diff --git a/CTI-summit-2022-misp-update/Sightings2.PNG b/CTI-summit-2022-misp-update/Sightings2.PNG new file mode 100644 index 0000000..cd35990 Binary files /dev/null and b/CTI-summit-2022-misp-update/Sightings2.PNG differ diff --git a/CTI-summit-2022-misp-update/attack-screenshot.png b/CTI-summit-2022-misp-update/attack-screenshot.png new file mode 100644 index 0000000..44cf2ff Binary files /dev/null and b/CTI-summit-2022-misp-update/attack-screenshot.png differ diff --git a/CTI-summit-2022-misp-update/b.4-turning-data-into-actionable-intelligence-short.pdf b/CTI-summit-2022-misp-update/b.4-turning-data-into-actionable-intelligence-short.pdf new file mode 100644 index 0000000..2bdf2e6 Binary files /dev/null and b/CTI-summit-2022-misp-update/b.4-turning-data-into-actionable-intelligence-short.pdf differ diff --git a/CTI-summit-2022-misp-update/bankaccount.png b/CTI-summit-2022-misp-update/bankaccount.png new file mode 100644 index 0000000..94eb5cc Binary files /dev/null and b/CTI-summit-2022-misp-update/bankaccount.png differ diff --git a/CTI-summit-2022-misp-update/bankview.png b/CTI-summit-2022-misp-update/bankview.png new file mode 100644 index 0000000..ce629c1 Binary files /dev/null and b/CTI-summit-2022-misp-update/bankview.png differ diff --git a/CTI-summit-2022-misp-update/circl.png b/CTI-summit-2022-misp-update/circl.png new file mode 100644 index 0000000..c570ff2 Binary files /dev/null and b/CTI-summit-2022-misp-update/circl.png differ diff --git a/CTI-summit-2022-misp-update/content.tex b/CTI-summit-2022-misp-update/content.tex new file mode 100644 index 0000000..b69ed4b --- /dev/null +++ b/CTI-summit-2022-misp-update/content.tex @@ -0,0 +1,342 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\begin{frame} +\titlepage +\end{frame} + +\begin{frame} + \frametitle{The aim of this presentation} + \begin{itemize} + \item What has happened since the 2021 MISP summit + \item Give you a brief update over the highlights from the past year + \item Upcoming changes + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP's evolution since the last MISP summit} + \begin{itemize} + \item Since the last MISP summit (09/2021) we've had: + \begin{itemize} + \item {\bf 16} releases + \item {\bf 3768} commits + \item {\bf 100} contributors contributing to the core software and its components + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{A topical listing of the new major features} + \begin{itemize} + \item Internals and core feature improvements + \item Integrations + \item Security + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Internals and core feature improvements} +\end{frame} + +\begin{frame} + \frametitle{Continuous work on preparing a tech stack switch} + \begin{itemize} + \item {\bf Refactoring} the code base + \item Fixing several long standing issues + \item Heavy focus also on {\bf integration} + \item {\bf Documentation} of existing functionalities and mappings + \item Building on and reusing {\bf Cerebrate's codebase} + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{New background processing library} +\begin{itemize} + \item Finally, it is time to sunset the ancient background processor of MISP + \item New tool, built from the ground up by Luciano Righetti + \begin{itemize} + \item More simplistic, relying on {\bf Supervisord} + \item No bloated scheduling - reliance on {\bf cron jobs} + \item Internally {\bf compatible} with the old processor + \end{itemize} + \item For a period of time we will be {\bf supporting both} concurrently +\end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Sharing group blueprints} + \begin{itemize} + \item Solving the issue of {\bf sharing group lifecycle management} + \item Build SG blueprints for reusable, maintainable sharing groups + \item Abstract sharing groups, organisation metadata as building blocks + \item Solve newly arising sharing challenges + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Sharing group blueprints} +\includegraphics[scale=0.6]{images/blueprints2.png} +\end{frame} + +\begin{frame} + \frametitle{Further synchronisation filtering methods} + \begin{itemize} + \item The ability to {\bf exclude} certain attribute {\bf types from the synchronisation} + \item Comes with some risks, but solves some issues + \item An example: {\bf Exclusion of malware samples when sharing towards classified networks} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Advanced timelining} + \begin{itemize} + \item Rework of the timelining in MISP + \item Inclusion of images, sightings + \item Various other improvements + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Timelining} +\includegraphics[scale=0.2]{images/timelining.png} +\end{frame} + +\begin{frame} + \frametitle{Periodic notifications} + \begin{itemize} + \item Optional {\bf digest based notifications} rather than publish alerts + \item Inclusion of images, sightings + \item Various other improvements + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Periodic notifications} +\includegraphics[scale=0.2]{images/periodic.png} +\end{frame} + +\begin{frame} + \frametitle{New correlation engine} + \begin{itemize} + \item Massive {\bf performance bump} and storage size decrease + \item Automatic {\bf overcorrelation protection} + \item {\bf No ACL} mode for {\bf endpoint MISPs} + \item Extensible system for future, alternate engines + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Custom E-mail templates} + \begin{itemize} + \item Build text/HTML templates for {\bf custom publish alerts} + \item Drop the templates in the appropriate directory and you're good to go + \item Enrollment and password reset templates also supported + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Continuous improvements} + \begin{itemize} + \item Massive list of {\bf quality of life} improvements + \item {\bf Performance} fixes + \item Loads of nice new improvements for you to discover + \item Massive shoutout to the hero of fixing the mess we've made: {\bf Jakub Onderka} + \end{itemize} +\end{frame} + + +\begin{frame} + \frametitle{Integrations} +\end{frame} + +\begin{frame} + \frametitle{OpenAPI} + \begin{itemize} + \item Full documentation of our APIs by Luciano Righetti + \item {\bf New API pages} + \item Sample {\bf payloads, descriptions, expected responses} + \item Makes integrating / using the API a breeze + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{OpenAPI} +\includegraphics[scale=0.15]{images/openapi_page.png} +\end{frame} + +\begin{frame} + \frametitle{Workflows} + \begin{itemize} + \item Brief recap, as presented earlier today by Sami + \item Modify {\bf existing execution paths} + \item Bake in {\bf interactions with other tools} + \item Build extensive {\bf decision trees} + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Workflows} +\includegraphics[scale=0.25]{images/workflows.png} +\end{frame} + +\begin{frame} + \frametitle{STIX libraries} + \begin{itemize} + \item {\bf Massive rework}, the outcome of over a year of development by Christian Studer + \item Added STIX 2.1 support on export + \item STIX 1.1.1, 1.2, 2.0, {\bf 2.1} all supported + \item Much more complex, in-depth mapping, aiming for {\bf 100\% coverage of the standard} + \item Collaboration with {\bf DHS and MITRE} + \item The MISP->STIX converters became their own {\bf standalone library} + \item Extensive {\bf documentation} and examples for all possible generated objects + \item Test suites to validate against MITRE's libraries + \item {\bf For a deep dive, make sure to catch Christian's talk tomorrow!} + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{OpenAPI} +\includegraphics[scale=0.4]{images/stix.png} +\end{frame} + +\begin{frame} + \frametitle{Cerebrate integration} + \begin{center} + \includegraphics[scale=0.1]{images/cerebrate-logo.png} + \end{center} + \begin{itemize} + \item Cerebrate session tomorrow + \item Integration with the {\bf contact management} system + \item Functionalities to allow {\bf management by Cerebrate} + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{mail2misp 1.0 release} +\begin{itemize} + \item A tool we've been using internally for a long time + \item First official release + \item {\bf Receive, parse, encode} emails as MISP events + \item Works with existing mail infrastructure or via