Merge branch 'main' of github.com:MISP/misp-training into main

CTI-summit-2022-misp-update/content.tex

@@ -0,0 +1,342 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\begin{frame}
+\titlepage
+\end{frame}
+
+\begin{frame}
+  \frametitle{The aim of this presentation}
+  \begin{itemize}
+     \item What has happened since the 2021 MISP summit
+     \item Give you a brief update over the highlights from the past year
+     \item Upcoming changes
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{MISP's evolution since the last MISP summit}
+  \begin{itemize}
+    \item Since the last MISP summit (09/2021) we've had:
+    \begin{itemize}
+        \item {\bf 16} releases
+        \item {\bf 3768} commits
+        \item {\bf 100} contributors contributing to the core software and its components
+    \end{itemize}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{A topical listing of the new major features}
+  \begin{itemize}
+      \item Internals and core feature improvements
+      \item Integrations
+      \item Security
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Internals and core feature improvements}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Continuous work on preparing a tech stack switch}
+  \begin{itemize}
+      \item {\bf Refactoring} the code base
+      \item Fixing several long standing issues
+      \item Heavy focus also on {\bf integration}
+      \item {\bf Documentation} of existing functionalities and mappings
+      \item Building on and reusing {\bf Cerebrate's codebase}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{New background processing library}
+\begin{itemize}
+	\item Finally, it is time to sunset the ancient background processor of MISP
+        \item New tool, built from the ground up by Luciano Righetti
+        \begin{itemize}
+            \item More simplistic, relying on {\bf Supervisord}
+            \item No bloated scheduling - reliance on {\bf cron jobs}
+            \item Internally {\bf compatible} with the old processor
+        \end{itemize}
+        \item For a period of time we will be {\bf supporting both} concurrently
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Sharing group blueprints}
+  \begin{itemize}
+     \item Solving the issue of {\bf sharing group lifecycle management}
+     \item Build SG blueprints for reusable, maintainable sharing groups
+     \item Abstract sharing groups, organisation metadata as building blocks
+     \item Solve newly arising sharing challenges
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Sharing group blueprints}
+\includegraphics[scale=0.6]{images/blueprints2.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Further synchronisation filtering methods}
+  \begin{itemize}
+     \item The ability to {\bf exclude} certain attribute {\bf types from the synchronisation}
+     \item Comes with some risks, but solves some issues
+     \item An example: {\bf Exclusion of malware samples when sharing towards classified networks}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Advanced timelining}
+  \begin{itemize}
+     \item Rework of the timelining in MISP
+     \item Inclusion of images, sightings
+     \item Various other improvements
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Timelining}
+\includegraphics[scale=0.2]{images/timelining.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Periodic notifications}
+  \begin{itemize}
+     \item Optional {\bf digest based notifications} rather than publish alerts
+     \item Inclusion of images, sightings
+     \item Various other improvements
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Periodic notifications}
+\includegraphics[scale=0.2]{images/periodic.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{New correlation engine}
+  \begin{itemize}
+     \item Massive {\bf performance bump} and storage size decrease
+     \item Automatic {\bf overcorrelation protection}
+     \item {\bf No ACL} mode for {\bf endpoint MISPs}
+     \item Extensible system for future, alternate engines
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Custom E-mail templates}
+  \begin{itemize}
+     \item Build text/HTML templates for {\bf custom publish alerts}
+     \item Drop the templates in the appropriate directory and you're good to go
+     \item Enrollment and password reset templates also supported
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Continuous improvements}
+  \begin{itemize}
+      \item Massive list of {\bf quality of life} improvements
+      \item {\bf Performance} fixes
+      \item Loads of nice new improvements for you to discover
+      \item Massive shoutout to the hero of fixing the mess we've made: {\bf Jakub Onderka}
+  \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+  \frametitle{Integrations}
+\end{frame}
+
+\begin{frame}
+  \frametitle{OpenAPI}
+  \begin{itemize}
+     \item Full documentation of our APIs by Luciano Righetti
+     \item {\bf New API pages}
+     \item Sample {\bf payloads, descriptions, expected responses}
+     \item Makes integrating / using the API a breeze
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{OpenAPI}
+\includegraphics[scale=0.15]{images/openapi_page.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Workflows}
+  \begin{itemize}
+     \item Brief recap, as presented earlier today by Sami
+     \item Modify {\bf existing execution paths}
+     \item Bake in {\bf interactions with other tools}
+     \item Build extensive {\bf decision trees}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Workflows}
+\includegraphics[scale=0.25]{images/workflows.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{STIX libraries}
+  \begin{itemize}
+     \item {\bf Massive rework}, the outcome of over a year of development by Christian Studer
