to have access at \url{https://covid-19.iglocska.eu}
|
||||
\end{itemize}
|
||||
\item COVID-19 use-cases are just an example though (admin widgets, trend widgets, gamification, etc)
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -180,15 +187,15 @@
|
|||
\begin{itemize}
|
||||
\item Initial modules
|
||||
\begin{itemize}
|
||||
\item Return single attributes only
|
||||
\item As light weight as possible
|
||||
\item Good to handle simple queries
|
||||
\item Return {\bf single attributes} only
|
||||
\item As {\bf light-weight} as possible
|
||||
\item Good to handle {\bf simple queries}
|
||||
\end{itemize}
|
||||
\item MISP format modules
|
||||
\begin{itemize}
|
||||
\item Return MISP standard format
|
||||
\item Backward compatible
|
||||
\item Much better results with complex data
|
||||
\item Return {\bf MISP standard format}
|
||||
\item {\bf Backward compatible}
|
||||
\item Much better results with {\bf complex data}
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\pause
|
||||
|
|
@ -207,6 +214,8 @@
|
|||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\section{The road ahead}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{So that's where we are now}
|
||||
\begin{itemize}
|
||||
|
|
@ -218,17 +227,17 @@
|
|||
\begin{frame}
|
||||
\frametitle{Going further with the MISP modules}
|
||||
\begin{itemize}
|
||||
\item Move the export modules to the built-in export library
|
||||
\item Make import module able to generate new events
|
||||
\item Expansion modules for events
|
||||
\item Move the export modules to the {\bf built-in export library}
|
||||
\item Enable import modules to be able to {\bf generate entire events}
|
||||
\item {\bf Expansion modules} for the event scope
|
||||
\end{itemize}
|
||||
\begin{itemize}
|
||||
\item Move the modules to background processes with a
|
||||
\item Move the modules to {\bf background processes} with a
|
||||
messaging system
|
||||
\item Avoid results preview if needed
|
||||
\item Avoid the results preview when applicable
|
||||
\begin{itemize}
|
||||
\item Preview page can be very heavy
|
||||
\item Difficulty is dealing with uncertain results (without the user
|
||||
\item Difficulty is {\bf dealing with uncertain results} (without the user
|
||||
having final say)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
|
|
@ -241,6 +250,7 @@ having final say)
|
|||
\item Create, modify, {\bf share your custom galaxies} with the usual sync / ACL mechanisms
|
||||
\item Fork and {\bf provide your own perspective} to already existing knowledge-base items
|
||||
\item Build {\bf relationships between galaxy clusters} (Threat actor A uses Tool B and targets Sector C)
|
||||
\item Already available in beta
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -249,16 +259,18 @@ having final say)
|
|||
\begin{itemize}
|
||||
\item Create {\bf markdown reports} and share them along with your events
|
||||
\item Structured information is great for automation, but sometimes plain prose helps telling a story
|
||||
\item Shared along with events, distribution per report item configurable
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Community management at scale}
|
||||
\begin{itemize}
|
||||
\item Cerebrate is a new OSS frameworks that we're building
|
||||
\item Manage organisation, sharing group, encryption key data for communities
|
||||
\item Instrument MISP instances and the interconnectivity between them via Cerebrate
|
||||
\item Introduce information signing by validating signatures / ownership via trusted Cerebrate nodes
|
||||
\item {\bf Cerebrate} is a new OSS frameworks that we're building
|
||||
\item Manage {\bf organisation, sharing group, encryption key} data for communities
|
||||
\item {\bf Instrument} MISP instances and the interconnectivity between them via Cerebrate
|
||||
\item Introduce {\bf information signing} by validating signatures / ownership via trusted Cerebrate nodes
|
||||
\item Early alpha already available
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -271,12 +283,15 @@ having final say)
|
|||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{To sum it all up...}
|
||||
\begin{itemize}
|
||||
\item Many interesting things are happening
|
||||
\item We are following {\bf several routes} of development (internal improvements, contextualisation, integrations, operational improvements, community building)
|
||||
\item We have more ideas than can be implemented with days only having 24 hours, there are {\bf many ways to get involved}
|
||||
\item We have many more ideas, but sadly days are only 24 hours long
|
||||
\item There are {\bf many ways to get involved}
|
||||
\item Prioritisation is hard. {\bf Let us know what you think we should focus on}!
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
%\usepackage[scaled]{beramono}
|
||||
\author{\small{\input{../includes/authors.txt}}}
|
||||
\title{MISP status update}
|
||||
\subtitle{Improvements since the last MUG and the future roadmap}
|
||||
\subtitle{MISP - an update on the evolution since last year}
|
||||
\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
|
||||
\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue