Compare commits
7 Commits
5ac63759ac
...
7e400a88bd
Author | SHA1 | Date |
---|---|---|
Sami Mokaddem | 7e400a88bd | |
Alexandre Dulaunoy | aac0f1d9e0 | |
Sami Mokaddem | 8ca666384f | |
iglocska | e3555b6f8c | |
Sami Mokaddem | 3d63e98202 | |
Sami Mokaddem | d7f022728c | |
Sami Mokaddem | 71aa64bafa |
|
@ -5,172 +5,510 @@
|
|||
\titlepage
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{This session is meant to answer the following}
|
||||
\begin{itemize}
|
||||
\item (Re-)introduce Cerebrate
|
||||
\item Brief summary over the tasks it is meant to accomplish
|
||||
\item Cerebrate 1.0 release
|
||||
\item Why should MISP users care?
|
||||
\item Where are we headed?
|
||||
\item Demo time!
|
||||
\end{itemize}
|
||||
\frametitle{Who are we ?}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.3\linewidth]{pictures/circl.png}
|
||||
\end{center}
|
||||
\begin{itemize}
|
||||
\item The Computer Incident Response Center Luxembourg (CIRCL)
|
||||
\item CIRCL is the CERT for the private sector, communes and non-governmental entities in Luxembourg
|
||||
\item CIRCL leads the development of the open-source MISP threat intelligence platform
|
||||
\begin{itemize}
|
||||
\item As well as running multiple large MISP communities performain active daily threat-intelligence sharing
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What is Cerebrate?}
|
||||
\begin{itemize}
|
||||
\item Open source {\bf community management and orchestration} tool
|
||||
\item Central tool for the Melicertes 2 project (Co-funded by the EU as a CEF project)
|
||||
\begin{itemize}
|
||||
\item Project for the CSIRT network building a common set of tools and services for the national CSIRTs
|
||||
\end{itemize}
|
||||
\item Tight integration with various open-source tools
|
||||
\item Planned as the primary MISP management tool
|
||||
\item Test bed for the new tech stack and a host of new features coming to MISP
|
||||
\end{itemize}
|
||||
\frametitle{MeliCERTes II: a quick recap of the morning session}
|
||||
\begin{itemize}
|
||||
\item MeliCERTes
|
||||
\item Common tooling for CSIRTs
|
||||
\item Cerebrate a central component of the new tooling
|
||||
\item Takes care of:
|
||||
\begin{itemize}
|
||||
\item Contact management
|
||||
\item orchestration
|
||||
\item Sharing group distribution and management
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Selfish motivations from a MISP perspective}
|
||||
\begin{itemize}
|
||||
\item {\bf Deficiencies} in our current tool chain
|
||||
\frametitle{Some stats about one of our MISP instance: MISPPriv (1)}
|
||||
\includegraphics[width=0.45\linewidth]{pictures/misppriv-usage.png}
|
||||
\includegraphics[width=0.45\linewidth]{pictures/misppriv-user-org-stats.png}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Some stats about one of our MISP instance: MISPPriv (2)}
|
||||
\begin{center}
|
||||
\includegraphics[width=1.1\linewidth]{pictures/bokeh_new_org.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Issues we're trying to solve}
|
||||
Rising number of communities is great!
|
||||
\begin{itemize}
|
||||
\item \textbf{Bridge the gap} between between communities
|
||||
\item Sharing with peers that face \textbf{similar threats}
|
||||
\item \textbf{Reuse} of TTPs across sectors
|
||||
\item \textbf{Hybrid threats} How seemingly unrelated things may be interesting to correlate
|
||||
\item \textbf{Spread the love}, as our field is ahead of several other sectors when it comes to information sharing
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Issues we're trying to solve}
|
||||
However, broader and more diverse communities lead to more issues
|
||||
\begin{itemize}
|
||||
\item {Non-technical issues}
|
||||
\begin{itemize}
|
||||
\item Sharing difficulties in terms of social interactions (e.g trust)
|
||||
\begin{itemize}
|
||||
\item Do I really have to jump through hoops and long e-mail chains to {\bf onboard new members}?
