MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' of github.com:MISP/misp-training into main

exercise-movie
chrisr3d 2020-09-13 14:35:00 +02:00
parent f1430f32b3 28f1a1535e
commit 444f98d784
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
AUSCERT2020/content.tex
View File

@ -23,15 +23,16 @@
\begin{frame} \begin{frame}
\frametitle{The aim of this presentation} \frametitle{The aim of this presentation}
\begin{itemize} \begin{itemize}
\item Provide a quick introduction into MISP \item Provide a quick intro what MISP is and what issues we try to tackle
\item What sort of issues are we trying to tackle
\item A small update of what has happened around MISP's development over the past year \item A small update of what has happened around MISP's development over the past year
\item Where we're headed from here \item Where we're headed from here
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\section{Intro on MISP}
\begin{frame} \begin{frame}
\frametitle{What is MISP?} \frametitle{Objectives of MISP}
\begin{itemize} \begin{itemize}
\item MISP is a {\bf threat information sharing} platform that is free \& open source software \item MISP is a {\bf threat information sharing} platform that is free \& open source software
\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds \item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
@ -60,6 +61,7 @@
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\section{High level overview of the past year's changes}
\begin{frame} \begin{frame}
\frametitle{MISP's evolution since the last AusCERT} \frametitle{MISP's evolution since the last AusCERT}
@ -77,15 +79,17 @@
\begin{frame} \begin{frame}
\frametitle{So what were the main changes?} \frametitle{So what were the main changes?}
\begin{itemize} \begin{itemize}
\item Loads of bug fixes \item Loads of {\bf bug fixes}
\item A host of improvements to how MISP behaves in general \item A host of improvements to how MISP behaves in general
\item Security fixes, including several CVEs (keep your MISP up to date!) \item {\bf Security fixes}, including several CVEs (keep your MISP up to date!)
\item Generally loads of internal tuning for better scaling \item {\bf Internal tuning} for better scaling and performance altogether
\item Massively expanding context libraries \item Massively expanding {\bf context libraries}
\item Several major features (let's talk about these) \item Several major features (let's talk about these)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\section{Major features since last year}
\begin{frame} \begin{frame}
\frametitle{Timelining in MISP} \frametitle{Timelining in MISP}
\begin{itemize} \begin{itemize}
@ -113,7 +117,10 @@
\item Dashboard widgets are modular and {\bf easy to build} \item Dashboard widgets are modular and {\bf easy to build}
\item Create widgets that are {\bf ACL aware} \item Create widgets that are {\bf ACL aware}
\item The COVID-19 MISP community turned out to be a massive success \item The COVID-19 MISP community turned out to be a massive success
\item COVID-19 use-cases are just an example though (admin widgets, trend widgets, etc) \begin{itemize}
\item Just register if you would like to have access at \url{https://covid-19.iglocska.eu}
\end{itemize}
\item COVID-19 use-cases are just an example though (admin widgets, trend widgets, gamification, etc)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -180,15 +187,15 @@
\begin{itemize} \begin{itemize}
\item Initial modules \item Initial modules
\begin{itemize} \begin{itemize}
\item Return single attributes only \item Return {\bf single attributes} only
\item As light weight as possible \item As {\bf light-weight} as possible
\item Good to handle simple queries \item Good to handle {\bf simple queries}
\end{itemize} \end{itemize}
\item MISP format modules \item MISP format modules
\begin{itemize} \begin{itemize}
\item Return MISP standard format \item Return {\bf MISP standard format}
\item Backward compatible \item {\bf Backward compatible}
\item Much better results with complex data \item Much better results with {\bf complex data}
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\pause \pause
@ -207,6 +214,8 @@
\end{center} \end{center}
\end{frame} \end{frame}
\section{The road ahead}
\begin{frame} \begin{frame}
\frametitle{So that's where we are now} \frametitle{So that's where we are now}
\begin{itemize} \begin{itemize}
@ -218,17 +227,17 @@
\begin{frame} \begin{frame}
\frametitle{Going further with the MISP modules} \frametitle{Going further with the MISP modules}
\begin{itemize} \begin{itemize}
\item Move the export modules to the built-in export library \item Move the export modules to the {\bf built-in export library}
