mirror of https://github.com/MISP/misp-training
chg: [a.zz-isacs] Added more content
Sami Mokaddem
parent
89f8f7ae8d
commit
e37af8748f
Binary file not shown.
|
After Width: | Height: | Size: 77 KiB |
|
|
@ -70,7 +70,15 @@
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Who is using MISP?}
|
\frametitle{Who is using MISP? (1)}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[scale=0.45]{misp-shodan.png}
|
||||||
|
\includegraphics[scale=0.27]{org-count-misppriv.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Who is using MISP? (2)}
|
||||||
{\bf Communities:} groups of users sharing within a set of common objectives/values.
|
{\bf Communities:} groups of users sharing within a set of common objectives/values.
|
||||||
\vspace{0.5em}
|
\vspace{0.5em}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
|
@ -85,6 +93,13 @@
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{What is MISP? (2)}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=1.0\linewidth]{galaxy-matrix.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{What is MISP? (2)}
|
\frametitle{What is MISP? (2)}
|
||||||
MISP is designed from the ground up to perform context-rich \textbf{threat intelligence}:
|
MISP is designed from the ground up to perform context-rich \textbf{threat intelligence}:
|
||||||
|
|
@ -117,13 +132,12 @@
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Sharing in MISP (2)}
|
\frametitle{Sharing in MISP (2)}
|
||||||
MISP offers a wide range of strategy to share information:
|
MISP offers a wide range of \textbf{strategy to share information}:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Many {\bf distribution level} offering granularity
|
\item Many {\bf distribution level} offering granularity
|
||||||
\item Sharing via distribution lists - {\bf Sharing groups}
|
\item Sharing via distribution lists - {\bf Sharing groups}
|
||||||
\item {\bf Delegation} for pseudo-anonymised information sharing
|
\item Incremental Synchronisation \& air-gapped sharing
|
||||||
\item {\bf Proposals} and {\bf Extended events} for collaborated information sharing
|
\item Feed system for ingestion \& generation
|
||||||
\item Synchronisation, Feed system, air-gapped sharing
|
|
||||||
\item User defined {\bf filtered sharing} for all the above mentioned methods
|
\item User defined {\bf filtered sharing} for all the above mentioned methods
|
||||||
\item Cross-instance information {\bf caching} for quick lookups of large data-sets
|
\item Cross-instance information {\bf caching} for quick lookups of large data-sets
|
||||||
\item Support for multi-MISP \textbf{internal enclaves}
|
\item Support for multi-MISP \textbf{internal enclaves}
|
||||||
|
|
@ -131,32 +145,43 @@
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Information quality management}
|
\frametitle{Information Quality Management}
|
||||||
MISP has many features to help you manage and curate the data:
|
MISP has many features to help you manage and curate the data:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item \textbf{Correlating} data
|
\item \textbf{Correlating} data
|
||||||
\item Feedback loop from detections via {\bf Sightings}
|
\item Feedback loop from detections via {\bf Sightings}
|
||||||
\item {\bf False positive management} via the warninglist system
|
\item {\bf False positive management} via the warninglist system
|
||||||
\item {\bf Enrichment system} via MISP-modules
|
\item {\bf Enrichment system} via MISP-modules
|
||||||
\item {\bf workflow} system to review and control information publication
|
\item {\bf Workflow} system to review and control information publication
|
||||||
\item {\bf Integrations} with a plethora of tools and formats
|
\item {\bf Integrations} with a plethora of tools and formats
|
||||||
\item Flexible {\bf API} and support {\bf libraries} such as PyMISP to ease integration
|
\item Flexible {\bf API} and support {\bf libraries} such as PyMISP to ease integration
|
||||||
\item {\bf Timelines} and giving information a temporal context
|
\item {\bf Timelines} and giving information a temporal context
|
||||||
\item Full chain for {\bf indicator life-cycle management}
|
\item Full chain for {\bf indicator life-cycle management}
|
||||||
|
\item {\bf Jupyter Notebooks} supporting common use-cases
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Integration and Automation ecosystem}
|
\frametitle{Integration and Automation ecosystem}
|
||||||
MISP has many features to help you integrate various tools, processes and workflows
|
MISP has many features to help you integrate various tools, processes and workflows:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item REST-full API \& PyMISP
|
\item REST-full \textbf{API} \& \textbf{PyMISP}
|
||||||
\item PubSub channels (ZeroMQ \& Kafka)
|
\item \textbf{PubSub channels} (ZeroMQ \& Kafka)
|
||||||
\item Enrichment \& Import/Export service through MISP-modules
|
\item \textbf{Enrichment} \& \textbf{Import/Export} service through MISP-modules
|
||||||
\item Workflow system: Quick and easy automation based on trigger/conditions/actions blocks
|
\item \textbf{Workflow system}: Quick and easy automation based on trigger/conditions/actions blocks
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Information Quality Management}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=0.99\linewidth]{wf-false-positive.png}
|
||||||
|
\end{center}
|
||||||
|
\begin{center}
|
||||||
|
\textbf{Blueprint library} available on Github\footnote{\url{https://github.com/MISP/misp-workflow-blueprints}}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Using the Power of the Community}
|
\frametitle{Using the Power of the Community}
|
||||||
MISP has many features to foster collaboration. To name a few:
|
MISP has many features to foster collaboration. To name a few:
|
||||||
|
|
@ -167,9 +192,17 @@
|
||||||
\item Sightings
|
\item Sightings
|
||||||
\item Extended Events
|
\item Extended Events
|
||||||
\item Sharing-Groups
|
\item Sharing-Groups
|
||||||
|
\item $\cdots$
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Using the Power of the Community}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=0.85\linewidth]{analyst-data.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{Getting started: Joining/Running a sharing community using MISP}
|
\frametitle{Getting started: Joining/Running a sharing community using MISP}
|
||||||
|
|
||||||
|
|
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 54 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 97 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 35 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 59 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 103 KiB |
Loading…
Reference in New Issue