|
||||
\item How do I {\bf find trusted information} on who an organisation is in MISP?
|
||||
\item How can I {\bf manage a large cluster of MISPs} without tedious manual labour?
|
||||
\item If I run a community through MISP, how can I reuse my member information for other community tasks such as mailing lists?
|
||||
\item Information signing has been on the MISP roadmap for a long time - where do we get ground truths for a community from?
|
||||
\item \includegraphics[width=80px]{pictures/firstcon-22.png} greatly helps in that aspect!
|
||||
\end{itemize}
|
||||
\item Lots of points of contacts
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
|
||||
\begin{itemize}
|
||||
\item {Technical issues}
|
||||
\begin{itemize}
|
||||
\item Centralised identity management
|
||||
\item Data might change or evolve over time
|
||||
\item Loads of UUIDs to manually process
|
||||
\item Distribution list management is difficult across communities
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.8\linewidth]{pictures/org-circl.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Issues we're trying to solve with Cerebrate}
|
||||
\begin{minipage}{0.8\textwidth}
|
||||
\begin{itemize}
|
||||
\item Constituencies of organisations
|
||||
\begin{itemize}
|
||||
\item Geographic \& sectorial
|
||||
\item But also technical: CIDR blocks \& AS Numbers
|
||||
\end{itemize}
|
||||
\item Cryptographic key lookup for information signing
|
||||
\begin{itemize}
|
||||
\item MISP's protected event feature (New since MISP v2.4.156)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{minipage}
|
||||
\begin{minipage}{0.19\textwidth}
|
||||
% \includegraphics[width=0.8\linewidth]{pictures/clippy-hint.png}
|
||||
\end{minipage}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What issues is it trying to tackle?}
|
||||
\begin{itemize}
|
||||
\item Community management
|
||||
\begin{itemize}
|
||||
\item {\bf Repository} of organisations and individuals
|
||||
\item Management of {\bf sharing groups}
|
||||
\item {\bf Exchange} of contact and sharing group information
|
||||
\item Cryptographic key lookup for {\bf information signing}
|
||||
\end{itemize}
|
||||
\item Local tool management
|
||||
\begin{itemize}
|
||||
\item Instrumentation of {\bf local tool interconnections}
|
||||
\item Local tool {\bf fleet management}
|
||||
\item {\bf Feeding} the local tools with Cerebrate data
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\frametitle{Issues we're trying to solve with Cerebrate}
|
||||
\begin{minipage}{0.8\textwidth}
|
||||
\begin{itemize}
|
||||
\item Constituencies of organisations
|
||||
\begin{itemize}
|
||||
\item Geographic \& sectorial
|
||||
\item But also technical: CIDR blocks \& AS Numbers
|
||||
\end{itemize}
|
||||
\item Cryptographic key lookup for information signing
|
||||
\begin{itemize}
|
||||
\item MISP's protected event feature (New since MISP v2.4.156)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{minipage}
|
||||
\begin{minipage}{0.19\textwidth}
|
||||
\includegraphics[width=0.8\linewidth]{pictures/clippy-hint.png}
|
||||
\end{minipage}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Issues we're trying to solve with Cerebrate}
|
||||
\begin{itemize}
|
||||
\item Customisable data model adaptable to each community
|
||||
\begin{itemize}
|
||||
\item Based on the sheer amount of different types of communities, \textbf{it's a must}
|
||||
\end{itemize}
|
||||
\item Sharing group management
|
||||
\item Synchronisation and lookup system
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Interconnections}
|
||||
\frametitle{Our attempt at solving them: Cerebrate}
|
||||
\begin{itemize}
|
||||
\item Open source community management and orchestration tool
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[scale=0.4]{objectives.png}
|
||||
\includegraphics[width=0.15\linewidth]{pictures/logo.png}
|
||||
\linebreak
|
||||
\includegraphics[width=0.99\linewidth]{pictures/cerebrate-github.png}
|
||||
\end{center}
|
||||
\begin{itemize}
|
||||
\item Central tool for the \textbf{Melicertes 2 project} (Co-funded by the EU as a CEF project - SMART 2018/1024)
|
||||
\item Rich \textbf{Contact Database}
|
||||
\item Tightly coupled management system and companion for MISP (and other tools)
|
||||
\begin{itemize}
|
||||
\item Get in touch with us if you need help building integrations!
