cerebrate-training/2023-11-14-NATO-MUG/content.tex

% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.

\begin{frame}[t,plain]
\titlepage
\end{frame}

\begin{frame}
  \frametitle{The aim of this presentation}
  \begin{itemize}
    \item Cerebrate
    \begin{itemize}
     \item What has happened since the last MUG
     \item Give you a brief update over the highlights
     \item Ongoing work
    \end{itemize}
  \end{itemize}
\end{frame}

\begin{frame}
  \frametitle{Statistics}
  \begin{itemize}
    \item Since the last MUG we've had:
    \begin{itemize}
        \item {\bf 4} releases
        \item {\bf 83} commits
    \end{itemize}
  \end{itemize}
\end{frame}

\begin{frame}
  \frametitle{CNW Pilot}
  \begin{itemize}
    \item Collaboration with ENISA and CNW community
    \begin{itemize}
        \item Bug fixes
        \item Usability rework
        \item Additional supporting tools
        \item New feature requests
        \item Security fixes
    \end{itemize}
  \end{itemize}
\end{frame}

\section{Give you a brief update over the highlights}


\begin{frame}
\frametitle{Enumerations}
    \begin{itemize}
        \item Create lists of enumerations for selector fields
        \item Unified way of expressing countries, types of organisations
        \item Created ad-hoc per instance
    \end{itemize}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pictures/enumeration.png}
    \end{center}
\end{frame}

\begin{frame}
\frametitle{Organisation group management}
    \begin{itemize}
        \item Create {\bf sub-groups} in the community
        \item For example national groups, with appointed administration
        \item Improve {\bf life-cycle management of user accounts}
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Organisation group management}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pictures/OrgGroup.png}
    \end{center}
\end{frame}


\begin{frame}
\frametitle{MISP management}
    \begin{itemize}
        \item Be able to manage {\bf Cerebrate interconnections}...
        \item ...and {\bf MISP instances}
        \item Visual overview, simple access
        \item Debugging and diagnostics
        \item Data management
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Topology}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pictures/orchestration1.png}
    \end{center}
\end{frame}

\begin{frame}
\frametitle{MISP management}
    \begin{itemize}
        \item Built using {\bf mermaid.js}
        \item Can export itself as mermaid markdown
        \item Easy to use for documentation
        \item {\bf Diagnostics} relies on connector module implementation
        \item Quick {\bf pivots} to all tool and connected cerebrate functinalities
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{MISP connector updates}
    \begin{itemize}
        \item New features to better negotiate information exchange
        \item View / compare {\bf state} of data repositories
        \item Multi-select {\bf bulk ingest}
        \item Rule based {\bf bulk push}
    \end{itemize}
\end{frame}


\begin{frame}
\frametitle{Connector interface}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pictures/orchestration2.png}
    \end{center}
\end{frame}

\begin{frame}
\frametitle{Push rules}
    \begin{center}
        \includegraphics[width=1.0\linewidth]{pictures/orchestration3.png}
    \end{center}
\end{frame}

\begin{frame}
\frametitle{Quality of life improvements}
    \begin{itemize}
        \item Meta-template {\bf version migrations} rework
        \begin{itemize}
 	       \item Various supported strategies (update, delete)
        \end{itemize}
        \item New community management settings
        \item {\bf CLI tools} for enrollment
        \item UI rework to streamline user interactions
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Quality of life improvements}
    \begin{itemize}
        \item {\bf Download filtered results}
        \item Export as {\bf CSV}
        \item Includes all custom meta-fields
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Quality of life improvements}
    \begin{itemize}
        \item {\bf Search and filter based on custom fields}
        \item Define rules on what to display in terms of custom fields by default
        \item Search on related data
        \item Modify and {\bf extend roles} with metafields
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Sharing group rework}
    \begin{itemize}
        \item Match what MISP does
        \item Sharing group extenders
        \item {\bf Sync sharing groups to/from MISP}
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Cake-fuzzer}
    \begin{itemize}
        \item Developped by {\bf Zigrin security}, run by NCIA alumn {\bf Dawid Czarnecki}
        \item Funded by the {\bf Luxembourg Armed Forces}
        \item Full blown {\bf fuzzing framework targeting MISP and Cerebrate}
        \item Long list of {\bf high severity CVEs} discovered
        \item Constant development, open source
        \item Will become part of our release CI pipeline
        \item \url{https://github.com/Zigrin-Security/CakeFuzzer}
    \end{itemize}
\end{frame}



\section{What we're working on}

\begin{frame}
\frametitle{Issues we're trying to solve as of late for ourselves}
    \begin{itemize}
        \item {\bf Contact management} across large interconnected networks
        \item {\bf Constituency} information
         \begin{itemize}
            \item Geographic \& sectorial
            \item But also technical: CIDR blocks \& AS Numbers
        \end{itemize}
	\item Managing our MISP fleets for various use-cases
	\item {\bf Distribution list} management
	\item MISP cryptographic signing {\bf PKI} management
	 \begin{itemize}
            \item MISP's protected event feature
            \item Future: Protected Sharing groups? 
        \end{itemize}
        \item Creating data buckets in MISP for better retrieval
        \item Sub-group self management
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{A bit about our internal topology}
  \begin{center}
    \includegraphics[width=1\linewidth]{pictures/our_topology.png}
  \end{center}
\end{frame}


\begin{frame}
\frametitle{Deployment}
    \begin{itemize}
        \item \textbf{Deploying} the topology above
        \item Standing up a {\bf NATO community Cerebrate} instance
            \begin{itemize}
            	\item Details to be finalised, hosted at CIRCL
            	\item Based on previous discussions at MUG and steering board
            \end{itemize}
        \item \textbf{Deploying} an Open lookup Cerebrate 
        \item Supporting the finalisation of the CNW deployment
    \end{itemize}
\end{frame}

\begin{frame}
\frametitle{Development}
    \begin{itemize}
        \item Further MISP integrations
        \item Integration with other tools
        \item Community centric PKI
        \begin{itemize}
            \item Protected mode support
            \item General data signing support for MISP
        \end{itemize}
        \item Mailing group management
    \end{itemize}
\end{frame}