diff --git a/20211118-NATO-MUG-update/Sightings2.PNG b/20211118-NATO-MUG-update/Sightings2.PNG new file mode 100644 index 0000000..cd35990 Binary files /dev/null and b/20211118-NATO-MUG-update/Sightings2.PNG differ diff --git a/20211118-NATO-MUG-update/attack-screenshot.png b/20211118-NATO-MUG-update/attack-screenshot.png new file mode 100644 index 0000000..44cf2ff Binary files /dev/null and b/20211118-NATO-MUG-update/attack-screenshot.png differ diff --git a/20211118-NATO-MUG-update/b.4-turning-data-into-actionable-intelligence-short.pdf b/20211118-NATO-MUG-update/b.4-turning-data-into-actionable-intelligence-short.pdf new file mode 100644 index 0000000..2bdf2e6 Binary files /dev/null and b/20211118-NATO-MUG-update/b.4-turning-data-into-actionable-intelligence-short.pdf differ diff --git a/20211118-NATO-MUG-update/bankaccount.png b/20211118-NATO-MUG-update/bankaccount.png new file mode 100644 index 0000000..94eb5cc Binary files /dev/null and b/20211118-NATO-MUG-update/bankaccount.png differ diff --git a/20211118-NATO-MUG-update/bankview.png b/20211118-NATO-MUG-update/bankview.png new file mode 100644 index 0000000..ce629c1 Binary files /dev/null and b/20211118-NATO-MUG-update/bankview.png differ diff --git a/20211118-NATO-MUG-update/circl.png b/20211118-NATO-MUG-update/circl.png new file mode 100644 index 0000000..c570ff2 Binary files /dev/null and b/20211118-NATO-MUG-update/circl.png differ diff --git a/20211118-NATO-MUG-update/content.tex b/20211118-NATO-MUG-update/content.tex new file mode 100644 index 0000000..16027f8 --- /dev/null +++ b/20211118-NATO-MUG-update/content.tex @@ -0,0 +1,187 @@ +% DO NOT COMPILE THIS FILE DIRECTLY! +% This is included by the other .tex files. + +\begin{frame} +\titlepage +\end{frame} + +\begin{frame} + \frametitle{The aim of this presentation} + \begin{itemize} + \item A small update on the state of MISP's ongoing development + \item Some highlights of the changes that were introduced + \item Upcoming changes + \item Cerebrate 1.0 and interactions with MISP + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{MISP's evolution since the last MUG} + \begin{itemize} + \item Since the last MUG (02/09/2021) we've had: + \begin{itemize} + \item 2 releases with 1 additionally pending this week + \item 920 commits + \item 29 contributors contributing to the core software and its components + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Heavy focus on the rework via Cerebrate} + \begin{itemize} + \item Refactoring parts of the code-base to prepare for the move + \item Fixing several long standing issues + \item Heavy focus also on integration + \item Documentation of existing functionalities and mappings + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{STIX libraries} + \begin{itemize} + \item Massive rework, the outcome o over a year of development by Christian Studer + \item Added STIX 2.1 support on export + \item STIX 1.1.1, 1.2, 2.0, 2.1 all supported + \item Much more complex, in-depth mapping, aiming for 100\% coverage of the standard + \item Collaboration with DHS and Mitre + \item The MISP->STIX converters became their own standalone library + \item Extensive documentation and examples for all possible generated objects + \item Test suites to validate against Mitre's libraries + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{OpenAPI} +\includegraphics[scale=0.18]{images/stix.png} +\end{frame} + +\begin{frame} + \frametitle{Cerebrate integration rework} + \begin{itemize} + \item Connect MISP to Cerebrate + \item Fetch organisation and sharing group information + \item Update existing data with that of the Cerebrate repository + \item For the reverse integration, we'll talk about where we are in the Cerebrate presentation + \end{itemize} +\end{frame} + +\begin{frame} +\frametitle{mail2misp 1.0 release} +\begin{itemize} + \item A tool we've been using internally for a long time + \item First official release + \item Receive, parse, encode emails as MISP events + \item Works with existing mail infrastructure or via a spamtrap + \item Configure extensive parsing rules +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{A host of improvements and fixes} +\begin{itemize} + \item Massive amount o fxes, improvements to the core functionalities of the application + \item Big thanks to Jakub Onderka for the constant stream of fixes + \item Refactor of the internals to use the shared libraries with Cerebrate + \item Move to a fork of the framework maintained by us + \item Update of the certificate store that MISP uses by default +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{New background processing library} +\begin{itemize} + \item Finally, it is time to sunset the ancient background processor of MISP + \item New tool, built from the ground up by Luciano Righetti + \item More simplistic, relying on Supervisord + \item No bloated scheduling - reliance on cron jobs + \item Internally compatible with the old processor + \item For a period of time we will be supporting both concurrently + \item Coming in MISP 2.4.151 +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Supporting libraries} +\begin{itemize} + \item Many updates to libraries such as: + \item Taxonomies + \item Galaxies + \item Warninglists +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Integrations} +\begin{itemize} + \item New MISP modules and improvements to existing ones + \item Some examples: + \begin{itemize} + \item Integration with Alexandre Dulaunoy's newly developed Hashlookup service + \item Passive SSH integration + \item Recorded Future module + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{What's in the pipe?} +\begin{itemize} + \item Further work on the move to the new tech stack + \item Correlation engine rework + \item Cryptographic {\bf signing of data} + \item More flexible distribution model (multiple sharing groups) + \item New UI + \item Private Set Intersection (PSI) (allowing correlation sharing/privacy-aware export) +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Cerebrate} +\begin{itemize} + \item Let's have a look at where we are at with Cerebrate +\end{itemize} +\end{frame} + +\begin{frame} + \frametitle{To sum it all up...} + \begin{itemize} + \item The MISP {\bf developer community} continues to grow and stay active + \item The main focus this year is on the consolidation of existing functionalities + \begin{itemize} + \item Performance, security, UX improvements + \item Monitoring and large scale management tooling + \item Fleshing out the documentation and supporting materials + \end{itemize} + \item Cerebrate is aiming to fill the void of community/fleet management that we currently have + \item Definitely no lack of new ideas and improvements, if you want to participate, it's easy to {\bf get involved} + \item Prioritisation is hard. {\bf Let us know what you think we should focus on}! + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Get in touch if you have any questions} + \begin{itemize} + \item Contact CIRCL + \begin{itemize} + \item info@circl.lu + \item \url{https://twitter.com/circl_lu} + \item \url{https://www.circl.lu/} + \end{itemize} + \item Contact MISPProject + \begin{itemize} + \item \url{https://github.com/MISP} + \item \url{https://gitter.im/MISP/MISP} + \item \url{https://twitter.com/MISPProject} + \end{itemize} + \item Cerebrate project + \begin{itemize} + \item \url{https://github.com/cerebrate-project} + \item \url{https://github.com/cerebrate-project/cerebrate} + \end{itemize} + \item Join the COVID-19 MISP community + \begin{itemize} + \item \url{https://covid-19.iglocska.eu} + \end{itemize} + \end{itemize} +\end{frame} diff --git a/20211118-NATO-MUG-update/covid.png b/20211118-NATO-MUG-update/covid.png new file mode 100644 index 0000000..e6e869f Binary files /dev/null and b/20211118-NATO-MUG-update/covid.png differ diff --git a/20211118-NATO-MUG-update/creativity.png b/20211118-NATO-MUG-update/creativity.png new file mode 100644 index 0000000..d9878e2 Binary files /dev/null and b/20211118-NATO-MUG-update/creativity.png differ diff --git a/20211118-NATO-MUG-update/dashboard-trendings.png b/20211118-NATO-MUG-update/dashboard-trendings.png new file