|
||||
\end{itemize}
|
||||
\item Planned as the primary MISP \textbf{fleet management} tool
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Goals and design}
|
||||
\begin{itemize}
|
||||
\item Goals: Simplicity, lightweight and open-source
|
||||
\item Technologies used: PHP, cakephp4, BS5, ...
|
||||
\begin{itemize}
|
||||
\item (almost) the same as in MISP for easier \textbf{maintainability} and \textbf{code re-use}
|
||||
\end{itemize}
|
||||
\item IAM centric design
|
||||
\begin{itemize}
|
||||
\item Tightly integrated with Keycloak
|
||||
\end{itemize}
|
||||
\item Core functionalities: Auditing, API
|
||||
\begin{itemize}
|
||||
\item Any changes should be easily accessible to counter errors or foul plays
|
||||
\item From our perspective, automation and integration is essential and should be as easy as possible
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Goals and design}
|
||||
\begin{itemize}
|
||||
\item Built with tool integration in mind, acting as a contact database
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.85\linewidth]{pictures/misp-cerebrate.png}\\
|
||||
|
||||
MISP is able to look up Organisations \& Sharing Group in Cerebrate
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate 1.0 release}
|
||||
\begin{itemize}
|
||||
\item {\bf Released} as October 23
|
||||
\item Initial version has the {\bf essential functionalities} to get going included
|
||||
\item We highly encourage everyone to {\bf get involved} ASAP and help us mold the tool
|
||||
\item {\bf Easy to set up}, low requirements (native or docker installs available)
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate 1.0 features}
|
||||
\begin{itemize}
|
||||
\item {\bf Contact database} \- information on organisations and individuals
|
||||
\item {\bf Public key store} for information validation and secure communications
|
||||
\item Centralised {\bf sharing group management}
|
||||
\item Cerebrate to Cerebrate {\bf synchronisation}
|
||||
\item Local integration {\bf module system}
|
||||
\item Currently with a {\bf MISP module} included
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate 1.0 features}
|
||||
\begin{itemize}
|
||||
\item Cerebrate to Cerebrate {\bf local tool interconnection}
|
||||
\item Local tool {\bf fleet management} features
|
||||
\item {\bf Ingestion tools} for community specific {\bf contact database mappings}
|
||||
\begin{itemize}
|
||||
currently supporting ENISA's and FIRST.org's mappings
|
||||
\end{itemize}
|
||||
\item Tight integration with {\bf Keycloak} (optional)
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP to MISP connection request}
|
||||
\includegraphics[scale=0.3]{connection_request.png}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP to MISP connection request}
|
||||
\frametitle{Cerebrate's place in a typical CSIRT software stack}
|
||||
\begin{center}
|
||||
\includegraphics[scale=0.28]{connection_request2.png}
|
||||
\includegraphics[width=0.42\linewidth]{pictures/software-stack.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Further tangible benefits for MISP}
|
||||
\begin{itemize}
|
||||
\item MISP's software stack could use a refresher
|
||||
\item Cerebrate and MISP share a large part of their code-base and supporting libraries
|
||||
\item The similarities in many aspects are no co-incidence
|
||||
\item We use Cerebrate to prepare the tooling and gradually shift the MISP code-base to a new stack
|
||||
\item CRUD functionalities, UI generation, ACL, API handling are all modernised MISP libraries
|
||||
\end{itemize}
|
||||
\frametitle{Cerebrate's contact database}
|
||||
\begin{itemize}
|
||||
\item Contact database for the CSIRT network
|
||||
\begin{itemize}
|
||||
\item Common contact fields such as \texttt{UUID}, \texttt{name}, \texttt{contact email address}, \texttt{nationality}, \texttt{URL}, ...
