MISP Summit 04
On Monday 15 October 2018 from 14:00 to 18:00 (the day before hack.lu), the 4th MISP(Malware Information Sharing Platform & Threat Sharing ) threat intelligence summit will take place.
MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises from attacks and cyber security threats. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, but also to use a threat intelligence platform to support analysts, knowledge base and sharing of information.
The objective of the summit is openly discuss about the current usage of MISP, the future developments and the integration with the overall security ecosystems.
The MISP Summit will take place from 14:00 to 19:00, Monday 15 October 2018.
|Time||Talks and Speakers|
|14:00||Central Intelligence Vetting Platform - Routing threat intelligence centrally (Raphael Otto, George Sedky)|
|14:25||IoC generation from tweet texts (Fernando Alves)|
|14:50||Building a Security Ecosystem with MISP and McAfee (Martin Ohl)|
|15:15||MISP Project - One Year of Improvements (info)|
|15:45||MISP Project (info)|
|16:10||misp42splunk (Rémi Séguy)|
|16:20||TrendMicro - How to integrate MISP with local APT detection systems - Olivier Bertrand|
|16:40||From Twitter to MISP: A way to catch and qualify IOCs (Sebastien Larinier), Ambroise Terrier|
|17:20||Master of Clusters (Andrea Garavaglia)|
|17:40||Cruising Ocean Threat Without Sinking Using TheHive, Cortex & MISP (Saâd Kadhi)|
|18:00||Logistical Budget: Can we quantitatively compare APTs with MISP (Eireann Leverett, Bruce Stenning)|
|18:20||Enrichment and Quality IoC Creation from OSINT - Rui Azevedo|
|18:40||MISP Project future|
Call For Papers for the MISP threat intelligence submit is closed and we welcomed all contributions to gather use cases, best practices, new developments, creative approaches in threat intelligence and especially users of the MISP platform.
Central Intelligence Vetting Platform - Routing threat intelligence centrally
We created a software named Central Intelligence Vetting Platform which aims to help intelligence analysts to vet and route threat intelligence data centrally, across multiple distributed MISP instances.
by Raphael Otto and George Sedky
IoC generation from tweet texts
This talk describes how to create Indicators of Compromise from tweets. The IoCs are further enriched using a Named Entity Recognizer to select relevant elements from the tweet text.
by Fernando Alves
Cruising Ocean Threat Without Sinking Using TheHive, Cortex & MISP
TheHive, Cortex and MISP is highly integrated, free, open source stack used by many teams to perform CTI & DFIR related activities. In this talk we’ll cover old & new features to demonstrate the power of the trio.
by Saâd Kadhi
misp42splunk app connects MISP and Splunk. The app is designed to be easy to install, set up and maintain using the Splunk GUI without editing directly files. You can use as many MISP instances as you like; one being defined at setup time to be the default instance.
The main use cases are:
MISP to SPLUNK: get MISP event attributes into Splunk search pipeline: | mispgetioc params | …. see MISP for SPLUNK: 2 Splunk alert actions are available to directly create events or increment attribute sighting in a MISP instance.
BONUS: You can also create Splunk alert action to create The Hive alerts
by Rémi Séguy
Logistical Budget: Can we quantitatively compare APTs with MISP
Non technical people want to know if Energetic Bear is more of a threat than Cleaver. They don’t have the skill to judge, and they do so by newspaper reports. Can we do better?
by Eireann Leverett and Bruce Stenning
From Twitter to MISP: A way to catch and qualify IOCs
We present our project to collect IOCs on Twitter to MISP and how to create a community to share tools, to qualify IOCs and share the data.
by Sebastien Larinier and Ambroise Terrier
Building a Security Ecosystem with MISP and McAfee
This session will examine a reference architecture that enables automated threat hunting and incident response using OpenDXL and the MISP Threat Intelligence Platforms.
by Martin Ohl
Master of Clusters
An approach to malware clustering using an integration of MISP, cuckoo, Malpedia.
Enrichment and Quality IoC Creation from OSINT
In this presentation we propose an approach to generate threat intelligence of quality based on collected OSINT feeds that can later be used in defensive infrastructures, such as IDSs and SIEMs. The approach was implemented in a platform using MISP and assessed with 34 OSINT feeds. The platform was able to create enriched IoCs that allowed identification of cyber-attacks previously not possible by analyzing the IoCs individually.
by Rui Azevedo
The MISP summit will take place at Parc Hotel, Luxembourg.
Everyone interested (developers, contributors, users and future users) in the MISP platform is welcome.
The access to the MISP Summit is free. You just need to register online (it’s only the access to the MISP summit).