diff --git a/events/misp-summit/2022/misp-stix/content.tex b/events/misp-summit/2022/misp-stix/content.tex index 5e58e7b..5685e91 100755 --- a/events/misp-summit/2022/misp-stix/content.tex +++ b/events/misp-summit/2022/misp-stix/content.tex @@ -178,14 +178,21 @@ \frametitle{Work in Progress} \begin{itemize} \item {\bf STIX 2 -> MISP import feature} - \item Better support of Custom Galaxy clusters \item [] - \item Decisions on how to import non Indicator or Observable data - \begin{itemize} - \item Attack Patterns, Threat Actors, etc. are contextual data on MISP - \item Ongoing discussions to define whether we import those STIX objects as MISP Galaxy clusters or MISP Attribute / Object - \end{itemize} + \item New MISP object templates \& Galaxy clusters + \item [] + \item Better support for Custom Galaxy clusters + \item [] \end{itemize} + \pause + \begin{minipage}{0.5\textwidth} + \begin{itemize} + \item {\bf TAXII integration} + \end{itemize} + \end{minipage}% + \begin{minipage}{0.5\textwidth} + \includegraphics[scale=0.2]{images/surprise.jpg} + \end{minipage} \end{frame} \begin{frame} @@ -214,24 +221,6 @@ \end{itemize} \end{frame} -\begin{frame} - \frametitle{Minding the gap between formats} - \begin{itemize} - \item From a sharing platform to an threat intelligence exchange format - \begin{itemize} - \item Custom STIX objects - \item Custom fields in existing objects - \end{itemize} - \item Handling the infinite possibilities of a patterning language - \begin{itemize} - \item Importing STIX 2 patterns in separate MISP objects - \end{itemize} - \end{itemize} - \pause - \vspace{1em} - \includegraphics[scale=0.15]{images/patterns.png} -\end{frame} - \begin{frame} \frametitle{Handling different STIX content creation designs} \begin{minipage}{0.6\textwidth} @@ -271,6 +260,55 @@ \end{minipage} \end{frame} +\begin{frame} + \frametitle{Minding the gap between formats} + \begin{itemize} + \item From a sharing platform to an threat intelligence exchange format + \begin{itemize} + \item Custom STIX objects + \item Custom fields in existing objects + \item STIX extensions + \end{itemize} + \item Handling the infinite possibilities of a patterning language + \begin{itemize} + \item Importing STIX 2 patterns in separate MISP objects + \end{itemize} + \end{itemize} + \pause + \vspace{1em} + \includegraphics[scale=0.15]{images/patterns.png} +\end{frame} + +\begin{frame} + \frametitle{Mapping challenges} + \includegraphics[scale=0.285]{images/challenges.png} +\end{frame} + +\begin{frame} + \frametitle{Evolution perspectives} + \begin{center} + \includegraphics[scale=0.1]{images/oasis.png} + \end{center} + \vspace{1em} + \begin{itemize} + \item Members of the Oasis CTI TC + \begin{itemize} + \item Our involvement + \begin{itemize} + \item Participating to the development process + \end{itemize} + \item [] + \item Our proposal: Go for the open source way + \begin{itemize} + \item Make the contribution process more accessible \\ + => Bring more contributers / contributions + \item Easier access to the resources \\ + => More visibility + \end{itemize} + \end{itemize} + \end{itemize} +\end{frame} + \begin{frame} \frametitle{How to report bugs/issues} \begin{itemize} diff --git a/events/misp-summit/2022/misp-stix/images/challenges.png b/events/misp-summit/2022/misp-stix/images/challenges.png new file mode 100644 index 0000000..290e67b Binary files /dev/null and b/events/misp-summit/2022/misp-stix/images/challenges.png differ diff --git a/events/misp-summit/2022/misp-stix/images/oasis.png b/events/misp-summit/2022/misp-stix/images/oasis.png new file mode 100644 index 0000000..549a72d Binary files /dev/null and b/events/misp-summit/2022/misp-stix/images/oasis.png differ diff --git a/events/misp-summit/2022/misp-stix/images/surprise.jpg b/events/misp-summit/2022/misp-stix/images/surprise.jpg new file mode 100644 index 0000000..47d3df2 Binary files /dev/null and b/events/misp-summit/2022/misp-stix/images/surprise.jpg differ