Christian Studer
[CIRCL.LU ]
Christian Studer joined CIRCL in 2017 after he graduated with a Masters in Computer Science.
During his master thesis at CIRCL he unveiled his capacity to lead existing CIRCL software such as the Potiron framework. He is mainly working on MISP, contributing to the core development and leading the STIX implementation of the project.
He is also developing and maintaining many MISP modules.
MISP - THREAT SHARING & NEW FEATURES
Technical Level (3 being the highest score): 2
MISP is a threat intelligence sharing platform, aiming to assist in gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
However, MISP is not only a piece of software, but rather a broad project including many additional elements, such as an intelligence and knowledge base of vocabulary libraries (MISP galaxies, taxonomies, ...) as well as its own open standards.
With its ecosystem, MISP aims at providing a standardised way of sharing information and to improve the sharing process, as well as promoting contextualisation (as context is what makes the data shared actionable).
Flexibility is also important in order to avoid restraining users from sharing their data. By making integration with other tools straight forward, this gap is rather easy to overcome.
Those are the key concepts we will try to illustrate among the presentation of the different features MISP has to offer.
Session details:
The presentation will start with a brief introduction of the platform and the ecosystem around it, to then focus on some of the recent new features and how they can support your analysts and tools.
By providing examples and demos, we will also show how you can easily make use of the several automation mechanisms available in MISP in order to turn data into actionable intelligence.
What will attendees learn ?
The main takeaways are the following:
- An introduction to explain (or remind users) what MISP is
- An overview of the changes and new features since our last presentation at AusCERT
- Examples and demos providing hints about how to filter out data to make use of it
During his master thesis at CIRCL he unveiled his capacity to lead existing CIRCL software such as the Potiron framework. He is mainly working on MISP, contributing to the core development and leading the STIX implementation of the project.
He is also developing and maintaining many MISP modules.
MISP - THREAT SHARING & NEW FEATURES
Technical Level (3 being the highest score): 2
MISP is a threat intelligence sharing platform, aiming to assist in gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
However, MISP is not only a piece of software, but rather a broad project including many additional elements, such as an intelligence and knowledge base of vocabulary libraries (MISP galaxies, taxonomies, ...) as well as its own open standards.
With its ecosystem, MISP aims at providing a standardised way of sharing information and to improve the sharing process, as well as promoting contextualisation (as context is what makes the data shared actionable).
Flexibility is also important in order to avoid restraining users from sharing their data. By making integration with other tools straight forward, this gap is rather easy to overcome.
Those are the key concepts we will try to illustrate among the presentation of the different features MISP has to offer.
Session details:
The presentation will start with a brief introduction of the platform and the ecosystem around it, to then focus on some of the recent new features and how they can support your analysts and tools.
By providing examples and demos, we will also show how you can easily make use of the several automation mechanisms available in MISP in order to turn data into actionable intelligence.
What will attendees learn ?
The main takeaways are the following:
- An introduction to explain (or remind users) what MISP is
- An overview of the changes and new features since our last presentation at AusCERT
- Examples and demos providing hints about how to filter out data to make use of it