a spamtrap + \item Configure extensive {\bf parsing rules} + \item Built and maintained by our colleague Sascha Rommelfangen +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Integrations} +\begin{itemize} + \item New MISP modules and improvements to existing ones + \item Some examples: + \begin{itemize} + \item Integration with Alexandre Dulaunoy's new Hashlookup service + \item Passive SSH integration + \item Recorded Future module + \end{itemize} +\end{itemize} +\end{frame} + + +\begin{frame} + \frametitle{Security} +\end{frame} + + +\begin{frame} + \frametitle{Cryptographic signing and tamper protection} + \begin{itemize} + \item Need to be able to share and ensure the {\bf veracity of critical events} + \item Tampering by {\bf malicious intermediaries}, even in closed networks became a new fear + \item We came up with a solution that allows us to {\bf lock down critical events} + \item Limits the distribution, but {\bf increases the resilience} of MISP immensely + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Cryptographic signing and tamper protection} +\includegraphics[scale=0.5]{images/signing1.png} +\end{frame} + +\begin{frame} +\frametitle{Cryptographic signing and tamper protection} +\includegraphics[scale=0.5]{images/signing2.png} +\end{frame} + +\begin{frame} +\frametitle{Cryptographic signing and tamper protection} +\includegraphics[scale=0.6]{images/signing3.png} +\includegraphics[scale=0.6]{images/signing4.png} +\end{frame} + +\begin{frame} + \frametitle{Security fixes} + \begin{itemize} + \item Long list of penetration test results shared with us by the community... + \item ...including an in-depth series conducted by {\bf Zigrin security on behalf of the Luxembourgish army} + \item 11 new CVEs in the past year + \item Long list of usability/bug fixes as a secondary outcome of the pentest reports + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{The Future} + \begin{itemize} + \item Stack switch to Cerebrate's codebase + \item Many new systems that have are built to be fleshed out + \begin{itemize} + \item {\bf Workflows} - new hooks, inter-module interactions, sample blueprints + \item Custom {\bf correlation engines} + \item Tighter integration with {\bf Cerebrate} + \item {\bf Cryptographic securing} of exchanges + \end{itemize} + \item Continuous improvements to integrations + \begin{itemize} + \item New {\bf modules}, improving existing ones + \item Tighter integration with {\bf STIX/TAXII} + \item Refinement of the {\bf APIs} and supporting libraries + \end{itemize} + \item Tighter integration with {\bf IAM} systems + \item Sanity checking our list of deprecated functionalities + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{To sum it all up...} + \begin{itemize} + \item The MISP {\bf developer community} continues to grow and stay active + \item The main focus the past year was on the following + \begin{itemize} + \item Performance, security, UX improvements + \item Customisations of workflow processes + \item Better operationalisation of MISP (community management, integration, monitoring) + \item Fleshing out the documentation and supporting materials + \end{itemize} + \item Cerebrate is aiming to fill the void of community/fleet management that we currently have + \item Definitely no lack of new ideas and improvements, if you want to participate, it's easy to {\bf get involved} + \item Prioritisation is hard. {\bf Let us know what you think we should focus on}! + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Get in touch if you have any questions} + \begin{itemize} + \item Contact CIRCL + \begin{itemize} + \item info@circl.lu + \item \url{https://twitter.com/circl_lu} + \item \url{https://www.circl.lu/} + \end{itemize} + \item Contact MISPProject + \begin{itemize} + \item \url{https://github.com/MISP} + \item \url{https://gitter.im/MISP/MISP} + \item \url{https://twitter.com/MISPProject} + \end{itemize} + \item Cerebrate project + \begin{itemize} + \item \url{https://github.com/cerebrate-project} + \item \url{https://github.com/cerebrate-project/cerebrate} + \end{itemize} + \end{itemize} +\end{frame} diff --git