MISP/CIRCLSteve Clement is a security engineer at the Computer Incident Response Center Luxembourg since its inception in 2008. Experienced in the security of Unix systems like Linux or OpenBSD, his passions turn around sharing knowledge with the information security community at large. Steve follows international developments in cyber strategies, cyber governance developments as well as the awareness raised around threat information sharing in a globalized context. During the past years he has helped manage countless private sector incidents and supported cyber crime victims with Team CIRCL and solidified his conviction that a key element in an efficient information technology strategy is an efficient indicator of compromise (IoC) sharing scheme. Further on Steve is a strong advocate for Free and Open Source Soft-/Hard-ware in a world with fewer intellectual boundaries. With over 20 years of experience in the field of technologies, start-ups and hacking his interests have centred around threat sharing communities and efficient threat intelligence sharing in general. Together with a varied team of experts at CIRCL he is looking forward to having unified and standardized mechanisms of a technical and non-technical nature, to ease the information security data exchange via flexible but viable standards
TUTORIAL: MISP Training - Threat Intelligence - Extension and API hands-onAusCERT18_MISP_ThreatSharingPlatform_SteveClement_MichaelHamm
The MISP training will demonstrate how the platform functions; explain how to share, comment and contribute data, and describe the future developments. This part of the training focuses on the extension aspects of MISP including API, ZMQ or even contributing in the core software. The audience intended for this training are the analysts with some software engineering experience who are willing to expand MISP to suit their integration or extension requirements.
The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform. This is an opportunity for the users to meet the developers and exchange about potential improvements or use-cases using MISP as a threat-intelligence platform.
MISP - Threat Sharing Platform: A platform for sharing, storing and correlating Indicators of Compromises of targeted attacksMalware Information Sharing Platform (MISP) allows organizations to share information about malware and their indicators. MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection. Some objective of the CIRCL MISP - Threat Sharing Platform are:
- Facilitate the storage of technical and non-technical information about seen malware and attack
- Create automatically relations between malware and their attributes
- Store data in a structured format (allowing automated use of the database to feed detection systems or forensic tools)
- Share malware and threat attributes with other parties and trust-groups
- Improve malware detection and reversing to promote information exchange among organizations (e.g. avoiding duplicate works)
- Create a platform of trust - trusted information from trusted partners