2.0 KiB
Agenda
First day
-
9:00-10:30 Introduction Cybersecurity Information Sharing - MISP Perspective
-
10:45-12:30 Usage and Features of the MISP software
-
14:00-15:30 Common Integration of MISP within an Organisation - from MISP Setup and Seizing to Situational Awareness
-
15:45-17:00 MISP Administration and Starting your Information Sharing Community
Second day
-
9:00-10:30 Practical OSINT exercise - Best Practices in Threat Intelligence
-
10:45-12:30 Practical OSINT exercise - Gather, document, analyse and contextualise intelligence using MISP
-
14:00-15:30 Building Information Sharing Communities
-
15:45-17:00 Building Information Sharing Communities
Third day
-
9:00-10:30 Extending Data Models in MISP - from Taxonomies to Custom Objects
-
10:45-12:30 Turning data into actionable intelligence using APIs
-
14:00-15:30 Integrating MISP with your tools and processes
-
15:45-17:00 Integrating MISP with your tools and processes
What will attendees learn?
Participants will understand the overall process of threat intelligence in incident response, cyber security and other fields. They will be able to create their own intelligence and share it efficiently with other partners. They will be able to analyse specific requirements of information sharing communities and apply it to their day-to-day operational activities. Participants will be able to apply the information sharing concepts and improve their cyber security processes to gather more information and exercise it more efficiently.
- MISP in practice
- encoding information from 3rd parties
- encoding information produced by other tools
- contextualising information
- collaborating with others and partners
- cross-correlating information and how to make use of the community
- producing actionable information
- integrating MISP with other tools via the APIs
- building modules to connect to internal and external services
- building valuable feeds
- using the various support tools coming from the misp-project as well as 3rd parties