Explore a conference talk that delves into the challenges of categorizing, storing, and operationalizing various sources of intelligence in enterprise environments. Learn about the design flaws in many intel platforms and the importance of correlating diverse data points like IP addresses, hostnames, file names, and TLS certificates into common events for effective threat intelligence. Discover the speaker's journey in finding a suitable platform to store a large malware configuration database, ultimately settling on MISP. Gain insights into shifting the paradigm from indicators to events as the starting point for threat intelligence work, emphasizing the significance of retaining, analyzing, and correlating the relationships between all observables in an attack. The talk is presented by John Bambenek, an experienced cybersecurity professional with extensive background in threat research, incident handling, and intelligence dataset production.
How I've Broken Every Threat Intel Platform and Settled on MISP
Overview
Syllabus
Hack.lu 2017 How I’ve Broken Every Threat Intel Platform I’ve Ever Had (And Settled on MISP)
Taught by
Cooper
Related Courses
-
Operationalizing Cyber Threat Intel: Pivoting & Hunting
-
MISP Updates - Hack.lu 2023
-
MISP Introduction and New Features - 2017 Summit
-
MISP New Features and Development Evolution - 2016 Summit
-
The New Indicator Scoring Method Introduced in MISP 2.4.116
-
Visualizing Threat Intelligence: MISP to Power BI Integration
