Utilizing MISP into your Incident reponse plan
2019-10-21, 14:20–14:40, Hollenfels

Based on working with multiple intrusions the one thing that often fails in larger organisations is the
Containment and Eradication part. It is often hard to coordinate a joint containment plan that will work across multiple platforms, systems and customer combined with change management and get all of these parts tied together and implemented within a time periode of less than 30 minutes.

The talk will cover how the usage of MISP can assist in the part of the Incident reponse process allowing the IR team to be much more in control on both large and minor incidents with in the parts of Detection & analysis and Containment and Eradication.


The presentation will cover the technical aspects on how to implement the MISP data into the infrastructure and what it will give to organizations to allow the SOC or security team to be "feed" providers to their own organisation.