misp-training/a.13-misp-stix/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}[t,plain]
\titlepage
\end{frame}

\begin{frame}
    \frametitle{MISP \& STIX}
    \begin{itemize}
        \item{\bf Built-in integration}
        \item Export \& Import features
        \begin{itemize}
            \item Export MISP Events collections
            \item Import STIX files
        \end{itemize}
        \item Supported version
        \begin{itemize}
            \item STIX 1.1.1
            \item STIX 2.0
        \end{itemize}
        \item Accessible via restSearch
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Limitations}
    \begin{itemize}
        \item Feature limitations
        \begin{itemize}
            \item Supported versions
            \item Data type support
        \end{itemize}
        \item []
        \item Practical limitations
        \begin{itemize}
            \item Export and import features only available via MISP rest client
            \item {\bf Github}: STIX issues lost within the MISP core issues
        \end{itemize}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Handling the conversion with a python library}
    \begin{itemize}
        \item Revamp of the source code
        \item Enable a standalone use of the python code
        \begin{itemize}
            \item MISP JSON  format -> STIX
            \item Pass files with MISP JSON format -> get file with the export results in STIX
        \end{itemize}
        \item []
        \item Possible integration within python code
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Key features}
    \begin{itemize}
        \item Support all the STIX versions
        \begin{itemize}
            \item {\bf STIX 2.1 Support}
            \item 1.1.1, 1.2, 2.0 Support enhanced
        \end{itemize}
        \item Various MISP data collection supported
        \item[]
        \item {\bf Mapping documentation}
        \item Package available on PyPI\footnote{https://pypi.org/project/misp-stix/}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{Work in Progress \& Next improvements}
    \begin{itemize}
        \item WiP
        \begin{itemize}
            \item {\bf Implement the import feature}
            \item Support of existing STIX objects libraries\footnote{https://github.com/mitre/cti}
        \end{itemize}
        \item Next features on the roadmap
        \begin{itemize}
            \item Extend the export feature to any kind of data collection
            \item Support custom STIX format\footnote{Especially while importing STIX data, {\bf and as long as we can implement support of well defined versions}}
        \end{itemize}
        \item Continuous improvement
        \begin{itemize}
            \item Mapping improvement
            \item More tests to avoid edge case issues
        \end{itemize}
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{How to report bugs/issues}
    \begin{itemize}
        \item Github issues
        \begin{itemize}
            \item {\bf https://github.com/MISP/misp-stix/issues}
            \item https://github.com/MISP/MISP/issues
        \end{itemize}
        \item []
        \item Please provide details
        \begin{itemize}
            \item How did the issue happen
            \item {\bf Recommendation}: provide samples
        \end{itemize}
        \item[]
        \item Any feedback welcome
    \end{itemize}
\end{frame}

\begin{frame}
    \frametitle{To get in touch with us}
    \begin{itemize}
        \item \url{https://github.com/MISP/misp-stix}
        \item \url{https://github.com/MISP/misp-stix/tree/main/documentation}
        \item []
        \item \url{https://github.com/MISP}
        \item \url{https://www.misp-project.org/}
        \item \url{https://twitter.com/MISPProject}
        \item \url{https://twitter.com/chrisred_68}
    \end{itemize}
\end{frame}