IOCs are dead, long live the IOCs!
2019-10-24, 10:30–12:00, Fischbach

Finding information is not a problem, what you do with it is up to you!

Nowadays sharing Indicator of compromise (IOCs) are common, look at the Misp project for example.

At the big data era, having just an indicator like and IP address is not enough and in many cases as useful as a key of a treasure chest without any map. What really matter today is metadata: data about data.


In this workshop, you will discovered IntelMQ, which is open source project for collecting and processing security feeds but not only.

With no prior knowledge, you will explore the different possibilities offered by this tool and you will start to gather feeds and improve them for fitting your needs.

In a nutshell, IntelMQ help you to collect, clean, enrich, normalize and store the data.