misp-training/b.1-best-practices-in-threat-intelligence/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}[t,plain]
\titlepage
\end{frame}

\begin{frame}
\frametitle{Objectives}
\begin{itemize}
        \item Learning how to use MISP to support common OSINT gathering use-cases as often used by SOC, CSIRTs and CERTs
        \item By using a list of practical exercise\footnote{\url{https://gist.github.com/adulau/8c1de48060e259799d3397b83b0eec4f}}
        \item The exercises are {\bf practical recent cases to model and structure intelligence} using the MISP standard
        \item Improving the data models available in MISP by exchanging live improvements and ideas
        \item Being able to share the results to the community at the end of this session
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{(Threat) Intelligence}
\begin{itemize}
        \item {\bf Cyber threat intelligence (CTI) is a vast concept} which includes different fields such as intelligence as defined in the military community or in the financial sector or the intelligence community.
        \item {\bf MISP project doesn't want to lock an organisation or an user into a specific model}. Each model is useful depending of the objectives from an organisation.
        \item A set of pre-defined knowledge base or data-models are available and organisation can select (or create) what they need.
        \item During this session, an overview of the most used taxonomies, galaxies and objects will be described.
\end{itemize}
\end{frame}