On March 22nd and 23rd, 2016, more than 70 security experts from Luxembourg, France, Belgium, Germany, the UK, North America and the Netherlands, gathered over two days to attend the practical MISP training given by CIRCL.
MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IoCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IoCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP becomes a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.
The training presented the platform in detail, its functionalities and demonstrated how to most benefit from sharing, commenting and contributing on the platform.
The first part gave a practical overview of MISP usage and how it could be used from a user perspective to support operational cybersecurity intelligence.
The MISP interfaces and API (Application Program Interface) were also presented, more precisely how to use and extend MISP to support your information security operational teams using programmatic interfaces.
The last part was all about the future of MISP and how to contribute to MISP not only as a developer but as an active contributor. The presenters showed PyMISP, the MISP modules, the taxonomy & tagging and the Viper MISP integration.
At the end of the training, all participants received a MISP level 1 completion certificate, which confirms they are now knowledgeable in information sharing about cybersecurity threats and have become a proficient MISP user and threat intelligence handler. Other trainings will follow shortly, targeting different needs, skills and levels.
The training material is now available here.