% DO NOT COMPILE THIS FILE DIRECTLY! % This is included by the other .tex files. \begin{frame}[t,plain] \titlepage \end{frame} \begin{frame} \frametitle{2019 - A successful year for the MISP project} \begin{itemize} \item {\bf Improving and extending MISP project and information sharing practices} at a faster rate than expected \item Increasing the reach-out to collect ideas and inspirations from EU CSIRTs, the private sector and security professionals whilst doing trainings/workshops (thanks to the CEF funding) \item Integrate MISP at a rapid rate with {\bf other standards} (such as MITRE ATT\&CK sighting, STIX 2, GoAML and many others) \item Increased pan-European collaboration and information exchanged compared to 2018\footnote{https://www.x-isac.org/publication.html} \item Reaching the {\bf establishment of a European standard\footnote{\url{https://www.misp-standard.org/}} and open source toolset for threat intelligence and information sharing} \end{itemize} \end{frame} \begin{frame} \frametitle{Major outcomes in 2019} \begin{itemize} \item 18 releases of the MISP core software which included more than 10 major new features. Attracting a large group of new users and contributors \end{itemize} \includegraphics[scale=0.18]{cfd.png} \includegraphics[scale=0.18]{objects-cfd.png} \includegraphics[scale=0.18]{galaxy-cfd.png} \begin{itemize} \item Increase of contributions during 2019 (MISP core, MISP objects and galaxy libraries) \end{itemize} \end{frame} \begin{frame} \frametitle{Security vulnerabilities} \begin{itemize} \item {\bf "We love the smell of security vulnerabilities report in the morning, it smells like a great day!"} \item In 2019, we had 9 CVEs\footnote{\url{https://www.misp-project.org/security/}} for MISP core software \item If you find or have any ongoing security review of MISP, don't be afraid to contact us directly \end{itemize} \end{frame} \begin{frame} \frametitle{Major outcomes of 2019} \begin{itemize} \item Improvements to external tools were created during 2019, such as those to the {\bf misp-dashboard} (4 releases) - with a new release being foreseen within the next weeks \item The decaying model for indicators described as an academic paper in 2018 is now part of the core MISP software\footnote{\url{https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html}} \item {\bf All MISP training materials are released as open content}\footnote{\url{https://github.com/MISP/misp-training}} and contain more than 36 hours of training materials (e.g. MISP usage, administration, OSINT analysis and collection, building sharing communities) \begin{itemize} \item Source code is available and translation(s)/contribution(s) are welcome \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{Some cliffnotes of what changed in the MISP core since last year} \begin{itemize} \item Large focus on the APIs (rework of restSearch, {\bf modular export system}, rest client, templating) \item Support for {\bf Matrix-like galaxies} starting with ATT\&CK \item Strong focus on the {\bf graphing features} of MISP \item More work on the {\bf use of objects} (possibility to turn flat events into object-based ones, etc) \item More focus on features supporting {\bf multi-misp internal setups (local tags, CLI management, server caching)} \item Massive amounts of work within and around MISP on contextualisation, all building up to the inclusion of the {\bf decaying model} \end{itemize} \end{frame} \begin{frame} \frametitle{MISP object templates} \begin{itemize} \item The number of object templates rose from 89 (in 2018) to 147 (in 2019), thanks in a large part to the diligent work of many external contributors \item Object templates added include {\bf telecom objects} (such as SS7, GTP, Diameter or IMSI-catcher output), {\bf cyber security objects}, {\bf security objects} (such as vehicule, interpol-notice) \item Objects are more and more used in different sharing communities and have overtaken simple attributes in MISP as the go-to data structure, offering better contextualisation for the data shared \end{itemize} \end{frame} \begin{frame} \frametitle{MISP taxonomies} \begin{itemize} \item There are {\bf 102 taxonomies} available in MISP project contributed by various organisations and partners \item FIRST.org CTI SIG contributed an {\bf ICS/OT Threat Attribution Industrial Control System taxonomy} \item MISP taxonomies\footnote{\url{https://www.misp-project.org/taxonomies.html}} are common libraries and sharing communities select usually a subset to match their needs \end{itemize} \end{frame} \begin{frame} \frametitle{MISP galaxies} \begin{itemize} \item There are {\bf 40 galaxies}\footnote{\url{https://www.misp-project.org/galaxy.html}} available in MISP project contributed by various organisations and partners \item We introduced a specific matrix-like format (such as MITRE ATT\&CK model) and many new matrix-like were contributed such AM!TT Tactic (misinformation model), o365-exchange-techniques, attck4fraud, election guidelines \end{itemize} \end{frame} \begin{frame} \frametitle{Conclusion} \begin{itemize} \item 2019 was a busy and successful year for the MISP project \item The 2-year CEF grant was a bootstrap to improve MISP to its next level \item New partnerships and projects are ongoing in 2020-2021 (such as the CEF VARIoT project or H2020 Enforce) \item As the MISP project becomes larger, we are {\bf improving the structure of the project} (misp-standard.org is the first step) \end{itemize} \end{frame} \begin{frame} \includegraphics[scale=0.3]{misp-core-contributors.png} \end{frame}