mode 100644 index 0000000..e8937e4 Binary files /dev/null and b/20211118-NATO-MUG-update/dashboard-trendings.png differ diff --git a/20211118-NATO-MUG-update/decaying-basescore.png b/20211118-NATO-MUG-update/decaying-basescore.png new file mode 100644 index 0000000..d21e261 Binary files /dev/null and b/20211118-NATO-MUG-update/decaying-basescore.png differ diff --git a/20211118-NATO-MUG-update/decaying-event.png b/20211118-NATO-MUG-update/decaying-event.png new file mode 100644 index 0000000..553b9e7 Binary files /dev/null and b/20211118-NATO-MUG-update/decaying-event.png differ diff --git a/20211118-NATO-MUG-update/decaying-index.png b/20211118-NATO-MUG-update/decaying-index.png new file mode 100644 index 0000000..c8c9754 Binary files /dev/null and b/20211118-NATO-MUG-update/decaying-index.png differ diff --git a/20211118-NATO-MUG-update/decaying-simulation.png b/20211118-NATO-MUG-update/decaying-simulation.png new file mode 100644 index 0000000..8252a09 Binary files /dev/null and b/20211118-NATO-MUG-update/decaying-simulation.png differ diff --git a/20211118-NATO-MUG-update/decaying-tool.png b/20211118-NATO-MUG-update/decaying-tool.png new file mode 100644 index 0000000..ff8c298 Binary files /dev/null and b/20211118-NATO-MUG-update/decaying-tool.png differ diff --git a/20211118-NATO-MUG-update/en_cef.png b/20211118-NATO-MUG-update/en_cef.png new file mode 100644 index 0000000..5fed070 Binary files /dev/null and b/20211118-NATO-MUG-update/en_cef.png differ diff --git a/20211118-NATO-MUG-update/galaxy-ransomware.png b/20211118-NATO-MUG-update/galaxy-ransomware.png new file mode 100644 index 0000000..5cf42cc Binary files /dev/null and b/20211118-NATO-MUG-update/galaxy-ransomware.png differ diff --git a/20211118-NATO-MUG-update/images/SoD.png b/20211118-NATO-MUG-update/images/SoD.png new file mode 100644 index 0000000..b95a9ec Binary files /dev/null and b/20211118-NATO-MUG-update/images/SoD.png differ diff --git a/20211118-NATO-MUG-update/images/authkey.png b/20211118-NATO-MUG-update/images/authkey.png new file mode 100644 index 0000000..46174b9 Binary files /dev/null and b/20211118-NATO-MUG-update/images/authkey.png differ diff --git a/20211118-NATO-MUG-update/images/cerebrate.png b/20211118-NATO-MUG-update/images/cerebrate.png new file mode 100644 index 0000000..3b9d4db Binary files /dev/null and b/20211118-NATO-MUG-update/images/cerebrate.png differ diff --git a/20211118-NATO-MUG-update/images/dashboard.png b/20211118-NATO-MUG-update/images/dashboard.png new file mode 100644 index 0000000..d163f4d Binary files /dev/null and b/20211118-NATO-MUG-update/images/dashboard.png differ diff --git a/20211118-NATO-MUG-update/images/eventreport.png b/20211118-NATO-MUG-update/images/eventreport.png new file mode 100644 index 0000000..6f74bbe Binary files /dev/null and b/20211118-NATO-MUG-update/images/eventreport.png differ diff --git a/20211118-NATO-MUG-update/images/galaxy20.png b/20211118-NATO-MUG-update/images/galaxy20.png new file mode 100644 index 0000000..97911ac Binary files /dev/null and b/20211118-NATO-MUG-update/images/galaxy20.png differ diff --git a/20211118-NATO-MUG-update/images/mispcerebrate.png b/20211118-NATO-MUG-update/images/mispcerebrate.png new file mode 100644 index 0000000..d58796f Binary files /dev/null and b/20211118-NATO-MUG-update/images/mispcerebrate.png differ diff --git a/20211118-NATO-MUG-update/images/openapi.png b/20211118-NATO-MUG-update/images/openapi.png new file mode 100644 index 0000000..44726ea Binary files /dev/null and b/20211118-NATO-MUG-update/images/openapi.png differ diff --git a/20211118-NATO-MUG-update/images/stix.png b/20211118-NATO-MUG-update/images/stix.png new file mode 100644 index 0000000..c0b59bb Binary files /dev/null and b/20211118-NATO-MUG-update/images/stix.png differ diff --git a/20211118-NATO-MUG-update/images/timeline.png b/20211118-NATO-MUG-update/images/timeline.png new file mode 100644 index 0000000..23ff19b Binary files /dev/null and b/20211118-NATO-MUG-update/images/timeline.png differ diff --git a/20211118-NATO-MUG-update/logo-circl.pdf b/20211118-NATO-MUG-update/logo-circl.pdf