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.8\linewidth]{pictures/contact-database-1.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{So what will this give MISP once we port it to Cerebrate's codebase?}
|
||||
\begin{itemize}
|
||||
\item {\bf Modern stack} (CakePHP 4.x, PHP7.4/8+, Bootstrap 5)
|
||||
\item Better {\bf performance} (in large part due to CakePHP 4.x's database handling improvements)
|
||||
\item Complete {\bf new}, modern, responsive, themeable {\bf UI}
|
||||
\item A chance to {\bf clean up} a host of {\bf mistakes} we've made over the years
|
||||
\item {\bf Reworked} internal {\bf database} (for example much improved indexing)
|
||||
\item A new upgrade and configuration system with a host of improvements
|
||||
\end{itemize}
|
||||
\frametitle{Cerebrate's contact database}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.99\linewidth]{pictures/contact-database-2.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate 1.1}
|
||||
\begin{itemize}
|
||||
\item Release is planned for {\bf next week}
|
||||
\item Main new features
|
||||
\begin{itemize}
|
||||
\item Reworked meta-field system (validation, filtering, etc)
|
||||
\item Audit system (port of Jakub Onderka's implementation from MISP)
|
||||
\item Mailing list management and instrumentation
|
||||
\item Improved organisation self-management
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\frametitle{Cerebrate's contact database: Meta-fields}
|
||||
\begin{itemize}
|
||||
\item Flexible system to store additional information: \texttt{meta-fields} (KV-store)
|
||||
\item These \texttt{meta-fields} are part of a larger structure called \texttt{meta-templates}
|
||||
\item Support of multiple templates used by various entities out there
|
||||
\begin{itemize}
|
||||
\item {\bf FIRST Directory}
|
||||
\item ENISA CSIRT inventory
|
||||
\item CSIRT Constituency (CIDR blocks, AS Numbers, ...)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What are we working on besides that?}
|
||||
\begin{itemize}
|
||||
\item Obviously moving MISP to the same feature-set / tech stack
|
||||
\item Further integrations with other tools
|
||||
\item Fleshing out the MISP monitoring and management
|
||||
\item Setting up trusted, community centric Cerebrate nodes
|
||||
\item Improving a long list of functionalities
|
||||
\end{itemize}
|
||||
\frametitle{Cerebrate's contact database: Meta-fields}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.99\linewidth]{pictures/meta-fields-first.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Enough blabla}
|
||||
\begin{itemize}
|
||||
\item {\bf Demo time!}
|
||||
\end{itemize}
|
||||
\frametitle{Cerebrate's contact database: Meta-fields}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.99\linewidth]{pictures/meta-templates-first.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Meta-fields}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.99\linewidth]{pictures/meta-template-repo.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Sharing group management}
|
||||
\begin{itemize}
|
||||
\item Easy way to \textbf{create} and \textbf{share} distribution lists
|
||||
\item Allow sharing groups to be \textbf{reusable}
|
||||
\item Circumvent limitations of traditional Threat Intelligence Sharing Platform
|
||||
\begin{itemize}
|
||||
\item The exchange of sharing groups on creation / modification rather than on data exchange
|
||||
\item Avoids the duplication of similar sharing groups
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Sharing group management}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.9\linewidth]{pictures/sharinggroup.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Identity and Signing}
|
||||
\begin{itemize}
|
||||
\item Cerebrate can act as a trusted contact database containing cryptographic keys (PGP, S/MIME)
|
||||
