mirror of https://github.com/MISP/misp-training
43 lines
2.1 KiB
TeX
Executable File
43 lines
2.1 KiB
TeX
Executable File
% DO NOT COMPILE THIS FILE DIRECTLY!
|
|
% This is included by the other .tex files.
|
|
|
|
\begin{frame}[t,plain]
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Objectives}
|
|
\begin{itemize}
|
|
\item Learning how to use MISP to support common OSINT gathering use-cases as often used by SOC, CSIRTs and CERTs
|
|
\item By using a list of practical exercise\footnote{\url{https://gist.github.com/adulau/8c1de48060e259799d3397b83b0eec4f}}
|
|
\item The exercises are {\bf practical recent cases to model and structure intelligence} using the MISP standard
|
|
\item Improving the data models available in MISP by exchanging live improvements and ideas
|
|
\item Being able to share the results to the community at the end of this session
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{(Threat) Intelligence}
|
|
\begin{itemize}
|
|
\item {\bf Cyber threat intelligence (CTI) is a vast concept} which includes different fields such as intelligence as defined in the military community or in the financial sector or the intelligence community.
|
|
\item {\bf MISP project doesn't want to lock an organisation or an user into a specific model}. Each model is useful depending of the objectives from an organisation.
|
|
\item A set of pre-defined knowledge base or data-models are available and organisation can select (or create) what they need.
|
|
\item During this session, an overview of the most used taxonomies, galaxies and objects will be described.
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{microblog object}
|
|
\begin{columns}[totalwidth=\textwidth]
|
|
\column{0.49\textwidth}\underline{Use case}\\
|
|
A serie of OSINT tweets from a security researcher.
|
|
To structure the thread, the information
|
|
and keep an history.\\
|
|
\includegraphics[scale=0.15]{emotet.png}
|
|
\column{0.49\textwidth}\underline{Object to use}\\
|
|
The microblog object can be used for Tweet or any microblog post (e.g. Facebook). Then object can be linked using {\it followed-by} to describe a serie of post.\\
|
|
\includegraphics[scale=0.15]{microblog.png}
|
|
\end{columns}
|
|
\end{frame}
|
|
|