FIRST automation slides

2023-10-05-FIRST-Automation-SIG/content.md

@@ -0,0 +1,32 @@
+The following topics will be covered along with their implementation in Cerebrate:
+
+- Attendees will learn about a new open source platform solving several, often frustrating issues
+    - Loads of communities
+    - Loads of UUIDs to manually process
+    - Loads of points of contacts
+    - Loads of Sharing Group issues / Inconsistencies
+- An organisation registry for sharing communities utilising open source tools such as MISP
+    - Solution: Simplicity, light and open-source
+    - Technology used: PHP, cakephp4, BS5, ...
+    - Main purpose: Contact DB
+    - Flexible system to store additional information: Meta-template as KV-store
+- How to manage and serve trust information, including organisational information, cryptographic signing keys, mailing lists to a community
+    - Web interface and API to ease interaction
+    - Open directory
+    - Cerebrate information sharing and remote-trust (- Cerebrate-to-Cerebrate connection)
+    - Practical examples:
+        - Sharing group: Share an incident with your constituency
+        - Cryptographic keys repository: MISP protected event Example
+- A tool that help managing local tools
+    - Local tools: Design and Connectors
+    - Example: MISP Fleet management
+- Open dialogues to community members to request tool to tool interconnections
+    - Exposed local tools
+    - SYN, SYN/ACK, ACK ( People chatting)
+    - Local tool inter-connection via synchronisation configuration profiles
+    - Examepl: MISP Inter-connection
+- Roadmap
+    - Integration with other tools
+        - Ticketing systems
+        - Mailing list (Mailman)
+        - Messaging App (mattermost)