\item Which can be used by other application to sign and validate information
|
||||
\begin{itemize}
|
||||
\item See MISP's protected Event feature \includegraphics[width=0.09\linewidth]{pictures/clippy-solo.png}
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Identity and Signing}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.95\linewidth]{pictures/pgp.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Cerebrate's contact database: Open Directory}
|
||||
\begin{itemize}
|
||||
\item Cerebrate can be configured to act as an \textbf{open} directory of contact information
|
||||
\item Other tools (including other Cerebrate nodes) can use this directory
|
||||
\item Allows for information and information source validation
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.8\linewidth]{pictures/open-directory.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Data sharing}
|
||||
Basically the same strategy as the one used in MISP:
|
||||
\begin{itemize}
|
||||
\item \textbf{Connect} with other Cerebrate nodes
|
||||
\item \textbf{Diagnose} connectivity issues
|
||||
\item Remotely \textbf{browse} data of the other node
|
||||
\item \textbf{Fetch and save} organisation, individual, sharing-group data
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Data sharing}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.95\linewidth]{pictures/brood-index.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Data sharing}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.95\linewidth]{pictures/brood-view.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Data sharing: Synchronisation strategies}
|
||||
Two synchronisation strategies:
|
||||
\begin{enumerate}
|
||||
\item \textbf{Standard}: Only fetch and save new records
|
||||
\item \textbf{Trusted upstream source}: Remote Cerebrate acts as an authoritative instance
|
||||
\end{enumerate}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.7\linewidth]{pictures/brood-edit.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Managing local tools}
|
||||
Why would Cerebrate have integration with other tools?
|
||||
\begin{itemize}
|
||||
\item To support information sharing, being able to validate information sources is crucial
|
||||
\item Traditional information sharing software stacks have to have their own organisation database
|
||||
\item Why re-invent the wheel everytime?
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.2\linewidth]{pictures/software-stack.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Managing local tools}
|
||||
There will inevitably be integration between local tools and Cerebrate. Why not go a step further?
|
||||
\begin{itemize}
|
||||
\item Cerebrate exposes a modular system to manage these local tools
|
||||
\item Based on a configuration file, user interfaces can be created to visualise data and instruct local tools to perform operations
|
||||
\end{itemize}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.9\linewidth]{pictures/github-local-tool.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool: MISP Connector capabilities}
|
||||
\begin{itemize}
|
||||
\item \textbf{Configure} a MISP instances via server settings
|
||||
\item \textbf{Fetch} Organisations \& Sharing Groups
|
||||
\item \textbf{Diagnose} other connected MISP servers
|
||||
\item \textbf{Manage} users, ...
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool: MISP Connector capabilities}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.97\linewidth]{pictures/localtool-view.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool: MISP Connector capabilities}
|
||||
Why do one when we can do many?
|
||||
\begin{itemize}
|
||||
\item Cerebrate can connect to multiple tools via its associated connector
|
||||
\item Allowing local tool fleet management
|
||||
\begin{itemize}
|
||||
\item MISP fleet management!