a/CTI-summit-2022-misp-update/covid.png b/CTI-summit-2022-misp-update/covid.png new file mode 100644 index 0000000..e6e869f Binary files /dev/null and b/CTI-summit-2022-misp-update/covid.png differ diff --git a/CTI-summit-2022-misp-update/creativity.png b/CTI-summit-2022-misp-update/creativity.png new file mode 100644 index 0000000..d9878e2 Binary files /dev/null and b/CTI-summit-2022-misp-update/creativity.png differ diff --git a/CTI-summit-2022-misp-update/dashboard-trendings.png b/CTI-summit-2022-misp-update/dashboard-trendings.png new file mode 100644 index 0000000..e8937e4 Binary files /dev/null and b/CTI-summit-2022-misp-update/dashboard-trendings.png differ diff --git a/CTI-summit-2022-misp-update/decaying-basescore.png b/CTI-summit-2022-misp-update/decaying-basescore.png new file mode 100644 index 0000000..d21e261 Binary files /dev/null and b/CTI-summit-2022-misp-update/decaying-basescore.png differ diff --git a/CTI-summit-2022-misp-update/decaying-event.png b/CTI-summit-2022-misp-update/decaying-event.png new file mode 100644 index 0000000..553b9e7 Binary files /dev/null and b/CTI-summit-2022-misp-update/decaying-event.png differ diff --git a/CTI-summit-2022-misp-update/decaying-index.png b/CTI-summit-2022-misp-update/decaying-index.png new file mode 100644 index 0000000..c8c9754 Binary files /dev/null and b/CTI-summit-2022-misp-update/decaying-index.png differ diff --git a/CTI-summit-2022-misp-update/decaying-simulation.png b/CTI-summit-2022-misp-update/decaying-simulation.png new file mode 100644 index 0000000..8252a09 Binary files /dev/null and b/CTI-summit-2022-misp-update/decaying-simulation.png differ diff --git a/CTI-summit-2022-misp-update/decaying-tool.png b/CTI-summit-2022-misp-update/decaying-tool.png new file mode 100644 index 0000000..ff8c298 Binary files /dev/null and b/CTI-summit-2022-misp-update/decaying-tool.png differ diff --git a/CTI-summit-2022-misp-update/en_cef.png b/CTI-summit-2022-misp-update/en_cef.png new file mode 100644 index 0000000..5fed070 Binary files /dev/null and b/CTI-summit-2022-misp-update/en_cef.png differ diff --git a/CTI-summit-2022-misp-update/galaxy-ransomware.png b/CTI-summit-2022-misp-update/galaxy-ransomware.png new file mode 100644 index 0000000..5cf42cc Binary files /dev/null and b/CTI-summit-2022-misp-update/galaxy-ransomware.png differ diff --git a/CTI-summit-2022-misp-update/images/SoD.png b/CTI-summit-2022-misp-update/images/SoD.png new file mode 100644 index 0000000..b95a9ec Binary files /dev/null and b/CTI-summit-2022-misp-update/images/SoD.png differ diff --git a/CTI-summit-2022-misp-update/images/authkey.png b/CTI-summit-2022-misp-update/images/authkey.png new file mode 100644 index 0000000..46174b9 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/authkey.png differ diff --git a/CTI-summit-2022-misp-update/images/blueprints1.png b/CTI-summit-2022-misp-update/images/blueprints1.png new file mode 100644 index 0000000..edaedcb Binary files /dev/null and b/CTI-summit-2022-misp-update/images/blueprints1.png differ diff --git a/CTI-summit-2022-misp-update/images/blueprints2.png b/CTI-summit-2022-misp-update/images/blueprints2.png new file mode 100644 index 0000000..b2d73cb Binary files /dev/null and b/CTI-summit-2022-misp-update/images/blueprints2.png differ diff --git a/CTI-summit-2022-misp-update/images/cerebrate-logo.png b/CTI-summit-2022-misp-update/images/cerebrate-logo.png new file mode 100644 index 0000000..82bcaab Binary files /dev/null and b/CTI-summit-2022-misp-update/images/cerebrate-logo.png differ diff --git a/CTI-summit-2022-misp-update/images/cerebrate.png b/CTI-summit-2022-misp-update/images/cerebrate.png new file mode 100644 index 0000000..82bcaab Binary files /dev/null and b/CTI-summit-2022-misp-update/images/cerebrate.png differ diff --git a/CTI-summit-2022-misp-update/images/dashboard.png b/CTI-summit-2022-misp-update/images/dashboard.png new file mode 100644 index 0000000..d163f4d Binary files /dev/null and b/CTI-summit-2022-misp-update/images/dashboard.png differ diff --git a/CTI-summit-2022-misp-update/images/eventreport.png b/CTI-summit-2022-misp-update/images/eventreport.png new file mode 100644 index 