2023-10-05-FIRST-Automation-SIG/content.tex

@@ -0,0 +1,375 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\begin{frame}[t,plain]
+\titlepage
+\end{frame}
+
+\begin{frame}
+\frametitle{Plan for this session}
+    \begin{itemize}
+        \item Quick Cerebrate intro
+        \item Demo
+        \item Future plans
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{What is Cerebrate?}
+    \begin{itemize}
+        \item A new-ish OSS Community management and orchestration platform
+        \item Takes care of:
+        \begin{itemize}
+            \item Contact library management
+            \item Constituency lookup
+            \item Interconnection Orchestration
+            \item Tool management and orchestration
+            \item Sharing group distribution and management
+            \item Cryptographic key lookup
+            \item Shared services access management
+        \end{itemize}
+        \item Developed initially as part of:
+    \end{itemize}
+    \vspace{0.5em}
+    \begin{center}
+        \includegraphics[width=0.55\linewidth]{pictures/melicertes.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Managing large communities is difficult}
+    \begin{itemize}
+        \item Our MISP communities started out small
+        \item Most communities acted as islands
+        \item Interconnecting communities came with its own problems
+        \begin{itemize}
+            \item Interconnection requests
+            \item Organisation management
+            \item Enrollment process
+        \end{itemize}
+        \item Finding and communicating with the right parties is difficult
+        \item Managing multiple MISP instances can be tedious
+    \end{itemize}
+\end{frame}
+
+\section{Let us take a step back and look at a use-case}
+
+\begin{frame}
+\frametitle{Running a large community can feel like...}
+    \begin{center}
+	    \includegraphics[width=1\linewidth]{pictures/herding_cats.jpeg}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{A bit about our internal topology}
+    \includegraphics[width=0.45\linewidth]{pictures/topology.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Some stats about one of our MISP instance: MISPPriv}
+    \includegraphics[width=0.45\linewidth]{pictures/misppriv-user-org-stats.png}
+\end{frame}
+
+\begin{frame}
+    \frametitle{Some stats about one of our MISP instance: MISPPriv}
+    \begin{center}
+        \includegraphics[width=1.0\linewidth]{pictures/bokeh_new_org.png}
+    \end{center}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Issues we're trying to solve}
+    However, broader and more diverse communities lead to more issues
+    \begin{itemize}
+        \item {Non-technical issues}
+        \begin{itemize}
+            \item Overwhelming amount of points of contacts
+            \item Sharing difficulties in terms of social interactions (e.g trust)
+        \end{itemize}
+    \end{itemize}
+    \vspace{1em}
+    \begin{minipage}{0.27\textwidth}
+        \includegraphics[scale=0.4]{pictures/firstcti-hastag.png}
+    \end{minipage}
+    \begin{minipage}{0.6\textwidth}
+        {\large greatly helps in that aspect!}
+    \end{minipage}
+\end{frame}
+
+\begin{frame}
+\frametitle{Issues we're trying to solve}
+    \begin{itemize}
+        \item {Technical issues}
+        \begin{itemize}
+            \item Centralised identity management 
+            \item Loads of UUIDs to manually process
+            \item Distribution list management is difficult across communities
+        \end{itemize}
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=1.0\linewidth]{pictures/org-circl.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Issues we're trying to solve with Cerebrate}
+    \begin{itemize}
+        \item Constituencies of organisations
+        \begin{itemize}
+            \item Geographic \& sectorial
+            \item But also technical: CIDR blocks \& AS Numbers
+        \end{itemize}
+        \vspace{0.5em}
+        \item Cryptographic key lookup for information signing
+        \begin{itemize}
+            \item MISP's protected event feature
+            \item Future: Protected Sharing groups? 
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Issues we're trying to solve with Cerebrate}
+    \begin{itemize}
+        \item Customisable data model adaptable to each community
+        \begin{itemize}
+            \item Communities with an existing registry want to build on their data-set, rather than rebuild
+            \item Different types of concerns for different communtiies
+            \item Based on the sheer amount of different types of communities, \textbf{it's a must}
+        \end{itemize}
+        \item Sharing group management
+        \item Synchronisation and lookup system
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Our attempt at solving them: Cerebrate}
+    \begin{itemize}
+        \item Open source community management and orchestration tool
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=0.15\linewidth]{pictures/logo.png}
+        \linebreak
+        \includegraphics[width=0.99\linewidth]{pictures/cerebrate-github.png}
+    \end{center}
+    \begin{itemize}
+        \item Central tool for the \textbf{Melicertes 2 project} (Co-funded by the EU as a CEF project - SMART 2018/1024)
+        \item Rich \textbf{Contact Database}
+        \item Tightly coupled management system and companion for MISP (and other tools)
+        \begin{itemize}
+            \item Get in touch with us if you need help building integrations!
+        \end{itemize}
+        \item Planned as the primary MISP \textbf{fleet management} tool
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Goals and design}
+    \begin{itemize}
+        \item Goals: Simplicity, lightweight and open-source
+        \item Technologies used: PHP, cakephp4, BS5, ...
+            \begin{itemize}
+                \item (almost) the same as in MISP for easier \textbf{maintainability} and \textbf{code re-use}
+            \end{itemize}
+        \item IAM centric design
+            \begin{itemize}
+                \item Tightly integrated with Keycloak
+            \end{itemize}
+        \item Core functionalities: Auditing, API
+            \begin{itemize}
