mirror of https://github.com/MISP/misp-training
chg: [gsma] Added telco-related examples
parent
f8b0085734
commit
bb81c735d8
|
@ -148,12 +148,25 @@ The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Sharing in MISP}
|
\frametitle{Sharing in MISP: Distribution}
|
||||||
|
MISP offers granulars distribution settings
|
||||||
|
\begin{itemize}
|
||||||
|
\item Organisation only
|
||||||
|
\item This community
|
||||||
|
\item Connected communities
|
||||||
|
\item All communities
|
||||||
|
\item Distribution lists - aka {\bf Sharing groups}
|
||||||
|
\end{itemize}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.2]{screenshots/sg-example.png}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
At multiple levels: Events, Attributes and Objects (and their Attributes)
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Sharing in MISP: Advanced usage}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Granular distribution settings
|
|
||||||
\begin{itemize}
|
|
||||||
\item Including distribution lists - aka {\bf Sharing groups}
|
|
||||||
\end{itemize}
|
|
||||||
\item {\bf Delegation} for pseudo-anonymised information sharing
|
\item {\bf Delegation} for pseudo-anonymised information sharing
|
||||||
\item {\bf Proposals} and {\bf Extended events} for collaborated information sharing
|
\item {\bf Proposals} and {\bf Extended events} for collaborated information sharing
|
||||||
\item 2-way synchronisation, Feed system, air-gapped sharing
|
\item 2-way synchronisation, Feed system, air-gapped sharing
|
||||||
|
@ -221,13 +234,60 @@ The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven
|
||||||
\end{center}
|
\end{center}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Life-cycle management via decaying of indicators}
|
\frametitle{Life-cycle management via decaying of indicators}
|
||||||
\includegraphics[width=1.00\linewidth]{decaying-simulation.png}
|
\includegraphics[width=1.00\linewidth]{decaying-simulation.png}
|
||||||
Expiration based on user-defined \textit{Models}
|
Expiration based on user-defined \textit{Models}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{GSMA specific taxonomies}
|
||||||
|
\begin{itemize}
|
||||||
|
\item \texttt{gsma-attack-category}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Used by GSMA for their information sharing program with telco describing the {\bf attack categories}
|
||||||
|
\end{itemize}
|
||||||
|
\item \texttt{gsma-fraud}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Used by GSMA for their information sharing program with telco describing the {\bf various aspects of fraud}
|
||||||
|
\end{itemize}
|
||||||
|
\item \texttt{gsma-network-technology}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Used by GSMA for their information sharing program with telco describing the {\bf types of infrastructure}.
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Telco usefull galaxies: Bhadra Framework}
|
||||||
|
Bhadra is a threat modeling framework for mobile communication systems\footnote{https://arxiv.org/pdf/2005.05110.pdf}
|
||||||
|
\includegraphics[width=1.05\linewidth]{screenshots/bhadra-matrix.png}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Telco usefull {\bf MISP Objects}}
|
||||||
|
\begin{itemize}
|
||||||
|
\item \texttt{phone}
|
||||||
|
\begin{itemize}
|
||||||
|
\item A phone or mobile phone object which describe a phone
|
||||||
|
\item \texttt{brand}, \texttt{imei}, \texttt{imsi}, \texttt{serial-number}, ...
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\item \texttt{short-message-service}
|
||||||
|
\begin{itemize}
|
||||||
|
\item
|
||||||
|
\item \texttt{body}, \texttt{from}, \texttt{to}, \texttt{received-date}, ...
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\item \texttt{ss7-attack}
|
||||||
|
\begin{itemize}
|
||||||
|
\item SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging
|
||||||
|
\item \texttt{SccpCdGT}, \texttt{Category}, \texttt{MapOpCode}, ...
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Acknowledgements}
|
\frametitle{Acknowledgements}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 76 KiB |
Binary file not shown.
After Width: | Height: | Size: 40 KiB |
Loading…
Reference in New Issue