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool: MISP Fleet management}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.97\linewidth]{pictures/localtools-index.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool interconnection via Cerebrate}
|
||||
\begin{itemize}
|
||||
\item Cerebrate's main goal is to \textbf{ease community management}
|
||||
\item Select which local tools are meant to be exposed to the community for requests
|
||||
\item Open dialogues to community members to request tool-to-tool interconnections
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool interconnection via Cerebrate}
|
||||
Cerebrate can leverage its access to local tool to reach out to tools from other Cerebrate nodes
|
||||
\begin{center}
|
||||
\includegraphics[width=0.85\linewidth]{pictures/tools-made-available.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool interconnection via Cerebrate}
|
||||
\begin{itemize}
|
||||
\item Local tools can be \textbf{exposed} to other Cerebrate nodes
|
||||
\item \textbf{Inter-connection requests} can be issued from one node to another
|
||||
\item Following a 3-way handshake protocol, inter-connections can be:
|
||||
\begin{itemize}
|
||||
\item Issued
|
||||
\item Accepted
|
||||
\item Finalised
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Local tool interconnection via Cerebrate}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.40\linewidth]{pictures/guys-chatting.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{MISP interconnection via Cerebrate}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.98\linewidth]{pictures/connection_request.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What else does Cerebrate have?}
|
||||
\begin{itemize}
|
||||
\item Mailing list management
|
||||
\item ACL system
|
||||
\item Inbox system
|
||||
\begin{itemize}
|
||||
\item Inter-connection requests, enrolment requests
|
||||
\end{itemize}
|
||||
\item Tagging
|
||||
\item Update system
|
||||
\item Audit logs
|
||||
\item Open API
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{What else does Cerebrate have?}
|
||||
Cerebrate has \colorbox{black!90}{\color{white}\texttt{dark theme}} and \textbf{{\color{blue!70}m}{\color{red!70}o}{\color{purple!90}r}{\color{orange!70}e}}!
|
||||
\linebreak
|
||||
\begin{center}
|
||||
\includegraphics[width=0.42\linewidth]{pictures/theme-1.png}
|
||||
\includegraphics[width=0.42\linewidth]{pictures/theme-2.png}
|
||||
\end{center}
|
||||
\begin{center}
|
||||
\includegraphics[width=0.42\linewidth]{pictures/theme-3.png}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Current roadmap}
|
||||
\begin{itemize}
|
||||
\item Data signing / validation
|
||||
\begin{itemize}
|
||||
\item Community centric PKI
|
||||
\item Enable data validation services for tools such as MISP
|
||||
\end{itemize}
|
||||
\item Integration with other tools
|
||||
\begin{itemize}
|
||||
\item Ticketing systems
|
||||
\item Tighter Mailing list integration (Mailman)
|
||||
