% DO NOT COMPILE THIS FILE DIRECTLY! % This is included by the other .tex files. \begin{frame}[t,plain] \titlepage \end{frame} \begin{frame} \frametitle{2019 - A successful year for the MISP project} \begin{itemize} \item {\bf Improving and extending MISP project and information sharing practices} at a faster rate than expected \item Increasing the reach-out to collect ideas and inspirations from EU CSIRTs, the private sector and security professionals whilst doing trainings/workshops (thanks to the CEF funding) \item Integrate MISP at a rapid rate with {\bf other standards} (such as MITRE ATT\&CK sighting, STIX 2, GoAML and many others) \item Increased pan-European collaboration and information exchanged compared to 2018\footnote{https://www.x-isac.org/publication.html} \item Reaching the {\bf establishment of a European standard\footnote{\url{https://www.misp-standard.org/}} and open source toolset for threat intelligence and information sharing} \end{itemize} \end{frame} \begin{frame} \frametitle{Major outcomes in 2019} \begin{itemize} \item 18 releases of the MISP core software which included more than 10 major new features. Attracting a large group of new users and contributors \end{itemize} \includegraphics[scale=0.18]{cfd.png} \includegraphics[scale=0.18]{objects-cfd.png} \includegraphics[scale=0.18]{galaxy-cfd.png} \begin{itemize} \item Increase of contributions during 2019 (MISP core, MISP objects and galaxy libraries) \end{itemize} \end{frame} \begin{frame} \frametitle{Major outcomes of 2019} \begin{itemize} \item Improvements to external tools were created during 2019, such as those to the {\bf misp-dashboard} (4 releases) - with a new release being foreseen within the next weeks \item The decaying model for indicators described as an academic paper in 2018 is now part of the core MISP software\footnote{\url{https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html}} \item {\bf All MISP training materials are released as open content}\footnote{\url{https://github.com/MISP/misp-training}} and contain more than 36 hours of training materials (e.g. MISP usage, administration, OSINT analysis and collection, building sharing communities) \begin{itemize} \item Source code is available and translation(s)/contribution(s) are welcome \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{MISP object templates} \begin{itemize} \item The number of object templates rose from 89 (in 2018) to 147 (in 2019), thanks in a large part to the diligent work of many external contributors \item Object templates added include {\bf telecom objects} (such as SS7, GTP, Diameter or IMSI-catcher output), {\bf cyber security objects}, {\bf security objects} (such as vehicule, interpol-notice) \item Objects are more and more used in different sharing communities and have overtaken simple attributes in MISP as the go-to data structure, offering better contextualisation for the data shared \end{itemize} \end{frame} \begin{frame} \frametitle{MISP taxonomies} \begin{itemize} \item There are {\bf 102 taxonomies} available in MISP project contributed by various organisations and partners \item FIRST.org CTI SIG contributed an {\bf ICS/OT Threat Attribution Industrial Control System taxonomy} \item MISP taxonomies\footnote{\url{https://www.misp-project.org/taxonomies.html}} are common libraries and sharing communities select usually a subset to match their needs \end{itemize} \end{frame} \begin{frame} \frametitle{Conclusion} \begin{itemize} \item 2019 was a busy and successful year for the MISP project \item The 2-year CEF grant was a bootstrap to improve MISP to its next level \item New partnerships and projects are ongoing in 2020-2021 (such as the CEF VARIoT project or H2020 Enforce) \item As the MISP project becomes larger, we are {\bf improving the structure of the project} (misp-standard.org is the first step) \end{itemize} \end{frame}