\item Make import module able to generate new events \item Enable import modules to be able to {\bf generate entire events}
\item Expansion modules for events \item {\bf Expansion modules} for the event scope
\end{itemize} \end{itemize}
\begin{itemize} \begin{itemize}
\item Move the modules to background processes with a \item Move the modules to {\bf background processes} with a
messaging system messaging system
\item Avoid results preview if needed \item Avoid the results preview when applicable
\begin{itemize} \begin{itemize}
\item Preview page can be very heavy \item Preview page can be very heavy
\item Difficulty is dealing with uncertain results (without the user \item Difficulty is {\bf dealing with uncertain results} (without the user
having final say) having final say)
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
@ -241,6 +250,7 @@ having final say)
\item Create, modify, {\bf share your custom galaxies} with the usual sync / ACL mechanisms \item Create, modify, {\bf share your custom galaxies} with the usual sync / ACL mechanisms
\item Fork and {\bf provide your own perspective} to already existing knowledge-base items \item Fork and {\bf provide your own perspective} to already existing knowledge-base items
\item Build {\bf relationships between galaxy clusters} (Threat actor A uses Tool B and targets Sector C) \item Build {\bf relationships between galaxy clusters} (Threat actor A uses Tool B and targets Sector C)
\item Already available in beta
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -249,16 +259,18 @@ having final say)
\begin{itemize} \begin{itemize}
\item Create {\bf markdown reports} and share them along with your events \item Create {\bf markdown reports} and share them along with your events
\item Structured information is great for automation, but sometimes plain prose helps telling a story \item Structured information is great for automation, but sometimes plain prose helps telling a story
\item Shared along with events, distribution per report item configurable
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{Community management at scale} \frametitle{Community management at scale}
\begin{itemize} \begin{itemize}
\item Cerebrate is a new OSS frameworks that we're building \item {\bf Cerebrate} is a new OSS frameworks that we're building
\item Manage organisation, sharing group, encryption key data for communities \item Manage {\bf organisation, sharing group, encryption key} data for communities
\item Instrument MISP instances and the interconnectivity between them via Cerebrate \item {\bf Instrument} MISP instances and the interconnectivity between them via Cerebrate
\item Introduce information signing by validating signatures / ownership via trusted Cerebrate nodes \item Introduce {\bf information signing} by validating signatures / ownership via trusted Cerebrate nodes
\item Early alpha already available
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -271,12 +283,15 @@ having final say)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\section{Conclusion}
\begin{frame} \begin{frame}
\frametitle{To sum it all up...} \frametitle{To sum it all up...}
\begin{itemize} \begin{itemize}
\item Many interesting things are happening \item Many interesting things are happening
\item We are following {\bf several routes} of development (internal improvements, contextualisation, integrations, operational improvements, community building) \item We are following {\bf several routes} of development (internal improvements, contextualisation, integrations, operational improvements, community building)
\item We have more ideas than can be implemented with days only having 24 hours, there are {\bf many ways to get involved} \item We have many more ideas, but sadly days are only 24 hours long
\item There are {\bf many ways to get involved}
\item Prioritisation is hard. {\bf Let us know what you think we should focus on}! \item Prioritisation is hard. {\bf Let us know what you think we should focus on}!
\end{itemize} \end{itemize}
\end{frame} \end{frame}

2
AUSCERT2020/slide.tex
View File

@ -15,7 +15,7 @@
%\usepackage[scaled]{beramono} %\usepackage[scaled]{beramono}
\author{\small{\input{../includes/authors.txt}}} \author{\small{\input{../includes/authors.txt}}}
\title{MISP status update} \title{MISP status update}
\subtitle{Improvements since the last MUG and the future roadmap} \subtitle{MISP - an update on the evolution since last year}
\institute{\includegraphics[scale=0.5]{misplogo.pdf}} \institute{\includegraphics[scale=0.5]{misplogo.pdf}}
\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} \titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}