\item Messaging App (Mattermost)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Thanks!}
|
||||
\begin{itemize}
|
||||
\item Want to integrate your tool with Cerebrate?
|
||||
\begin{itemize}
|
||||
\item[ ] $\rightarrow$ Get in touch!
|
||||
\end{itemize}
|
||||
\item Want to have a live demo?
|
||||
\begin{itemize}
|
||||
\item[ ] $\rightarrow$ Get in touch!
|
||||
\end{itemize}
|
||||
\item Want to suggest features or integrations?
|
||||
\begin{itemize}
|
||||
\item[ ] That's right $\rightarrow$ Get in touch!
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
After Width: | Height: | Size: 497 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 47 KiB |
After Width: | Height: | Size: 148 KiB |
After Width: | Height: | Size: 175 KiB |
After Width: | Height: | Size: 231 KiB |
After Width: | Height: | Size: 11 KiB |
After Width: | Height: | Size: 9.5 KiB |
After Width: | Height: | Size: 21 KiB |
After Width: | Height: | Size: 15 KiB |
After Width: | Height: | Size: 70 KiB |
After Width: | Height: | Size: 204 KiB |
After Width: | Height: | Size: 189 KiB |
After Width: | Height: | Size: 7.7 KiB |
After Width: | Height: | Size: 30 KiB |
|
@ -0,0 +1,52 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 24.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Camada_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 432.9 56.7" style="enable-background:new 0 0 432.9 56.7;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#FF8000;}
|
||||
.st1{fill-rule:evenodd;clip-rule:evenodd;fill:#FF8000;}
|
||||
.st2{fill-rule:evenodd;clip-rule:evenodd;fill:#FFFFFF;}
|
||||
.st3{fill:#FFFFFF;stroke:#FFFFFF;stroke-width:0.2191;stroke-miterlimit:10;}
|
||||
</style>
|
||||
<g>
|
||||
<path class="st0" d="M356.1,19.4c1.7-11,10.4-19,21.5-19c10.4,0,16.1,7.9,14.5,18c-1.6,10.3-10.2,19-18.3,25.5l0.1,0.1
|
||||
c2.5-0.1,5.1-0.5,7.6-0.5h6.1l-2,12.7h-37.8l17.5-19.3c4.9-5.5,11.5-12.4,12.6-19.4c0.4-2.1-0.1-4.9-2.6-4.9
|
||||
c-3.2,0-4.3,4.4-4.7,6.7l-0.3,2h-14.3L356.1,19.4z"/>
|
||||
<path class="st0" d="M396.7,19.4c1.7-11,10.4-19,21.5-19c10.4,0,16.1,7.9,14.5,18c-1.6,10.3-10.2,19-18.3,25.5l0.1,0.1
|
||||
c2.5-0.1,5.1-0.5,7.6-0.5h6.1l-2,12.7h-37.8l17.5-19.3c4.9-5.5,11.5-12.4,12.6-19.4c0.4-2.1-0.1-4.9-2.6-4.9
|
||||
c-3.2,0-4.3,4.4-4.7,6.7l-0.3,2h-14.3L396.7,19.4z"/>
|
||||
<g>
|
||||
<path class="st0" d="M37.8,39.9h-8.4L24,56.7h-7.2l5.3-16.8h-7L9.7,56.7H2.2l5.4-16.8H0l1.5-8.6h9l2.4-7.2H5.1l1.5-8.6h9L20.6,0
|
||||
h7.2l-5,15.5h7.1l5-15.5h7.5l-5.1,15.5h6.9l-1.5,8.6h-8.2l-2.2,7.2h7L37.8,39.9z M20.1,24.1l-2.2,7.2H25l2.2-7.2H20.1z"/>
|
||||
</g>
|
||||
<g>
|
||||
<g>
|
||||
<polygon class="st1" points="104.8,0.5 103,11.6 87.6,11.6 89.4,0.5 "/>
|
||||
<polygon class="st2" points="86.5,22.2 81.2,55.6 96.2,55.6 101.4,22.2 "/>
|
||||
<path class="st2" d="M154.7,22.2c0.2,1.9,0.7,3.4,1.6,4.9c1.5,2.6,3.7,4.8,6.3,7c0.8,0.7,1.6,1.3,2.1,2.1
|
||||
c0.6,0.8,0.9,1.8,0.7,3.1c-0.4,2.4-2.9,3.7-5,3.7c-3.8,0-6.9-3.1-8.5-6.1l-2.7,17.2c3.3,1.5,7,2.3,10.8,2.3
|
||||
c10.4,0,18.8-8.2,20.5-18.4c0.7-4.2,0.2-7.1-1.2-9.6c-1.2-2.3-3.1-4.1-5.6-6.2H154.7z"/>
|
||||
