Virtual MISP Summit 0x06

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
14:00
14:00
30min
MISP - What happened the past year? and what's next
Andras Iklody

MISP - What happened the past year? and what's next

MISP Summit 2021 - YouTube streaming
14:30
14:30
30min
Cerebrate v1.0 - the open source orchestrator for security tools
Andras Iklody

Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP).

MISP Summit 2021 - YouTube streaming
15:00
15:00
10min
MISP + WHIDS = <3
Quentin JEROME

WHIDS is an open-source EDR under active development. Some integrations between this tool and MISP were already done in the past. However, some new ones have not yet been introduced to the community. This talk will make a status update on all the integrations between WHIDS and MISP, with a special focus on the latest ones.

MISP Summit 2021 - YouTube streaming
15:15
15:30
15:30
10min
Curating CTI for an MDR service
Koen Van Impe, Bart

The NVISO Managed Detect & Respond service uses threat intelligence that is curated by our CTI team. This session highlights the reason for the curation, the curation procedure and the tools that are used.

MISP Summit 2021 - YouTube streaming
15:45
15:45
10min
MISP on Law Enforcement for organizing cybercrime information
Ivo de Carvalho Peixinho, Rodrigo Alves de Carvalho

We will present our experience in using MISP in a Law Enforcement Agency. We created a way to organize all cyber information produced by different branches (forensics, intelligence, investigation, malware, etc) and constructed knowledge on top of that. We created a backend to automatically submit information which is then available to all officers using MISP web interface or a Maltego Connector.

Using this solution we already have some success cases, where we found correlations between different cases and organized malware investigations using galaxies.

MISP Summit 2021 - YouTube streaming
16:00
16:00
10min
OpenCTI.BR: MISP as Country-Wide Communitary Threat Intelligence Database
Bruno Guerreiro

We would like to present OpenCTI.BR. A Open Source and Communitary effort from Brazilian pro's to Brazilian Cyber Ecosystem. The heart of OpenCTI.BR platform is MISP software integrated to other tools, exporting and importing threat information from partners and community.

MISP Summit 2021 - YouTube streaming
16:15
16:15
10min
MISP for Multi-Tenancy SOC Operations
Bruno Guerreiro

This talk intends to share the architecture and best practices for integrating MISP, SOAR and multiple SIEMs instances and vendors for a MDR "Auto IOC Detection" capabilities, Incident Handling Enrichment and Vulnerability Prioritization.

MISP Summit 2021 - YouTube streaming
16:30
17:00
17:00
10min
Enable and Enhance Threat Intel Capabilities for Your Sharing Community
JJ Josing

Leveraging open-source threat intel automation helps cybersecurity teams to improve analysis, enrichment, and enhance overall capabilities without breaking the bank. RH-ISAC’s intelligence team is working hard so that you don’t have to! Come learn about our community MISP initiative, a recently launched, Python-based, threat intel automation tool, PyOTI, and how these tools will interact. Topics include RH-ISAC’s cloud-based MISP architecture and best practices for use, along with how PyOTI strengthens your experience using a custom tagging taxonomy that will enhance context and confidence of vetted indicators within MISP.

MISP Summit 2021 - YouTube streaming
17:15
17:15
10min
MISP integration in Lookyloo
Raphaël Vinot

MISP being the standard for information sharing, it simply make sense to not reinvent the wheel (one more time), and make it possible to hook Lookyloo to an existing MISP instance. The integration goes both ways: you can lookup indicators from the capture you made on Lookyloo and look at MISP events but also push a Lookyloo capture to a MISP instance to share it with your community.

MISP Summit 2021 - YouTube streaming
17:30
17:30
10min
Getting a pcap from a MISP event
Sebastien Tricaud

We created an opensource tool called pcraft to help generating pcaps. Simulation is a well known technique which can be used to defeat the adversary and train your teams.

MISP Summit 2021 - YouTube streaming
17:45
17:45
10min
Integrating MISP with Security Onion
Matthew Gracie and Wes Lambert

In this brief presentation, we'll discuss how network defenders can consume threat intel from MISP and use it within Security Onion to alert on and hunt for IOCs, as well as track adversaries across a variety of data sources.

MISP Summit 2021 - YouTube streaming
18:00
18:00
10min
Integrating MISP with Velociraptor
Matthew Gracie and Wes Lambert

In this discussion we'll cover how MISP can be leveraged in conjunction with the open source Velociraptor endpoint visibility platform for realtime alerting of indicator matches on endpoints, as well ad-hoc lookups and enrichment of artifact result sets.

MISP Summit 2021 - YouTube streaming
18:15
18:15
10min
Improving DFIR analysis with hashlookup - MISP module integration
Alexandre Dulaunoy

Digital forensics is a critical field in information security and especially incident response. Providing intelligence about known set of files is crucial to avoid wasting efforts while conducting digital investigations. hashlookup.circl.lu provides a public and best-effort service to lookup known hashes and find out if this has been seen in existing software distribution. A hashlookup MISP module is available providing a smooth and simple integration with analysts using MISP.

MISP Summit 2021 - YouTube streaming
18:30
18:30
10min
MISPing up the pyramid of pain
David Thejl-Clayton

Indicators decay over time, so why are we so satisfied with the current stare of affairs. Lets begin to move up the pyramid of pain and use MISP to share so much more than that!

In this talk we will look at how MISP + Sigma = profit, and how sharing detections and automating them into your SIEM tool is the new black.

MISP Summit 2021 - YouTube streaming
18:45
18:45
10min
MISP for pre-incident baselines
Eireann Leverett

We use a variety of third party tools to risk assess our client base. We store the data in MISP and use it to manage a portfolio of pre-incident consituents. Then, when an incident happens, we can quickly gather data on the constituent that makes our incident response partners lives easier.

MISP Summit 2021 - YouTube streaming