MISP/CIRCLMichael Hamm has worked for more than 10 years as Ingenieur-Security in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research center “Henry Tudor” in Luxembourg. Since 2010, Michael has worked as an operator at CIRCL – Computer Incident Response Center Luxembourg where he is working on forensic examinations, incident response and analysis.
TUTORIAL: MISP Training - Threat Intelligence - Extension and API hands-onAusCERT18_MISP_ThreatSharingPlatform_SteveClement_MichaelHamm
The MISP training will demonstrate how the platform functions; explain how to share, comment and contribute data, and describe the future developments. This part of the training focuses on the extension aspects of MISP including API, ZMQ or even contributing in the core software. The audience intended for this training are the analysts with some software engineering experience who are willing to expand MISP to suit their integration or extension requirements.
The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform. This is an opportunity for the users to meet the developers and exchange about potential improvements or use-cases using MISP as a threat-intelligence platform.
MISP - Threat Sharing Platform: A platform for sharing, storing and correlating Indicators of Compromises of targeted attacksMalware Information Sharing Platform (MISP) allows organizations to share information about malware and their indicators. MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection. Some objective of the CIRCL MISP - Threat Sharing Platform are:
- Facilitate the storage of technical and non-technical information about seen malware and attack
- Create automatically relations between malware and their attributes
- Store data in a structured format (allowing automated use of the database to feed detection systems or forensic tools)
- Share malware and threat attributes with other parties and trust-groups
- Improve malware detection and reversing to promote information exchange among organizations (e.g. avoiding duplicate works)
- Create a platform of trust - trusted information from trusted partners