mirror of https://github.com/MISP/misp-training
89 lines
3.7 KiB
TeX
89 lines
3.7 KiB
TeX
% DO NOT COMPILE THIS FILE DIRECTLY!
|
|
% This is included by the other .tex files.
|
|
|
|
\begin{frame}
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{What is MISP?}
|
|
\begin{itemize}
|
|
\item Open source "TISP" - A TIP with a strong focus on sharing
|
|
\item A tool that {\bf collects} information from partners, your analysts, your tools, feeds
|
|
\item Normalises, correlates, enriches the data
|
|
\item Allows teams and communities to {\bf collaborate}
|
|
\item {\bf Feeds} automated protective tools and analyst tools with the output
|
|
\item A set of tools to manage sharing communities and interconnected MISP servers
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{The growing need to contextualise data}
|
|
\begin{itemize}
|
|
\item Contextualisation became more and more important as we as a community matured
|
|
\begin{itemize}
|
|
\item {\bf Growth and diversification} of our communities
|
|
\item Distinguish between information of interest and raw data
|
|
\item {\bf False-positive} management
|
|
\item TTPs and aggregate information may be prevalent compared to raw data (risk assessment)
|
|
\item {\bf Increased data volumes} leads to a need to be able to prioritise
|
|
\end{itemize}
|
|
\item These help with filtering your TI based on your {\bf requirements}...
|
|
\item ...as highlighted by a great talk from Pasquale Stirparo titled \textit{Your Requirements Are Not My Requirements}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{The emergence of ATT\&CK}
|
|
\begin{itemize}
|
|
\item Standardising on high-level {\bf TTPs} was a solution to a long list of issues
|
|
\item Adoption was rapid, tools producing ATT\&CK data, familiar interface for users
|
|
\item A much better take on kill-chain phases in general
|
|
\item Feeds into our {\bf filtering} and {\bf situational awareness}\footnote{ATT\&CK sighting is a standard export format in MISP} needs extremely well
|
|
\item Gave rise to other, ATT\&CK-like systems tackling other concerns
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{The emergence of ATT\&CK and similar galaxies}
|
|
\begin{itemize}
|
|
\item {\bf attck4fraud} \footnote{\url{https://www.misp-project.org/galaxy.html\#_attck4fraud}} by Francesco Bigarella from ING
|
|
\item {\bf Election guidelines} \footnote{\url{https://www.misp-project.org/galaxy.html\#_election_guidelines}} by NIS Cooperation Group
|
|
\item {\bf AM!TT Misinformation pattern} \footnote{\url{https://github.com/MISP/misp-galaxy/blob/master/clusters/misinfosec-amitt-misinformation-pattern.json}} by the misinfosecproject
|
|
\item Alternative ATT\&CK models still on the rise
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}
|
|
\frametitle{Future of ATT\&CK in MISP Project}
|
|
\begin{itemize}
|
|
\item MISP Galaxy 2.0 will include {\bf improved inter-linking between ATT\&CK and other models} (other galaxy or matrix-like models)
|
|
\item Those relationships will be also shareable within different MISP communities
|
|
\item Improvement into ATT\&CK sub-techniques integration within MISP
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Get in touch if you have any questions}
|
|
\begin{itemize}
|
|
\item Contact CIRCL
|
|
\begin{itemize}
|
|
\item info@circl.lu
|
|
\item \url{https://twitter.com/circl_lu}
|
|
\item \url{https://www.circl.lu/}
|
|
\end{itemize}
|
|
\item Contact MISPProject
|
|
\begin{itemize}
|
|
\item \url{https://github.com/MISP}
|
|
\item \url{https://gitter.im/MISP/MISP}
|
|
\item \url{https://twitter.com/MISPProject}
|
|
\end{itemize}
|
|
\item Join the COVID-19 MISP community
|
|
\begin{itemize}
|
|
\item \url{https://covid-19.iglocska.eu}
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|