+     \item Added STIX 2.1 support on export
+     \item STIX 1.1.1, 1.2, 2.0, {\bf 2.1} all supported
+     \item Much more complex, in-depth mapping, aiming for {\bf 100\% coverage of the standard}
+     \item Collaboration with {\bf DHS and MITRE}
+     \item The MISP->STIX converters became their own {\bf standalone library}
+     \item Extensive {\bf documentation} and examples for all possible generated objects
+     \item Test suites to validate against MITRE's libraries
+     \item {\bf For a deep dive, make sure to catch Christian's talk tomorrow!}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{OpenAPI}
+\includegraphics[scale=0.4]{images/stix.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Cerebrate integration}
+  \begin{center}
+  \includegraphics[scale=0.1]{images/cerebrate-logo.png}
+  \end{center}
+  \begin{itemize}
+     \item Cerebrate session tomorrow
+     \item Integration with the {\bf contact management} system
+     \item Functionalities to allow {\bf management by Cerebrate}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{mail2misp 1.0 release}
+\begin{itemize}
+	\item A tool we've been using internally for a long time
+        \item First official release
+        \item {\bf Receive, parse, encode} emails as MISP events
+        \item Works with existing mail infrastructure or via a spamtrap
+        \item Configure extensive {\bf parsing rules}
+        \item Built and maintained by our colleague Sascha Rommelfangen
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Integrations}
+\begin{itemize}
+	\item New MISP modules and improvements to existing ones
+        \item Some examples:
+        \begin{itemize}
+            \item Integration with Alexandre Dulaunoy's new Hashlookup service
+            \item Passive SSH integration
+            \item Recorded Future module
+        \end{itemize}
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}
+  \frametitle{Security}
+\end{frame}
+
+
+\begin{frame}
+  \frametitle{Cryptographic signing and tamper protection}
+  \begin{itemize}
+     \item Need to be able to share and ensure the {\bf veracity of critical events}
+     \item Tampering by {\bf malicious intermediaries}, even in closed networks became a new fear
+     \item We came up with a solution that allows us to {\bf lock down critical events}
+     \item Limits the distribution, but {\bf increases the resilience} of MISP immensely
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cryptographic signing and tamper protection}
+\includegraphics[scale=0.5]{images/signing1.png}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cryptographic signing and tamper protection}
+\includegraphics[scale=0.5]{images/signing2.png}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cryptographic signing and tamper protection}
+\includegraphics[scale=0.6]{images/signing3.png}
+\includegraphics[scale=0.6]{images/signing4.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Security fixes}
+  \begin{itemize}
+     \item Long list of penetration test results shared with us by the community...
+     \item ...including an in-depth series conducted by {\bf Zigrin security on behalf of the Luxembourgish army}
+     \item 11 new CVEs in the past year
+     \item Long list of usability/bug fixes as a secondary outcome of the pentest reports
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{The Future}
+  \begin{itemize}
+     \item Stack switch to Cerebrate's codebase
+     \item Many new systems that have are built to be fleshed out
+     \begin{itemize}
+         \item {\bf Workflows} - new hooks, inter-module interactions, sample blueprints
+         \item Custom {\bf correlation engines}
+         \item Tighter integration with {\bf Cerebrate}
+         \item {\bf Cryptographic securing} of exchanges
+     \end{itemize}
+     \item Continuous improvements to integrations
+     \begin{itemize}
+         \item New {\bf modules}, improving existing ones
+         \item Tighter integration with {\bf STIX/TAXII}
+         \item Refinement of the {\bf APIs} and supporting libraries
+     \end{itemize}
+     \item Tighter integration with {\bf IAM} systems
+     \item Sanity checking our list of deprecated functionalities
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{To sum it all up...}
+  \begin{itemize}
+     \item The MISP {\bf developer community} continues to grow and stay active
+     \item The main focus the past year was on the following
+     \begin{itemize}
+          \item Performance, security, UX improvements
+          \item Customisations of workflow processes
+          \item Better operationalisation of MISP (community management, integration, monitoring)
+          \item Fleshing out the documentation and supporting materials
+     \end{itemize}
+     \item Cerebrate is aiming to fill the void of community/fleet management that we currently have
+     \item Definitely no lack of new ideas and improvements, if you want to participate, it's easy to {\bf get involved}
+     \item Prioritisation is hard. {\bf Let us know what you think we should focus on}!
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Get in touch if you have any questions}
+  \begin{itemize}
+    \item Contact CIRCL
+    \begin{itemize}
+      \item info@circl.lu
+      \item \url{https://twitter.com/circl_lu}
+      \item \url{https://www.circl.lu/}
+    \end{itemize}
+    \item Contact MISPProject 
+    \begin{itemize}
+      \item \url{https://github.com/MISP}
+      \item \url{https://gitter.im/MISP/MISP}
+      \item \url{https://twitter.com/MISPProject}
+    \end{itemize}
+    \item Cerebrate project
+    \begin{itemize}
+      \item \url{https://github.com/cerebrate-project}
+      \item \url{https://github.com/cerebrate-project/cerebrate}
+    \end{itemize}
+  \end{itemize}
+\end{frame}

