Practical Incident Response, With Automation and Collaboration Inside
2019-10-24, 13:15–16:15, Hollenfels

Investigating cyberattacks is now the norm, instead of the exception. The threat landscape keeps changing at a worrying pace while security analysts have to deal with growing complexity, learn new technologies and continuously adapt to rapidly evolving IT environments.

To ease up their burden and enable them to give the best out of themselves in order to fulfil their important mission, while avoiding the so-called analyst fatigue, they should not be asked to master copying and pasting between different tools and interfaces to get their job done. They should not be asked to follow procedures without clearly understanding them and contributing into their improvement.

Humans have brains, even if the deafening speeches about artificial intelligence and machine learning would want us to believe otherwise. It’s more than time to place humans back at the centre and offer them solutions that get out of their way yet support them in their incident response journey, to learn, adapt, and collaborate at every stage. We are social animals after all, aren’t we?

This is exactly what MISP Project and TheHive Project are all about, providing not only free, open source products to sustain the daily activities of blue teams around the globe, but products that actually work and integrate with one another to cover the full spectrum of incident response, ranging from detection to recovery and cyber threat intelligence production and sharing.

So come join us for three hours of practical incident response where automation and collaboration play a paramount role, using MISP, the de facto standard for threat sharing, TheHive, a Security Incident Response Platform and Cortex, a powerful analysis and active response engine.


This workshop will take you through a journey where we’ll cover the six steps of incident response coated with CTI-related activities to investigate a real world incident, leveraging automation and collaboration whenever applicable.

After a brief introduction to MISP, TheHive and Cortex, we’ll dive in the preparation steps to not only set up correctly the tools but establish a proper team organisation, create workflows and get ready for trouble as trouble will come just afterwards, as in the movies. Indeed, now that a threat has just materialised, what are you going to do? And how you would bring out the social animal in you to collaborate with fellow defenders in the room?

The clock is ticking and the fun is on!