% DO NOT COMPILE THIS FILE DIRECTLY! % This is included by the other .tex files. \begin{frame} \titlepage \end{frame} \begin{frame} \frametitle{What is MISP?} \begin{itemize} \item Open source "TISP" - A TIP with a strong focus on sharing \item A tool that {\bf collects} information from partners, your analysts, your tools, feeds \item Normalises, correlates, enriches the data \item Allows teams and communities to {\bf collaborate} \item {\bf Feeds} automated protective tools and analyst tools with the output \item A set of tools to manage sharing communities and interconnected MISP servers \end{itemize} \end{frame} \begin{frame} \frametitle{The growing need to contextualise data} \begin{itemize} \item Contextualisation became more and more important as we as a community matured \begin{itemize} \item {\bf Growth and diversification} of our communities \item Distinguish between information of interest and raw data \item {\bf False-positive} management \item TTPs and aggregate information may be prevalent compared to raw data (risk assessment) \item {\bf Increased data volumes} leads to a need to be able to prioritise \end{itemize} \item These help with filtering your TI based on your {\bf requirements}... \item ...as highlighted by a great talk from Pasquale Stirparo titled \textit{Your Requirements Are Not My Requirements} \end{itemize} \end{frame} \begin{frame} \frametitle{The emergence of ATT\&CK} \begin{itemize} \item Standardising on high-level {\bf TTPs} was a solution to a long list of issues \item Adoption was rapid, tools producing ATT\&CK data, familiar interface for users \item A much better take on kill-chain phases in general \item Feeds into our {\bf filtering} and {\bf situational awareness}\footnote{ATT\&CK sighting is a standard export format in MISP} needs extremely well \item Gave rise to other, ATT\&CK-like systems tackling other concerns \end{itemize} \end{frame} \begin{frame} \frametitle{The emergence of ATT\&CK and similar galaxies} \begin{itemize} \item {\bf attck4fraud} \footnote{\url{https://www.misp-project.org/galaxy.html\#_attck4fraud}} by Francesco Bigarella from ING \item {\bf Election guidelines} \footnote{\url{https://www.misp-project.org/galaxy.html\#_election_guidelines}} by NIS Cooperation Group \item {\bf AM!TT Misinformation pattern} \footnote{\url{https://github.com/MISP/misp-galaxy/blob/master/clusters/misinfosec-amitt-misinformation-pattern.json}} by the misinfosecproject \item Alternative ATT\&CK models still on the rise \end{itemize} \end{frame} \begin{frame} \frametitle{Future of ATT\&CK in MISP Project} \begin{itemize} \item MISP Galaxy 2.0 will include {\bf improved inter-linking between ATT\&CK and other models} (other galaxy or matrix-like models) \item Those relationships will be also shareable within different MISP communities \item Improvement into ATT\&CK sub-techniques integration within MISP \end{itemize} \end{frame} \begin{frame} \frametitle{Get in touch if you have any questions} \begin{itemize} \item Contact CIRCL \begin{itemize} \item info@circl.lu \item \url{https://twitter.com/circl_lu} \item \url{https://www.circl.lu/} \end{itemize} \item Contact MISPProject \begin{itemize} \item \url{https://github.com/MISP} \item \url{https://gitter.im/MISP/MISP} \item \url{https://twitter.com/MISPProject} \end{itemize} \item Join the COVID-19 MISP community \begin{itemize} \item \url{https://covid-19.iglocska.eu} \end{itemize} \end{itemize} \end{frame}