CTI-summit-2022-misp-update/makefile

@@ -0,0 +1,5 @@
+all:
+	pdflatex -interaction nonstopmode -halt-on-error -file-line-error slide.tex
+
+clean:
+	rm *.aux *.nav *.log *.snm *.toc *.vrb

CTI-summit-2022-misp-update/slide.tex

@@ -0,0 +1,25 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usepackage{adjustbox}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+%\usepackage[T1]{fontenc}
+%\usepackage[scaled]{beramono}
+\author{\small{\input{../includes/authors.txt}}}
+\title{What's HOT in MISPland}
+\subtitle{Latest developments and roadmap update}
+\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+
+\date{\input{../includes/location.txt}}
+\begin{document}
+\include{content}
+\end{document}
+

events/misp-summit/2022/misp-stix/build.sh

@@ -0,0 +1,3 @@
+export TEXINPUTS=::~/git/misp-training/themes/
+echo ${TEXINPUTS}
+pdflatex slide.tex

events/misp-summit/2022/misp-stix/content.aux

@@ -0,0 +1,83 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {1}{1}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {2}{2}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {10}{11}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{12/12}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {12}{12}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{12}{13/13}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {13}{13}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{13}{14/14}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {14}{14}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{14}{15/15}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {15}{15}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{15}{16/16}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {16}{16}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{16}{17/17}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {17}{17}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{17}{18/18}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {18}{18}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{18}{19/20}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {19}{20}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{19}{21/21}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {21}{21}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{20}{22/23}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {22}{23}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{21}{24/24}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {24}{24}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{22}{25/26}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {25}{26}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{23}{27/27}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {27}{27}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{24}{28/28}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {28}{28}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{25}{29/29}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {29}{29}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{26}{30/30}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {30}{30}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{27}{31/31}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {31}{31}}}
+\@setckpt{content}{
+\setcounter{page}{32}
+\setcounter{equation}{0}
+\setcounter{enumi}{0}
+\setcounter{enumii}{0}
+\setcounter{enumiii}{0}
+\setcounter{enumiv}{0}
+\setcounter{footnote}{4}
+\setcounter{mpfootnote}{0}
+\setcounter{beamerpauses}{1}
+\setcounter{bookmark@seq@number}{0}
+\setcounter{lecture}{0}
+\setcounter{part}{0}
+\setcounter{section}{0}
+\setcounter{subsection}{0}
+\setcounter{subsubsection}{0}
+\setcounter{subsectionslide}{27}
+\setcounter{framenumber}{26}
+\setcounter{figure}{0}
+\setcounter{table}{0}
+\setcounter{parentequation}{0}
+\setcounter{theorem}{0}
+\setcounter{realframenumber}{26}
+\setcounter{lstnumber}{1}
+\setcounter{section@level}{0}
+\setcounter{lstlisting}{0}
+}

