MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [b.1] file object template added

changes-actionable
Alexandre Dulaunoy 2019-09-24 22:36:09 +02:00
parent e7a4f1b8c9
commit dbe8345f13
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
b.1-best-practices-in-threat-intelligence/content.tex
View File

@ -19,10 +19,18 @@
\begin{frame} \begin{frame}
\frametitle{(Threat) Intelligence} \frametitle{(Threat) Intelligence}
\begin{itemize} \begin{itemize}
\item {\bf Cyber threat intelligence (CTI) is a vast concept} which includes different fields such as intelligence as defined in the military community or in the financial sector or the intelligence community. \item {\bf Cyber threat intelligence (CTI) is a vast concept} which includes different fields such as intelligence as defined in the military community or in the financial sector or the intelligence community
\item {\bf MISP project doesn't want to lock an organisation or an user into a specific model}. Each model is useful depending of the objectives from an organisation. \item {\bf MISP project doesn't want to lock an organisation or an user into a specific model}. Each model is useful depending of the objectives from an organisation
\item A set of pre-defined knowledge base or data-models are available and organisation can select (or create) what they need. \item A set of pre-defined knowledge base or data-models are available and organisation can select (or create) what they need
\item During this session, an overview of the most used taxonomies, galaxies and objects will be described. \item During this session, an overview of the most used taxonomies, galaxies and objects will be described
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Meta information and Contextualisation}
\begin{itemize}
\item Quality of indicators/attributes are important but {\bf tagging and classification are also critical to ensure actionable information}
\item Tagging intelligence is done by using tags in MISP which are often originating from MISP taxonomy libraries
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -40,3 +48,19 @@ and keep an history.\\
\end{columns} \end{columns}
\end{frame} \end{frame}
\begin{frame}
\frametitle{file object}
\begin{columns}[totalwidth=\textwidth]
\column{0.49\textwidth}\underline{Use case}\\
\begin{itemize}
\item A file sample was received by email or extracted from VirusTotal.
\item A list of file hashes were included in a report.
\item A hash value was mentioned in a blog post.
\end{itemize}
\column{0.49\textwidth}\underline{Object to use}\\
The file object can be used to describe file. It's usual to have partial meta information such as a single hash and a filename.\\
\includegraphics[scale=0.25]{fileobject.png}
\end{columns}
\end{frame}