“Scaling Sighting” Sebastien Tricaud · Talk (20 minutes)

Sighting is the art of tracking when we have first/last seen an element and how many of them. They are voluminous, much larger than indicators. It is a key factor in an investigation to understand if something is new, old, common or unique. While trivial, they are hard to scale given to read/write …


“Visualizing MISP and ATT&CK data in Maltego” Christophe Vandeplas · Talk (20 minutes)

An introduction about data visualisation using the MISP-maltego transform.


“A Content-Based Recommendation System for Indicators of Compromise Life Cycle” Rocco Di Domenico · Talk (20 minutes)

In order to approach the hard problem of decaying of the indicators of compromise the idea is to use a content-based Recommendation System as a decision algorithm based on the IoC data model and its Taxonomy, together with feeds gathered by TheHive Cortex Analyzers and MISP.


“...And performance for All” Andrea Garavaglia · Talk (20 minutes)

After "Master of Cluster" presented last year, the new work is focused on how to improve the comparison speed between malware samples. The goal is to provide this feature as service through a web platform freely and available for all and also being inspirational as comparison engine for other platf…


“ElastiMISPStash - Threat data enrichment for the masses!” David Thejl-Clayton · Talk (20 minutes)

In todays cyber security world, SIEM vendors charge large amounts of money to enrich your logging information with the "latest" threat intelligence, which turns out is simply open source threat data. The purpose of this talk is to show how to put the SIEM vendors out of business.... No really... Co…


“Utilizing MISP into your Incident reponse plan” Dennis Rand · Talk (20 minutes)

Based on working with multiple intrusions the one thing that often fails in larger organisations is the
Containment and Eradication part. It is often hard to coordinate a joint containment plan that will work across multiple platforms, systems and customer combined with change management and get a…


“DGA-Detect: Using Machine Learning for Collaborative DGA Detection” Tammo Krueger · Talk (20 minutes)

Combining visit statistics from different sharing partners with domains from DGArchive we leverage machine learning to pre-filter suspicious domains for further annotation and correlation in a dedicated MISP instance. This open source stack allows us to pinpoint domains which are most likely genera…


“Threat Intelligence Contextualized Knowledge base” Jeroen Klaver, Leandro Velasco · Talk (20 minutes)

This talk describes our idea of a platform for handling threat intelligence from source to end user. This consist not only of actionable IOC's but also offensive knowledge and detection rules. In order to implement this idea, MISP is used as the central database for storing, exporting and querying…


“Discover how EclecticIQ Platform and MISP go together” Aleksandar Mancic, Peter Ferguson · Talk (20 minutes)

During this presentation EclecticIQ's Aleksander Mancic and Peter Ferguson will demonstrate how EclecticIQ Platform integrates with MISP. Attend and learn how:
* EclecticIQ Platform customers can be part of the MISP community * MISP intelligence can be made more actionable with EclecticIQ Platform …


“WHIDS integration with MISP” Quentin JEROME · Talk (20 minutes)

WHIDS is an Open Source EDR like tool currently under active development. During this presentation I will present the tool itself to the MISP community. Then I will introduce how we enhanced the detection capabilities of the tool by integrating it with MISP. The source code of the new release integ…


“Introducing HAMISPA - High Availability MISP in AWS” Tiago Faria · Talk (20 minutes)

What happens when you want to scale MISP? You end up with HAMISPA!

In this talk we'll cover how we developed a platform to be highly available and resilient, explaining how, and why, everything was put together to provide a collaboration platform for users all around the world using several of AWS …


“TheHive 4 and MISP: What's new?” Jérôme Leonard · Talk (20 minutes)

The next version of TheHive will add two major features: multi-tenancy and role based access control capabilities. It will also include brand new graph based data model. Users will be able to define multiple organisations in their instances.

This presentation will describe the impacts of these fea…


“Modeling adversary actions and defense with MISP” m3c4n1sm0, ONE · Talk (20 minutes)

Using MISP platform for modeling Adversary actions and how is adversary moving through environment, what actions are made and what alerts are triggered and which are not. Additional knowledge from these exercises are used for creating screenplays in active defense.


“A preliminary user experience evaluation of MISP (Work in Progress)” Borce Stojkovski · Talk (20 minutes)

MISP is an open source threat intelligence platform used by more than 6000 organizations worldwide, ranging from NATO to national CSIRTs and private sector actors. As a technically-advanced information sharing platform that caters for a diverse set of security information workers with distinct need…


“Dr. StrangeSTIX or: How I Learned to Stop Worrying and Love the MISP” Trey Darley · Talk (20 minutes)

This talk will focus on lessons learned during CERT.be's ongoing roll-out of a national MISP, embellished with musings on the history of CTI and the (perhaps quixotic) quest for open and interoperable standards for CTI exchange.


“MISP sync process (or How to make MISP sync 500x faster)” Richard van den Berg · Talk (20 minutes)

Overview of the MISP sync process including events, proposal and sightings. Explaining the recent optimisation to the blacklist organisation logic making MISP sync 500x faster.


“The new indicator scoring method introduced in MISP 2.4.116” Sami Mokaddem · Talk (20 minutes)

This talk aims to give a thorough introduction of a new functionality added in MISP 2.4.116, allowing users and organisations to easily expire information depending on their personalised objectives and targets.

MISP, being a distributed system, enables the sharing of data between various users and …


“MISP Project - One year of improvements” MISP Project · Talk (20 minutes)

An overall overview of the past year development in the MISP Project from new features, MISP-standard.org and new projects.


“MISP Project future” MISP Project · Talk (20 minutes)

What's next in the MISP Project?