misp-training/misp-summit/2019/summary/content.tex

106 lines
6.2 KiB
TeX
Executable File

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}
\frametitle{2019 - A successful year for the MISP project}
\begin{itemize}
\item {\bf Improving and extending MISP project and information sharing practices} at a faster rate than expected
\item Increasing the reach-out to collect ideas and inspirations from EU CSIRTs, the private sector and security professionals whilst doing trainings/workshops (thanks to the CEF funding)
\item Integrate MISP at a rapid rate with {\bf other standards} (such as MITRE ATT\&CK sighting, STIX 2, GoAML and many others)
\item Increased pan-European collaboration and information exchanged compared to 2018\footnote{https://www.x-isac.org/publication.html}
\item Reaching the {\bf establishment of a European standard\footnote{\url{https://www.misp-standard.org/}} and open source toolset for threat intelligence and information sharing}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Major outcomes in 2019}
\begin{itemize}
\item 18 releases of the MISP core software which included more than 10 major new features. Attracting a large group of new users and contributors
\end{itemize}
\includegraphics[scale=0.18]{cfd.png}
\includegraphics[scale=0.18]{objects-cfd.png}
\includegraphics[scale=0.18]{galaxy-cfd.png}
\begin{itemize}
\item Increase of contributions during 2019 (MISP core, MISP objects and galaxy libraries)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Security vulnerabilities}
\begin{itemize}
\item {\bf "We love the smell of security vulnerabilities report in the morning, it smells like a great day!"}
\item In 2019, we had 9 CVEs\footnote{\url{https://www.misp-project.org/security/}} for MISP core software
\item If you find or have any ongoing security review of MISP, don't be afraid to contact us directly
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Major outcomes of 2019}
\begin{itemize}
\item Improvements to external tools were created during 2019, such as those to the {\bf misp-dashboard} (4 releases) - with a new release being foreseen within the next weeks
\item The decaying model for indicators described as an academic paper in 2018 is now part of the core MISP software\footnote{\url{https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html}}
\item {\bf All MISP training materials are released as open content}\footnote{\url{https://github.com/MISP/misp-training}} and contain more than 36 hours of training materials (e.g. MISP usage, administration, OSINT analysis and collection, building sharing communities)
\begin{itemize}
\item Source code is available and translation(s)/contribution(s) are welcome
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Some cliffnotes of what changed in the MISP core since last year}
\begin{itemize}
\item Large focus on the APIs (rework of restSearch, {\bf modular export system}, rest client, templating)
\item Support for {\bf Matrix-like galaxies} starting with ATT\&CK
\item Strong focus on the {\bf graphing features} of MISP
\item More work on the {\bf use of objects} (possibility to turn flat events into object-based ones, etc)
\item More focus on features supporting {\bf multi-misp internal setups (local tags, CLI management, server caching)}
\item Massive amounts of work within and around MISP on contextualisation, all building up to the inclusion of the {\bf decaying model}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP object templates}
\begin{itemize}
\item The number of object templates rose from 89 (in 2018) to 147 (in 2019), thanks in a large part to the diligent work of many external contributors
\item Object templates added include {\bf telecom objects} (such as SS7, GTP, Diameter or IMSI-catcher output), {\bf cyber security objects}, {\bf security objects} (such as vehicule, interpol-notice)
\item Objects are more and more used in different sharing communities and have overtaken simple attributes in MISP as the go-to data structure, offering better contextualisation for the data shared
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP taxonomies}
\begin{itemize}
\item There are {\bf 102 taxonomies} available in MISP project contributed by various organisations and partners
\item FIRST.org CTI SIG contributed an {\bf ICS/OT Threat Attribution Industrial Control System taxonomy}
\item MISP taxonomies\footnote{\url{https://www.misp-project.org/taxonomies.html}} are common libraries and sharing communities select usually a subset to match their needs
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{MISP galaxies}
\begin{itemize}
\item There are {\bf 40 galaxies}\footnote{\url{https://www.misp-project.org/galaxy.html}} available in MISP project contributed by various organisations and partners
\item We introduced a specific matrix-like format (such as MITRE ATT\&CK model) and many new matrix-like were contributed such AM!TT Tactic (misinformation model), o365-exchange-techniques, attck4fraud, election guidelines
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Conclusion}
\begin{itemize}
\item 2019 was a busy and successful year for the MISP project
\item The 2-year CEF grant was a bootstrap to improve MISP to its next level
\item New partnerships and projects are ongoing in 2020-2021 (such as the CEF VARIoT project or H2020 Enforce)
\item As the MISP project becomes larger, we are {\bf improving the structure of the project} (misp-standard.org is the first step)
\end{itemize}
\end{frame}
\begin{frame}
\includegraphics[scale=0.3]{misp-core-contributors.png}
\end{frame}