+                \item Strong auditing/traceability capabilities are a requirement for trust
+                \item Automation is key
+            \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Goals and design}
+    \begin{itemize}
+        \item Built with tool integration in mind, acting as a contact database
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=0.85\linewidth]{pictures/misp-cerebrate.png}\\
+
+        MISP is able to ingest Organisations \& Sharing Groups in Cerebrate
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's place in a typical CSIRT software stack}
+    \begin{center}
+        \includegraphics[width=0.42\linewidth]{pictures/software-stack.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database}
+    \begin{itemize}
+        \item Contact database for the CSIRT network
+        \begin{itemize}
+            \item Common contact fields such as \texttt{UUID}, \texttt{name}, \texttt{contact email address}, \texttt{nationality}, \texttt{URL}, ...
+        \end{itemize}
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=0.8\linewidth]{pictures/contact-database-1.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database}
+    \begin{center}
+        \includegraphics[width=0.99\linewidth]{pictures/contact-database-2.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database: Meta-fields}
+    \begin{itemize}
+        \item Flexible system to store additional information: \texttt{meta-fields} (KV-store)
+        \item These \texttt{meta-fields} are part of a larger structure called \texttt{meta-templates}
+        \item Support of multiple templates used by various entities out there
+        \begin{itemize}
+            \item FIRST Directory
+            \item ENISA CSIRT inventory
+            \item CSIRT Constituency (CIDR blocks, AS Numbers, ...)
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database: Meta-fields}
+\begin{center}
+    \includegraphics[width=0.99\linewidth]{pictures/meta-fields-first.png}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database: Meta-fields}
+\begin{center}
+    \includegraphics[width=0.99\linewidth]{pictures/meta-templates-first.png}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Cerebrate's contact database: Meta-fields}
+\begin{center}
+    \includegraphics[width=0.99\linewidth]{pictures/meta-template-repo.png}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Data sharing}
+Basically the same strategy as the one used in MISP:
+    \begin{itemize}
+        \item \textbf{Connect} with other Cerebrate nodes
+        \item \textbf{Diagnose} connectivity issues
+        \item Remotely \textbf{browse} data of the other node
+        \item \textbf{Fetch and save} organisation, individual, sharing-group data
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Managing local tools}
+Why would Cerebrate have integration with other tools?
+    \begin{itemize}
+        \item To support information sharing, being able to validate information sources is crucial
+        \item Traditional information sharing software stacks have to have their own organisation database
+        \item Why re-invent the wheel everytime?
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=0.2\linewidth]{pictures/software-stack.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Managing local tools}
+There will inevitably be integration between local tools and Cerebrate. Why not go a step further?
+    \begin{itemize}
+        \item Cerebrate exposes a modular system to {\bf manage these local tools}
+        \item Based on a configuration file, user interfaces can be created to visualise data and instruct local tools to perform operations
+    \end{itemize}
+    \begin{center}
+        \includegraphics[width=1.0\linewidth]{pictures/github-local-tool.png}
+    \end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Local tools: MISP Connector capabilities}
+    \begin{itemize}
+        \item \textbf{Configure} a MISP instances via server settings
+        \item \textbf{Fetch} Organisations \& Sharing Groups
+        \item \textbf{Diagnose} other connected MISP servers
+        \item \textbf{Manage} users, ...
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Local tool interconnection via Cerebrate}
+    \begin{itemize}
+        \item Cerebrate's main goal is to \textbf{ease community management}
+        \item Select which local tools are meant to be exposed to the community for requests
+        \item Open dialogues to community members to request tool-to-tool interconnections
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Local tool interconnection via Cerebrate}
+    Cerebrate can leverage its access to local tool to reach out to tools from other Cerebrate nodes
+    \begin{center}
+        \includegraphics[width=0.85\linewidth]{pictures/tools-made-available.png}
+    \end{center}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{What else does Cerebrate have?}
+    \begin{itemize}
+        \item Mailing list management
+        \item ACL system
+        \item Inbox system
+        \begin{itemize}
+            \item Inter-connection requests, enrolment requests
+        \end{itemize}
+        \item Tagging
+        \item Update system
+        \item Audit logs
+        \item Open API
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{DEMO TIME}
+    \begin{itemize}
+        \item ContactDB (Orgs, Individuals)
+        \item Metafields
+        \item User management (keycloak integration)
+        \item Groups / self management
+        \item Sharing groups
+        \item Sync
+        \item Local tools / topology / sync
+        \item Management
+        \item Auditing
+        \item Open API
+    \end{itemize}
+\end{frame}
+
+
+
+\begin{frame}
+\frametitle{Current roadmap}
+    \begin{itemize}
+        \item Data signing / validation
+        \begin{itemize}
+            \item Community centric PKI
+            \item Enable data validation services for tools such as MISP
+        \end{itemize}
+        \item Integration with other tools
+        \begin{itemize}
+            \item Ticketing systems
+            \item Tighter Mailing list integration (Mailman)
+            \item Messaging App (Mattermost)
+        \end{itemize}
+    \end{itemize}
+\end{frame}