events/misp-summit/2022/misp-stix/content.tex

@@ -0,0 +1,362 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\begin{frame}[t,plain]
+\titlepage
+\end{frame}
+
+\begin{frame}
+    \frametitle{Who am I}
+    \begin{minipage}{0.6\textwidth}
+        \begin{itemize}
+            \item \faGithub : chrisr3d \\
+            \item \faTwitter : chrisred\_68
+            \item []
+            \item Having fun @ CIRCL
+            \item MISP core development team
+            \item STIX WG co-chair
+            \item []
+            \item \faCat \vspace{1em} \& \faCamera \vspace{1em} enthusiast
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.4\textwidth}
+        \includegraphics[scale=0.1]{images/profile_picture.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Summary}
+    \begin{itemize}
+        \item Past \& current status
+        \item Recent changes
+        \item Continuous improvement \& future roadmap
+        \item Challenges we face
+        \item Evolution perspectives
+        \item Demo (?)
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{MISP \& STIX - How it began}
+    \begin{itemize}
+        \item{\bf Built-in integration}
+        \item Export \& Import features
+        \begin{itemize}
+            \item Export MISP Events collections
+            \item Import STIX files
+        \end{itemize}
+        \item Supported version
+        \begin{itemize}
+            \item STIX 1.1.1
+            \item STIX 2.0
+        \end{itemize}
+        \item Accessible via restSearch
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{STIX conversion usage in MISP}
+    \centering
+    \includegraphics[scale=0.19]{images/simple_rest_query.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{STIX conversion usage in MISP}
+    \centering
+    \includegraphics[scale=0.2]{images/simple_rest_results.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{STIX conversion usage in MISP}
+    \centering
+    \includegraphics[scale=0.235]{images/simple_rest_curl.png} \\
+    \includegraphics[scale=0.235]{images/simple_rest_pymisp.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Former feature limitations}
+    \begin{minipage}{0.45\textwidth}
+        \begin{itemize}
+            \item {\bf Supported versions}
+            \begin{itemize}
+                \item 1.1.1 XML (\& JSON)
+                \item 2.0
+            \end{itemize}
+            \item Data type support
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.55\textwidth}
+        \centering
+        \includegraphics[width=\textwidth]{images/limited_version.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Former feature limitations}
+    \begin{minipage}{0.5\textwidth}
+        \begin{itemize}
+            \item Supported versions
+            \begin{itemize}
+                \item 1.1.1 XML (\& JSON)
+                \item 2.0
+            \end{itemize}
+            \item {\bf Data type support}
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.5\textwidth}
+        \centering
+        \includegraphics[width=\textwidth]{images/limited_data_type.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Former practical \& Organisational limitations}
+    \begin{itemize}
+        \item Export and import features only available via MISP
+        \begin{itemize}
+            \item Need an automation key (and/or to deal with the UI)
+        \end{itemize}
+        \item []
+        \item {\bf Github}: STIX issues lost within the MISP core issues
+        \pause
+        \vspace{4em}
+        \begin{center}
+            \includegraphics[scale=0.4]{images/issues.png}
+        \end{center}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{The solution}
+    \begin{center}
+        \includegraphics[scale=0.3]{images/solution.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Key features}
+    \begin{itemize}
+        \item Support all the STIX versions
+        \begin{itemize}
+            \item {\bf STIX 2.1 Support}
+            \item 1.1.1, 1.2, 2.0 Support enhanced
+        \end{itemize}
+        \item Various MISP data collection supported
+        \item[]
+        \item {\bf Mapping documentation}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Handling the conversion with a python library}
+    \begin{itemize}
+        \item Used in MISP built-in export modules
+        \item []
+        \item Enable a {\bf stand-alone} use of the python code\footnote{i.e command line}
+        \begin{itemize}
+            \item Pass filenames \& get the converted content written in 1 or more result file(s)
+        \end{itemize}
+        \item Possible integration within python code
+        \begin{itemize}
+            \item Give it a list of filenames
+            \item MISP standard format <-> STIX
+            \begin{itemize}
+                \item JSON or PyMISP
+            \end{itemize}
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Library usage - Command line}
+    \centering
+    \includegraphics[scale=0.145]{images/stand_alone_usage.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Library usage - Python integration}
+    \centering
+    \includegraphics[scale=0.12]{images/python_usage.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Mapping documentation}
+    \begin{itemize}
+        \item Mapping overview
+        \begin{itemize}
+            \item Quick overview on how MISP data structures are mapped with STIX objects
+        \end{itemize}
+        \item []
+        \item Detailed mapping
+        \begin{itemize}
