diff --git a/a.zz-misp-and-isacs/analyst-data.png b/a.zz-misp-and-isacs/analyst-data.png new file mode 100644 index 0000000..7135de9 Binary files /dev/null and b/a.zz-misp-and-isacs/analyst-data.png differ diff --git a/a.zz-misp-and-isacs/content.tex b/a.zz-misp-and-isacs/content.tex index 2d17c72..6200aed 100644 --- a/a.zz-misp-and-isacs/content.tex +++ b/a.zz-misp-and-isacs/content.tex @@ -70,7 +70,15 @@ \end{frame} \begin{frame} - \frametitle{Who is using MISP?} + \frametitle{Who is using MISP? (1)} + \begin{center} + \includegraphics[scale=0.45]{misp-shodan.png} + \includegraphics[scale=0.27]{org-count-misppriv.png} + \end{center} +\end{frame} + +\begin{frame} + \frametitle{Who is using MISP? (2)} {\bf Communities:} groups of users sharing within a set of common objectives/values. \vspace{0.5em} \begin{itemize} @@ -85,6 +93,13 @@ \end{itemize} \end{frame} +\begin{frame} + \frametitle{What is MISP? (2)} + \begin{center} + \includegraphics[width=1.0\linewidth]{galaxy-matrix.png} + \end{center} +\end{frame} + \begin{frame} \frametitle{What is MISP? (2)} MISP is designed from the ground up to perform context-rich \textbf{threat intelligence}: @@ -117,13 +132,12 @@ \begin{frame} \frametitle{Sharing in MISP (2)} - MISP offers a wide range of strategy to share information: + MISP offers a wide range of \textbf{strategy to share information}: \begin{itemize} \item Many {\bf distribution level} offering granularity \item Sharing via distribution lists - {\bf Sharing groups} - \item {\bf Delegation} for pseudo-anonymised information sharing - \item {\bf Proposals} and {\bf Extended events} for collaborated information sharing - \item Synchronisation, Feed system, air-gapped sharing + \item Incremental Synchronisation \& air-gapped sharing + \item Feed system for ingestion \& generation \item User defined {\bf filtered sharing} for all the above mentioned methods \item Cross-instance information {\bf caching} for quick lookups of large data-sets \item Support for multi-MISP \textbf{internal enclaves} @@ -131,32 +145,43 @@ \end{frame} \begin{frame} - \frametitle{Information quality management} + \frametitle{Information Quality Management} MISP has many features to help you manage and curate the data: \begin{itemize} \item \textbf{Correlating} data \item Feedback loop from detections via {\bf Sightings} \item {\bf False positive management} via the warninglist system \item {\bf Enrichment system} via MISP-modules - \item {\bf workflow} system to review and control information publication + \item {\bf Workflow} system to review and control information publication \item {\bf Integrations} with a plethora of tools and formats \item Flexible {\bf API} and support {\bf libraries} such as PyMISP to ease integration \item {\bf Timelines} and giving information a temporal context \item Full chain for {\bf indicator life-cycle management} + \item {\bf Jupyter Notebooks} supporting common use-cases \end{itemize} \end{frame} \begin{frame} \frametitle{Integration and Automation ecosystem} - MISP has many features to help you integrate various tools, processes and workflows + MISP has many features to help you integrate various tools, processes and workflows: \begin{itemize} - \item REST-full API \& PyMISP - \item PubSub channels (ZeroMQ \& Kafka) - \item Enrichment \& Import/Export service through MISP-modules - \item Workflow system: Quick and easy automation based on trigger/conditions/actions blocks + \item REST-full \textbf{API} \& \textbf{PyMISP} + \item \textbf{PubSub channels} (ZeroMQ \& Kafka) + \item \textbf{Enrichment} \& \textbf{Import/Export} service through MISP-modules + \item \textbf{Workflow system}: Quick and easy automation based on trigger/conditions/actions blocks \end{itemize} \end{frame} +\begin{frame} + \frametitle{Information Quality Management} + \begin{center} + \includegraphics[width=0.99\linewidth]{wf-false-positive.png} + \end{center} + \begin{center} + \textbf{Blueprint library} available on Github\footnote{\url{https://github.com/MISP/misp-workflow-blueprints}} + \end{center} +\end{frame} + \begin{frame} \frametitle{Using the Power of the Community} MISP has many features to foster collaboration. To name a few: @@ -167,9 +192,17 @@ \item Sightings \item Extended Events \item Sharing-Groups + \item $\cdots$ \end{itemize} \end{frame} +\begin{frame} + \frametitle{Using the Power of the Community} + \begin{center} + \includegraphics[width=0.85\linewidth]{analyst-data.png} + \end{center} +\end{frame} + \begin{frame} \frametitle{Getting started: Joining/Running a sharing community using MISP} diff --git a/a.zz-misp-and-isacs/delegation.png b/a.zz-misp-and-isacs/delegation.png new file mode 100644 index 0000000..d3681e6 Binary files /dev/null and b/a.zz-misp-and-isacs/delegation.png differ diff --git a/a.zz-misp-and-isacs/galaxy-matrix.png b/a.zz-misp-and-isacs/galaxy-matrix.png new file mode 100644 index 0000000..ef0ba79 Binary files /dev/null and b/a.zz-misp-and-isacs/galaxy-matrix.png differ diff --git a/a.zz-misp-and-isacs/misp-shodan.png b/a.zz-misp-and-isacs/misp-shodan.png new file mode 100644 index 0000000..d6eb526 Binary files /dev/null and b/a.zz-misp-and-isacs/misp-shodan.png differ diff --git a/a.zz-misp-and-isacs/org-count-misppriv.png b/a.zz-misp-and-isacs/org-count-misppriv.png new file mode 100644 index 0000000..19d6bdb Binary files /dev/null and b/a.zz-misp-and-isacs/org-count-misppriv.png differ diff --git a/a.zz-misp-and-isacs/wf-blueprint-repo.png b/a.zz-misp-and-isacs/wf-blueprint-repo.png new file mode 100644 index 0000000..7a9e904 Binary files /dev/null and b/a.zz-misp-and-isacs/wf-blueprint-repo.png differ diff --git a/a.zz-misp-and-isacs/wf-false-positive.png b/a.zz-misp-and-isacs/wf-false-positive.png new file mode 100644 index 0000000..a6ca42f Binary files /dev/null and b/a.zz-misp-and-isacs/wf-false-positive.png differ