<polygon class="st2" points="186.8,55.6 201.8,55.6 207,22.2 192.2,22.2 "/>
|
||||
<path class="st2" d="M174.4,0.5c-9.3,0-14.9,5.2-17.7,11.1h60.7l1.8-11.1C219.1,0.5,177.8,0.5,174.4,0.5z"/>
|
||||
<path class="st2" d="M147.6,11.7C146.2,3,138.5,0.5,128,0.5h-14.4l-1.8,11.1L147.6,11.7z"/>
|
||||
<path class="st2" d="M146.7,22.2h-15.1h-6.4h-15L105,55.6h14.9l2.4-14.8c0.4-2.7,0.7-5.4,1.1-8.1l0.2-0.1l4.6,23h16.1l-7.4-23
|
||||
C141.9,30.7,145.1,26.8,146.7,22.2z"/>
|
||||
<g>
|
||||
<polygon class="st2" points="79.7,11.6 81.6,0.5 55.2,0.5 47,55.6 60.9,55.6 62.1,55.6 65.4,34.5 75.5,34.5 77.3,22.2
|
||||
67.4,22.2 69,11.6 "/>
|
||||
</g>
|
||||
</g>
|
||||
<g>
|
||||
<path class="st3" d="M251.9,11.5c-0.9-0.6-3-1.3-5.4-1.3c-3.8,0-6.9,2-9.3,5c-4.1,5.2-6.7,14.2-6.7,20.9c0,6.4,2.3,10.5,7.7,10.5
|
||||
c2.8,0,5.5-0.9,6.9-1.6l1.1,8.4c-2.6,1.8-7,3.1-11.9,3.1c-11.6,0-16.9-8.7-16.9-19.6c0-10.3,4.3-22.6,11.9-29.5
|
||||
c4.2-3.9,9.7-6.3,15.9-6.3c4.8,0,8.9,1.3,11,3.1L251.9,11.5z"/>
|
||||
<path class="st3" d="M289.5,46.8c-4.4,5.9-10.6,9.7-19.1,9.7c-11.4,0-16.8-7.7-16.8-18.9c0-8.8,3.3-19.8,8.4-26.7
|
||||
c4.5-5.9,10.8-9.8,19-9.8c11.8,0,16.6,7.9,16.6,18.5C297.7,28.3,294.6,39.8,289.5,46.8z M280,9.5c-3.9,0-6.6,3.4-8.8,8.1
|
||||
c-2.5,5.2-5.2,15.8-5.2,21.8c0,4.5,1.4,7.7,5.6,7.7c4,0,6.7-3.4,8.8-8.2c2.4-5.5,4.9-15.9,4.9-21.7C285.4,12.8,284.1,9.5,280,9.5
|
||||
z"/>
|
||||
<path class="st3" d="M339.9,55.7h-9.3l-11.7-30.2c-1.1-2.8-1.8-5.6-1.8-5.6h-0.2c0,0-0.3,2.9-0.9,5.9l-6.2,29.9h-10.6l11.1-53.8
|
||||
h10.8l10.9,27.5c1.1,2.7,1.8,5.2,1.8,5.2h0.2c0,0,0.2-2.6,0.9-5.4l5.6-27.4H351L339.9,55.7z"/>
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 3.4 KiB |
After Width: | Height: | Size: 60 KiB |
After Width: | Height: | Size: 512 KiB |
After Width: | Height: | Size: 202 KiB |
After Width: | Height: | Size: 160 KiB |
After Width: | Height: | Size: 154 KiB |
After Width: | Height: | Size: 66 KiB |
After Width: | Height: | Size: 121 KiB |
After Width: | Height: | Size: 90 KiB |
After Width: | Height: | Size: 154 KiB |
After Width: | Height: | Size: 186 KiB |
After Width: | Height: | Size: 49 KiB |
After Width: | Height: | Size: 46 KiB |
After Width: | Height: | Size: 143 KiB |
After Width: | Height: | Size: 48 KiB |
After Width: | Height: | Size: 530 KiB |
After Width: | Height: | Size: 177 KiB |
After Width: | Height: | Size: 70 KiB |
After Width: | Height: | Size: 152 KiB |
After Width: | Height: | Size: 146 KiB |
After Width: | Height: | Size: 152 KiB |
After Width: | Height: | Size: 141 KiB |
|
@ -14,7 +14,7 @@
|
|||
\title{Cerebrate}
|
||||
\subtitle{Community management and tool orchestration the open-source way}
|
||||
\institute{Cerebrate Project}
|
||||
\titlegraphic{\includegraphics[scale=0.2]{logo.png}}
|
||||
\titlegraphic{\includegraphics[scale=0.15]{pictures/logo.png}\linebreak\includegraphics[scale=0.6]{pictures/FIRSTCON22-Speaker-Horizontal.png}}
|
||||
\date{FIRSTCON22}
|
||||
|
||||
\begin{document}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Andras Iklody
|
||||
Andras Iklody \& Sami Mokaddem
|
||||
|
|