+            \item Extended explanation on how each granular data is mapped with STIX objects fields
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Mapping explained}
+    \centering
+    \includegraphics[scale=0.45]{images/demo1.jpg}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Work in Progress \& Continuous development}
+    \begin{itemize}
+        \item {\bf STIX 2 -> MISP import feature}
+        \item []
+        \item Current mapping improvement
+        \begin{itemize}
+            \item Support for Custom Galaxy clusters
+            \item Better support of existing STIX objects libraries\footnote{e.g: \url{https://github.com/mitre/cti}}
+            \item Support custom STIX format\footnote{e.g: ACS custom markings}
+        \end{itemize}
+    \end{itemize}
+    \pause
+    \begin{minipage}{0.5\textwidth}
+        \begin{itemize}
+            \item {\bf TAXII integration}
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.5\textwidth}
+        \includegraphics[scale=0.2]{images/surprise.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{What comes next?}
+    \begin{itemize}
+        \item Extend the export feature to any kind of data collection
+        \item []
+        \item Add notes on any data structure
+        \item Sightings on context layers
+        \item []
+        \item Port the STIX 1 -> MISP import feature
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Handling different STIX content creation designs}
+    \begin{minipage}{0.6\textwidth}
+        \begin{itemize}
+            \item Impossible to control the content created by external parties
+            \item We want to keep UUIDs
+            \pause
+            \item []
+            \item Facing UUIDs validation issues
+            \begin{itemize}
+                \item Loading error
+            \end{itemize}
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.4\textwidth}
+        \includegraphics[scale=0.25]{images/two_buttons_dilemna.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{An easy fix: a STIX 2 python library fork\footnote{\url{https://github.com/MISP/cti-python-stix2} \& \url{https://pypi.org/project/misp-lib-stix2/}}}
+    \begin{minipage}{0.62\textwidth}
+        \begin{itemize}
+            \item No change on the content validation
+            \begin{itemize}
+                \item Differs only on the UUIDs validation process
+            \end{itemize}
+            \item MISP has now the same UUIDs requirements
+            \begin{itemize}
+                \item We keep a reference to the initial UUID
+                \item A UUID v5 is generated
+            \end{itemize}
+        \end{itemize}
+    \end{minipage}%
+    \begin{minipage}{0.38\textwidth}
+        \includegraphics[scale=0.25]{images/two_buttons_solution.jpg}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Minding the gap between formats}
+    \begin{itemize}
+        \item From a sharing platform to an threat intelligence exchange format
+        \begin{itemize}
+            \item Custom STIX objects
+            \item Custom fields in existing objects
+            \item STIX extensions
+        \end{itemize}
+        \item Handling the infinite possibilities of a patterning language
+        \begin{itemize}
+            \item Importing STIX 2 patterns in separate MISP objects
+        \end{itemize}
+    \end{itemize}
+    \pause
+    \vspace{1em}
+    \includegraphics[scale=0.15]{images/patterns.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Mapping challenges}
+    \includegraphics[scale=0.285]{images/challenges.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Evolution perspectives}
+    \begin{center}
+        \includegraphics[scale=0.1]{images/oasis.png}
+    \end{center}
+    \vspace{1em}
+    \begin{itemize}
+        \item Members of the Oasis CTI TC
+        \begin{itemize}
+            \item Our involvement
+            \begin{itemize}
+                \item Participating to the development process
+            \end{itemize}
+            \item []
+            \item Our proposal: Go for the open source way
+            \begin{itemize}
+                \item Make the contribution process more accessible \\
+                => Bring more contributers / contributions
+                \item Easier access to the resources \\
+                => More visibility
+            \end{itemize}
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{How to report bugs/issues}
+    \begin{itemize}
+        \item Github issues
+        \begin{itemize}
+            \item {\bf \url{https://github.com/MISP/misp-stix/issues}}
+            \item \url{https://github.com/MISP/MISP/issues}
+        \end{itemize}
+        \item []
+        \item Please provide details
+        \begin{itemize}
+            \item How did the issue happen
+            \item {\bf Recommendation}: provide samples
+        \end{itemize}
+        \item[]
+        \item Any feedback welcome
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Useful links}
+    \begin{itemize}
+        \item \url{https://github.com/MISP/misp-stix}
+        \item \url{https://github.com/MISP/misp-stix/tree/main/documentation}
+        \item []
+        \item \url{https://github.com/MISP}
+        \item \url{https://www.misp-project.org/}
+        \item \url{https://twitter.com/MISPProject}
+        \item \url{https://twitter.com/chrisred_68}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Demo time}
+    \centering
+    \includegraphics[scale=0.45]{images/demo2.jpg}
+\end{frame}

events/misp-summit/2022/misp-stix/slide.aux

@@ -0,0 +1,27 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
+\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
+\global\let\oldcontentsline\contentsline
+\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
+\global\let\oldnewlabel\newlabel
+\gdef\newlabel#1#2{\newlabelxx{#1}#2}
+\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
+\AtEndDocument{\ifx\hyper@anchor\@undefined
+\let\contentsline\oldcontentsline
+\let\newlabel\oldnewlabel
+\fi}
+\fi}
+\global\let\hyper@last\relax 
+\gdef\HyperFirstAtBeginDocument#1{#1}
+\providecommand\HyField@AuxAddToFields[1]{}
+\providecommand\HyField@AuxAddToCoFields[2]{}
+\providecommand\BKM@entry[2]{}
+\@input{content.aux}
+\pgfsyspdfmark {pgfid1}{1398509}{16636717}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{31}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{31}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{31}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {31}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {26}}}
+\gdef \@abspage@last{31}

events/misp-summit/2022/misp-stix/slide.nav

@@ -0,0 +1,59 @@
+\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}
+\headcommand {\beamer@framepages {1}{1}}
+\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}
+\headcommand {\beamer@framepages {2}{2}}
+\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}
+\headcommand {\beamer@framepages {3}{3}}
+\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
+\headcommand {\beamer@framepages {4}{4}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
+\headcommand {\beamer@framepages {7}{7}}
+\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
+\headcommand {\beamer@framepages {8}{8}}
+\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
+\headcommand {\beamer@framepages {9}{9}}
+\headcommand {\slideentry {0}{0}{10}{10/11}{}{0}}
+\headcommand {\beamer@framepages {10}{11}}
+\headcommand {\slideentry {0}{0}{11}{12/12}{}{0}}
+\headcommand {\beamer@framepages {12}{12}}
+\headcommand {\slideentry {0}{0}{12}{13/13}{}{0}}
+\headcommand {\beamer@framepages {13}{13}}
+\headcommand {\slideentry {0}{0}{13}{14/14}{}{0}}
+\headcommand {\beamer@framepages {14}{14}}
+\headcommand {\slideentry {0}{0}{14}{15/15}{}{0}}
+\headcommand {\beamer@framepages {15}{15}}
+\headcommand {\slideentry {0}{0}{15}{16/16}{}{0}}
+\headcommand {\beamer@framepages {16}{16}}
+\headcommand {\slideentry {0}{0}{16}{17/17}{}{0}}
+\headcommand {\beamer@framepages {17}{17}}
+\headcommand {\slideentry {0}{0}{17}{18/18}{}{0}}
+\headcommand {\beamer@framepages {18}{18}}
+\headcommand {\slideentry {0}{0}{18}{19/20}{}{0}}
+\headcommand {\beamer@framepages {19}{20}}
+\headcommand {\slideentry {0}{0}{19}{21/21}{}{0}}
+\headcommand {\beamer@framepages {21}{21}}
+\headcommand {\slideentry {0}{0}{20}{22/23}{}{0}}
+\headcommand {\beamer@framepages {22}{23}}
+\headcommand {\slideentry {0}{0}{21}{24/24}{}{0}}
+\headcommand {\beamer@framepages {24}{24}}
+\headcommand {\slideentry {0}{0}{22}{25/26}{}{0}}
+\headcommand {\beamer@framepages {25}{26}}
+\headcommand {\slideentry {0}{0}{23}{27/27}{}{0}}
+\headcommand {\beamer@framepages {27}{27}}
+\headcommand {\slideentry {0}{0}{24}{28/28}{}{0}}
+\headcommand {\beamer@framepages {28}{28}}
+\headcommand {\slideentry {0}{0}{25}{29/29}{}{0}}
+\headcommand {\beamer@framepages {29}{29}}
+\headcommand {\slideentry {0}{0}{26}{30/30}{}{0}}
+\headcommand {\beamer@framepages {30}{30}}
+\headcommand {\slideentry {0}{0}{27}{31/31}{}{0}}
+\headcommand {\beamer@framepages {31}{31}}
+\headcommand {\beamer@partpages {1}{31}}
+\headcommand {\beamer@subsectionpages {1}{31}}
+\headcommand {\beamer@sectionpages {1}{31}}
+\headcommand {\beamer@documentpages {31}}
+\headcommand {\gdef \inserttotalframenumber {26}}

events/misp-summit/2022/misp-stix/slide.tex

@@ -0,0 +1,25 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usepackage{fontawesome5}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+
+
+\title{MISP-STIX}
+\subtitle{The Holy Grail for MISP and STIX formats}
+\author{MISP core team - Christian Studer \\ \emph{TLP:WHITE}}
+\date{CTI Summit (CTIS-2022)}
+\titlegraphic{\includegraphics[scale=0.55]{misp.pdf}}
+\institute{MISP Project \\ \url{https://www.misp-project.org/}}
+
+
+\begin{document}
+\include{content}
+\end{document}

includes/location.txt

@@ -1 +1 @@
-MISP Project 
+CTIS 2022