0000000..6f74bbe Binary files /dev/null and b/CTI-summit-2022-misp-update/images/eventreport.png differ diff --git a/CTI-summit-2022-misp-update/images/galaxy20.png b/CTI-summit-2022-misp-update/images/galaxy20.png new file mode 100644 index 0000000..97911ac Binary files /dev/null and b/CTI-summit-2022-misp-update/images/galaxy20.png differ diff --git a/CTI-summit-2022-misp-update/images/mispcerebrate.png b/CTI-summit-2022-misp-update/images/mispcerebrate.png new file mode 100644 index 0000000..d58796f Binary files /dev/null and b/CTI-summit-2022-misp-update/images/mispcerebrate.png differ diff --git a/CTI-summit-2022-misp-update/images/openapi.png b/CTI-summit-2022-misp-update/images/openapi.png new file mode 100644 index 0000000..44726ea Binary files /dev/null and b/CTI-summit-2022-misp-update/images/openapi.png differ diff --git a/CTI-summit-2022-misp-update/images/openapi_page.png b/CTI-summit-2022-misp-update/images/openapi_page.png new file mode 100644 index 0000000..44726ea Binary files /dev/null and b/CTI-summit-2022-misp-update/images/openapi_page.png differ diff --git a/CTI-summit-2022-misp-update/images/periodic.png b/CTI-summit-2022-misp-update/images/periodic.png new file mode 100644 index 0000000..3b88e2b Binary files /dev/null and b/CTI-summit-2022-misp-update/images/periodic.png differ diff --git a/CTI-summit-2022-misp-update/images/security.png b/CTI-summit-2022-misp-update/images/security.png new file mode 100644 index 0000000..8b51dd8 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/security.png differ diff --git a/CTI-summit-2022-misp-update/images/signing1.png b/CTI-summit-2022-misp-update/images/signing1.png new file mode 100644 index 0000000..d378f7b Binary files /dev/null and b/CTI-summit-2022-misp-update/images/signing1.png differ diff --git a/CTI-summit-2022-misp-update/images/signing2.png b/CTI-summit-2022-misp-update/images/signing2.png new file mode 100644 index 0000000..450e7d6 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/signing2.png differ diff --git a/CTI-summit-2022-misp-update/images/signing3.png b/CTI-summit-2022-misp-update/images/signing3.png new file mode 100644 index 0000000..68e7ced Binary files /dev/null and b/CTI-summit-2022-misp-update/images/signing3.png differ diff --git a/CTI-summit-2022-misp-update/images/signing4.png b/CTI-summit-2022-misp-update/images/signing4.png new file mode 100644 index 0000000..3a42468 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/signing4.png differ diff --git a/CTI-summit-2022-misp-update/images/stix.png b/CTI-summit-2022-misp-update/images/stix.png new file mode 100644 index 0000000..c0b59bb Binary files /dev/null and b/CTI-summit-2022-misp-update/images/stix.png differ diff --git a/CTI-summit-2022-misp-update/images/timeline.png b/CTI-summit-2022-misp-update/images/timeline.png new file mode 100644 index 0000000..23ff19b Binary files /dev/null and b/CTI-summit-2022-misp-update/images/timeline.png differ diff --git a/CTI-summit-2022-misp-update/images/timelining.png b/CTI-summit-2022-misp-update/images/timelining.png new file mode 100644 index 0000000..7753ba5 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/timelining.png differ diff --git a/CTI-summit-2022-misp-update/images/warnings.png b/CTI-summit-2022-misp-update/images/warnings.png new file mode 100644 index 0000000..86e16a3 Binary files /dev/null and b/CTI-summit-2022-misp-update/images/warnings.png differ diff --git a/CTI-summit-2022-misp-update/images/workflows.png b/CTI-summit-2022-misp-update/images/workflows.png new file mode 100644 index 0000000..ce103af Binary files /dev/null and b/CTI-summit-2022-misp-update/images/workflows.png differ diff --git a/CTI-summit-2022-misp-update/images/workflows1.png b/CTI-summit-2022-misp-update/images/workflows1.png new file mode 100644 index 0000000..2790cfb Binary files /dev/null and b/CTI-summit-2022-misp-update/images/workflows1.png differ diff --git a/CTI-summit-2022-misp-update/images/workflows2.png b/CTI-summit-2022-misp-update/images/workflows2.png new file mode 100644 index 0000000..5b5ad1a Binary files /dev/null and b/CTI-summit-2022-misp-update/images/workflows2.png differ diff --git a/CTI-summit-2022-misp-update/logo-circl.pdf b/CTI-summit-2022-misp-update/logo-circl.pdf new file mode 100755 index 0000000..62c9239 Binary files /dev/null and b/CTI-summit-2022-misp-update/logo-circl.pdf differ diff --git a/CTI-summit-2022-misp-update/makefile b/CTI-summit-2022-misp-update/makefile new file mode 100644 index 0000000..6e5a51d --- /dev/null +++ b/CTI-summit-2022-misp-update/makefile @@ -0,0 +1,5 @@ +all: + pdflatex -interaction nonstopmode -halt-on-error -file-line-error slide.tex + +clean: + rm *.aux *.nav *.log *.snm *.toc *.vrb diff --git a/CTI-summit-2022-misp-update/misp.pdf b/CTI-summit-2022-misp-update/misp.pdf new file mode 100644 index 0000000..f7a3f9d Binary files /dev/null and b/CTI-summit-2022-misp-update/misp.pdf differ diff --git a/CTI-summit-2022-misp-update/misplogo.pdf b/CTI-summit-2022-misp-update/misplogo.pdf new file mode 100755 index 0000000..60da568 Binary files /dev/null and b/CTI-summit-2022-misp-update/misplogo.pdf differ diff --git a/CTI-summit-2022-misp-update/object.png b/CTI-summit-2022-misp-update/object.png new file mode 100644 index 0000000..acebf04 Binary files /dev/null and b/CTI-summit-2022-misp-update/object.png differ diff --git a/CTI-summit-2022-misp-update/sighting-n.png b/CTI-summit-2022-misp-update/sighting-n.png new file mode 100644 index 0000000..f9ec127 Binary files /dev/null and b/CTI-summit-2022-misp-update/sighting-n.png differ diff --git a/CTI-summit-2022-misp-update/slide.tex b/CTI-summit-2022-misp-update/slide.tex new file mode 100644 index 0000000..1c471e2 --- /dev/null +++ b/CTI-summit-2022-misp-update/slide.tex @@ -0,0 +1,25 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +\usepackage[utf8]{inputenc} +\usepackage{tikz} +\usepackage{listings} +\usepackage{adjustbox} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} +%\usepackage[T1]{fontenc} +%\usepackage[scaled]{beramono} +\author{\small{\input{../includes/authors.txt}}} +\title{What's HOT in MISPland} +\subtitle{Latest developments and roadmap update} +\institute{\includegraphics[scale=0.5]{misplogo.pdf}} +\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} + +\date{\input{../includes/location.txt}} +\begin{document} +\include{content} +\end{document} + diff --git a/CTI-summit-2022-misp-update/taxonomy-workflow.png b/CTI-summit-2022-misp-update/taxonomy-workflow.png new file mode 100644 index 0000000..f4789ad Binary files /dev/null and b/CTI-summit-2022-misp-update/taxonomy-workflow.png differ diff --git a/CTI-summit-2022-misp-update/timeline-misp-overview.png b/CTI-summit-2022-misp-update/timeline-misp-overview.png new file mode 100644 index 0000000..23ff19b Binary files /dev/null and b/CTI-summit-2022-misp-update/timeline-misp-overview.png differ diff --git a/CTI-summit-2022-misp-update/timeline.jpeg b/CTI-summit-2022-misp-update/timeline.jpeg new file mode 100644 index 0000000..d60db13 Binary files /dev/null and b/CTI-summit-2022-misp-update/timeline.jpeg differ diff --git a/CTI-summit-2022-misp-update/warning-list-event.png b/CTI-summit-2022-misp-update/warning-list-event.png new file mode 100644 index 0000000..22c6423 Binary files /dev/null and b/CTI-summit-2022-misp-update/warning-list-event.png differ diff --git a/CTI-summit-2022-misp-update/warning-list.png b/CTI-summit-2022-misp-update/warning-list.png new file mode 100644 index 0000000..f151ded Binary files /dev/null and b/CTI-summit-2022-misp-update/warning-list.png differ diff --git a/CTI-summit-2022-misp-update/workflow_initial.png b/CTI-summit-2022-misp-update/workflow_initial.png new file mode 100644 index 0000000..7c6b54c Binary files /dev/null and b/CTI-summit-2022-misp-update/workflow_initial.png differ diff --git a/CTI-summit-2022-misp-update/workflow_initial2.png b/CTI-summit-2022-misp-update/workflow_initial2.png new file mode 100644 index 0000000..d384c34 Binary files /dev/null and b/CTI-summit-2022-misp-update/workflow_initial2.png differ diff --git a/CTI-summit-2022-misp-update/x-isac-logo.png b/CTI-summit-2022-misp-update/x-isac-logo.png new file mode 100755 index 0000000..21c68bc Binary files /dev/null and b/CTI-summit-2022-misp-update/x-isac-logo.png differ