new file mode 100755 index 0000000..62c9239 Binary files /dev/null and b/20211118-NATO-MUG-update/logo-circl.pdf differ diff --git a/20211118-NATO-MUG-update/makefile b/20211118-NATO-MUG-update/makefile new file mode 100644 index 0000000..6e5a51d --- /dev/null +++ b/20211118-NATO-MUG-update/makefile @@ -0,0 +1,5 @@ +all: + pdflatex -interaction nonstopmode -halt-on-error -file-line-error slide.tex + +clean: + rm *.aux *.nav *.log *.snm *.toc *.vrb diff --git a/20211118-NATO-MUG-update/misp.pdf b/20211118-NATO-MUG-update/misp.pdf new file mode 100644 index 0000000..f7a3f9d Binary files /dev/null and b/20211118-NATO-MUG-update/misp.pdf differ diff --git a/20211118-NATO-MUG-update/misplogo.pdf b/20211118-NATO-MUG-update/misplogo.pdf new file mode 100755 index 0000000..60da568 Binary files /dev/null and b/20211118-NATO-MUG-update/misplogo.pdf differ diff --git a/20211118-NATO-MUG-update/object.png b/20211118-NATO-MUG-update/object.png new file mode 100644 index 0000000..acebf04 Binary files /dev/null and b/20211118-NATO-MUG-update/object.png differ diff --git a/20211118-NATO-MUG-update/sighting-n.png b/20211118-NATO-MUG-update/sighting-n.png new file mode 100644 index 0000000..f9ec127 Binary files /dev/null and b/20211118-NATO-MUG-update/sighting-n.png differ diff --git a/20211118-NATO-MUG-update/slide.tex b/20211118-NATO-MUG-update/slide.tex new file mode 100644 index 0000000..7361147 --- /dev/null +++ b/20211118-NATO-MUG-update/slide.tex @@ -0,0 +1,25 @@ +\documentclass{beamer} +\usetheme[numbering=progressbar]{focus} +\definecolor{main}{RGB}{47, 161, 219} +\definecolor{textcolor}{RGB}{128, 128, 128} +\definecolor{background}{RGB}{240, 247, 255} + +\usepackage[utf8]{inputenc} +\usepackage{tikz} +\usepackage{listings} +\usepackage{adjustbox} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes,arrows} +%\usepackage[T1]{fontenc} +%\usepackage[scaled]{beramono} +\author{\small{\input{../includes/authors.txt}}} +\title{MISP status update} +\subtitle{Improvements since the last MUG and the future roadmap} +\institute{\includegraphics[scale=0.5]{misplogo.pdf}} +\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} + +\date{\input{../includes/location.txt}} +\begin{document} +\include{content} +\end{document} + diff --git a/20211118-NATO-MUG-update/taxonomy-workflow.png b/20211118-NATO-MUG-update/taxonomy-workflow.png new file mode 100644 index 0000000..f4789ad Binary files /dev/null and b/20211118-NATO-MUG-update/taxonomy-workflow.png differ diff --git a/20211118-NATO-MUG-update/timeline-misp-overview.png b/20211118-NATO-MUG-update/timeline-misp-overview.png new file mode 100644 index 0000000..23ff19b Binary files /dev/null and b/20211118-NATO-MUG-update/timeline-misp-overview.png differ diff --git a/20211118-NATO-MUG-update/timeline.jpeg b/20211118-NATO-MUG-update/timeline.jpeg new file mode 100644 index 0000000..d60db13 Binary files /dev/null and b/20211118-NATO-MUG-update/timeline.jpeg differ diff --git a/20211118-NATO-MUG-update/warning-list-event.png b/20211118-NATO-MUG-update/warning-list-event.png new file mode 100644 index 0000000..22c6423 Binary files /dev/null and b/20211118-NATO-MUG-update/warning-list-event.png differ diff --git a/20211118-NATO-MUG-update/warning-list.png b/20211118-NATO-MUG-update/warning-list.png new file mode 100644 index 0000000..f151ded Binary files /dev/null and b/20211118-NATO-MUG-update/warning-list.png differ diff --git a/20211118-NATO-MUG-update/workflow_initial.png b/20211118-NATO-MUG-update/workflow_initial.png new file mode 100644 index 0000000..7c6b54c Binary files /dev/null and b/20211118-NATO-MUG-update/workflow_initial.png differ diff --git a/20211118-NATO-MUG-update/workflow_initial2.png b/20211118-NATO-MUG-update/workflow_initial2.png new file mode 100644 index 0000000..d384c34 Binary files /dev/null and b/20211118-NATO-MUG-update/workflow_initial2.png differ diff --git a/20211118-NATO-MUG-update/x-isac-logo.png b/20211118-NATO-MUG-update/x-isac-logo.png new file mode 100755 index 0000000..21c68bc Binary files /dev/null and b/20211118-NATO-MUG-update/x-isac-logo.png differ