2023-10-05-FIRST-Automation-SIG/pictures/firstcon22.svg

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 24.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Camada_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 432.9 56.7" style="enable-background:new 0 0 432.9 56.7;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#FF8000;}
+	.st1{fill-rule:evenodd;clip-rule:evenodd;fill:#FF8000;}
+	.st2{fill-rule:evenodd;clip-rule:evenodd;fill:#FFFFFF;}
+	.st3{fill:#FFFFFF;stroke:#FFFFFF;stroke-width:0.2191;stroke-miterlimit:10;}
+</style>
+<g>
+	<path class="st0" d="M356.1,19.4c1.7-11,10.4-19,21.5-19c10.4,0,16.1,7.9,14.5,18c-1.6,10.3-10.2,19-18.3,25.5l0.1,0.1
+		c2.5-0.1,5.1-0.5,7.6-0.5h6.1l-2,12.7h-37.8l17.5-19.3c4.9-5.5,11.5-12.4,12.6-19.4c0.4-2.1-0.1-4.9-2.6-4.9
+		c-3.2,0-4.3,4.4-4.7,6.7l-0.3,2h-14.3L356.1,19.4z"/>
+	<path class="st0" d="M396.7,19.4c1.7-11,10.4-19,21.5-19c10.4,0,16.1,7.9,14.5,18c-1.6,10.3-10.2,19-18.3,25.5l0.1,0.1
+		c2.5-0.1,5.1-0.5,7.6-0.5h6.1l-2,12.7h-37.8l17.5-19.3c4.9-5.5,11.5-12.4,12.6-19.4c0.4-2.1-0.1-4.9-2.6-4.9
+		c-3.2,0-4.3,4.4-4.7,6.7l-0.3,2h-14.3L396.7,19.4z"/>
+	<g>
+		<path class="st0" d="M37.8,39.9h-8.4L24,56.7h-7.2l5.3-16.8h-7L9.7,56.7H2.2l5.4-16.8H0l1.5-8.6h9l2.4-7.2H5.1l1.5-8.6h9L20.6,0
+			h7.2l-5,15.5h7.1l5-15.5h7.5l-5.1,15.5h6.9l-1.5,8.6h-8.2l-2.2,7.2h7L37.8,39.9z M20.1,24.1l-2.2,7.2H25l2.2-7.2H20.1z"/>
+	</g>
+	<g>
+		<g>
+			<polygon class="st1" points="104.8,0.5 103,11.6 87.6,11.6 89.4,0.5 			"/>
+			<polygon class="st2" points="86.5,22.2 81.2,55.6 96.2,55.6 101.4,22.2 			"/>
+			<path class="st2" d="M154.7,22.2c0.2,1.9,0.7,3.4,1.6,4.9c1.5,2.6,3.7,4.8,6.3,7c0.8,0.7,1.6,1.3,2.1,2.1
+				c0.6,0.8,0.9,1.8,0.7,3.1c-0.4,2.4-2.9,3.7-5,3.7c-3.8,0-6.9-3.1-8.5-6.1l-2.7,17.2c3.3,1.5,7,2.3,10.8,2.3
+				c10.4,0,18.8-8.2,20.5-18.4c0.7-4.2,0.2-7.1-1.2-9.6c-1.2-2.3-3.1-4.1-5.6-6.2H154.7z"/>
+			<polygon class="st2" points="186.8,55.6 201.8,55.6 207,22.2 192.2,22.2 			"/>
+			<path class="st2" d="M174.4,0.5c-9.3,0-14.9,5.2-17.7,11.1h60.7l1.8-11.1C219.1,0.5,177.8,0.5,174.4,0.5z"/>
+			<path class="st2" d="M147.6,11.7C146.2,3,138.5,0.5,128,0.5h-14.4l-1.8,11.1L147.6,11.7z"/>
+			<path class="st2" d="M146.7,22.2h-15.1h-6.4h-15L105,55.6h14.9l2.4-14.8c0.4-2.7,0.7-5.4,1.1-8.1l0.2-0.1l4.6,23h16.1l-7.4-23
+				C141.9,30.7,145.1,26.8,146.7,22.2z"/>
+			<g>
+				<polygon class="st2" points="79.7,11.6 81.6,0.5 55.2,0.5 47,55.6 60.9,55.6 62.1,55.6 65.4,34.5 75.5,34.5 77.3,22.2 
+					67.4,22.2 69,11.6 				"/>
+			</g>
+		</g>
+		<g>
+			<path class="st3" d="M251.9,11.5c-0.9-0.6-3-1.3-5.4-1.3c-3.8,0-6.9,2-9.3,5c-4.1,5.2-6.7,14.2-6.7,20.9c0,6.4,2.3,10.5,7.7,10.5
+				c2.8,0,5.5-0.9,6.9-1.6l1.1,8.4c-2.6,1.8-7,3.1-11.9,3.1c-11.6,0-16.9-8.7-16.9-19.6c0-10.3,4.3-22.6,11.9-29.5
+				c4.2-3.9,9.7-6.3,15.9-6.3c4.8,0,8.9,1.3,11,3.1L251.9,11.5z"/>
+			<path class="st3" d="M289.5,46.8c-4.4,5.9-10.6,9.7-19.1,9.7c-11.4,0-16.8-7.7-16.8-18.9c0-8.8,3.3-19.8,8.4-26.7
+				c4.5-5.9,10.8-9.8,19-9.8c11.8,0,16.6,7.9,16.6,18.5C297.7,28.3,294.6,39.8,289.5,46.8z M280,9.5c-3.9,0-6.6,3.4-8.8,8.1
+				c-2.5,5.2-5.2,15.8-5.2,21.8c0,4.5,1.4,7.7,5.6,7.7c4,0,6.7-3.4,8.8-8.2c2.4-5.5,4.9-15.9,4.9-21.7C285.4,12.8,284.1,9.5,280,9.5
+				z"/>
+			<path class="st3" d="M339.9,55.7h-9.3l-11.7-30.2c-1.1-2.8-1.8-5.6-1.8-5.6h-0.2c0,0-0.3,2.9-0.9,5.9l-6.2,29.9h-10.6l11.1-53.8
+				h10.8l10.9,27.5c1.1,2.7,1.8,5.2,1.8,5.2h0.2c0,0,0.2-2.6,0.9-5.4l5.6-27.4H351L339.9,55.7z"/>
+		</g>
+	</g>
+</g>
+</svg>

2023-10-05-FIRST-Automation-SIG/slide.tex

@@ -0,0 +1,22 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+%\definecolor{main}{RGB}{83, 31, 117}
+%\definecolor{textcolor}{RGB}{0, 0, 0}
+%\definecolor{background}{RGB}{215, 212, 227}
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+
+\author{Team CIRCL}
+\title{Community Management and Tool Orchestration the Open-source Way via Cerebrate}
+\institute{Cerebrate Project}
+\titlegraphic{\includegraphics[scale=0.15]{pictures/logo.png}\linebreak\includegraphics[scale=0.16]{pictures/firstcti22.png}}
+\date{FIRST CTI 2022 - Berlin}
+
+\begin{document}
+\include{content}
+\end{document}
+