MISP Kickstart provides a comprehensive introduction to the popular Open Source Threat Intelligence and Sharing Platform, “MISP”, with lab scenarios closely based on real-world use cases.
Outcomes
- Facilitated by two of Australia’s foremost CTI experts, this course will establish a foundational understanding of the practical applications of the MISP Threat Intelligence Platform.
- Participants will follow lab scenarios based on real-world use cases, including setting up a local MISP instance, configuring an organisation and users, and creating events and information based on the threat profile of an organisation and its industry vertical.
- Participants will gain an understanding of the common use cases for MISP, learn how to set up and manage sharing communities, select relevant threat feeds (and also ones to avoid!) and how to utilise automation workflows.
- This isn’t just another dry “RTFM” walkthrough. Participants will be challenged by an engaging lab scenario that mimics real world use cases and CTI sharing scenarios.
- Alongside the good, this course also covers the bad and the ugly.
- Upgrades don’t always go to plan, databases randomly fall over, events can duplicate seemingly on their own. We provide guidance on how to troubleshoot and fix these issues as they arise.
- By the end of the course you’ll have a working instance of MISP, and will be able to export events so that if you decide to run MISP in production you won’t need to do the work again. This course will equip participants with the knowledge and skills to set up MISP to meet their own personal or organisational requirements and understand how to effectively leverage the world’s most popular open source threat intelligence platform.
Outline
- Module 1 – Introduction
- Module 2 – Setting up Your Own MISP Instance
- Module 3 – MISP in Action
- Module 4 – Threat Data Ingestion
- Module 5 – Threat Data Analysis
- Module 6 – Threat Data Sharing
- Module 7 – Automation with MISP
- Module 8 – Course Review & Q&A
Benefits
- Gain proficiency in MISP setup and configuration.
- Enhance your threat intelligence analysis skills.
- Streamline threat detection and response with MISP.
- Understand the importance of threat sharing in today’s cybersecurity landscape.
- Access a supportive network of professionals in the field.
Who should attend
MISP Kickstart training class is designed to benefit a wide range of individuals interested in cybersecurity and threat intelligence sharing including;
- SOC analysts and personnel who monitor and respond to security incidents can use MISP to improve their threat detection and response capabilities.
- Personnel in law enforcement and government agencies dealing with cybersecurity and threat intelligence can leverage MISP for threat sharing.
- Researchers exploring cybersecurity threats and vulnerabilities can use MISP to aggregate, analyse, and share threat intelligence.
- System or network administrators interested in understanding how to set up and maintain a MISP instance for their organisation.
Participants will need
In order to complete this course, participants will require the following:
- A laptop on which they have administrative privileges to install software, download software and information.
- Have at least 50GB of free hard drive space and be able to allocate 4GB of RAM to a virtual machine.
- Be familiar with working on the command line.