MISP Project @MISPProject@mastodon.opencloud.lu

Update On MISP - Alex Dulaunoy @adulau @MITREattack
https://youtu.be/oL8jmH1f7M8 

Importing preventive measures from @MISPProject in @MONARCproject with MOSP
https://youtu.be/_Wvfb64oQp0  and getting back the galaxy from MOSP
https://youtu.be/j5PZHjwu6Jg 

Our #AWS images have also been updated to 2.4.119! Grab the AMI identifiers from the project page:
https://github.com/MISP/misp-cloud 

Get up and running with MISP in less than 1 minute! Demo:
https://www.youtube.com/watch?v=o_sQXNmsSHY …
https://twitter.com/MISPProject/status/1202657899455139840 …

MISP 2.4.119 has been released with many improvements in the API, a security fix for CVE-2019-19379 and various changes. New MISP expansion, import and export modules were introduced. #ThreatIntel #CTI #CyberSecurity
https://www.misp-project.org/2019/12/04/MISP.2.4.119.released …pic.twitter.com/9A0mz8kEz7

We have a new MISP galaxy with Surveillance Vendors for vendors selling specific CNE tools. Thanks to @deltalimasierra for the initial version. Don't hesitate to contribute. #CTI #ThreatIntel

https://www.misp-project.org/galaxy.html#_surveillance_vendor …pic.twitter.com/PmZkuhzOd8

Always with our friends @MISPProjectpic.twitter.com/VBmv1kvQZG

check out our open source Zeek malware hunting tools at
https://dovehawk.io  that power the @cancyberorg foundation using @MISPProject and @Zeekurity #threatintel #pdns #netflow realtime hunting and dns/flow analyticspic.twitter.com/Xljo4i4r3K

We have a new galaxy and object to express dark patterns in MISP. A good example of using MISP to model and share new threats targeting users.
Thanks to @gallypette (@circl_lu) and @b0rce (@uni_lu)
https://www.misp-project.org/galaxy.html#_dark_patterns …pic.twitter.com/URHrF1Maei

That’s why we have @MISPProject @secin_lu

Thanks to @ostefano from @lastlineinc for the new MISP modules to support Lastline as import, export and expansion service.
https://misp.github.io/misp-modules/expansion/#lastline_query …

We have an ongoing MISP User Experience Survey together with the @uni_lu (@b0rce) - Don't hesitate to participate, it will help us to improve the UX experience of MISP. @circl_lu
https://www.misp-project.org/ux-survey 

Have you already signed up for the first BelgoMISP Meeting 0x01 meeting on 13-Dec?
https://github.com/cudeso/misp-usergroups/blob/master/meetings/belgomisp_0x01.md …
https://www.meetup.com/BelgoMISP/events/266284763/ …

Submitted a talk on threat hunting with @MISPProject and @Zeekurity #TheSAS2020
http://dovehawk.io  @cancyberorg
https://twitter.com/thesascon/status/1200838945715695619 …

This week, we hosted a workshop for the #ENFORCEproject with @ceis_strat and @circl_lu. Our @hns_platform #CyberRange was providing a virtual infrastructure with multiple @MISPProject, @d4_project and AIL framework instances. #LawEnforcement #DFIR #ThreatIntel #DGHome

Some objects from @MONARCproject available in #MOSP (
https://github.com/CASES-LU/MOSP ) can now be exported to a @MISPProject galaxy. A work in progress but already working for some kind of objects used in MONARC.pic.twitter.com/pRtgyYS4Ai

Want to see CALDERA and a hacker attack in your environment. Watch the Monster light up like a Christmas tree. It's Free @TheHive_Project @patrowl_io @MITREattack @MISPProject @OpenDistroForES @BlackHatUK Sound uppic.twitter.com/fuHID5bm4b

MISP integrates @MITREattack and you can generate time-based statistics of the matrix for finding the most common used techniques and their evolution. Not sure if the author of the article tested or used the functionality.

If you want to play with your matrix statistics https://<YOURMISP>/users/statistics/galaxyMatrix and just append .json if you want the machine-readable version. It works with all the matrix-like galaxies from @MITREattack and all the others.pic.twitter.com/XaGOj5lcOp

New MISP expansion modules added to support the submission to AssemblyLine - http://misp.github.io/misp-modules/expansion/#assemblyline_submit … https://bitbucket.org/cse-assemblyline/ … done by @chrisred_68 from @circl_lu during the #GeekWeek organised by @cybercentre_capic.twitter.com/MUIvrLSqIz

Another expansion module is available in MISP to query back AssemblyLine and parse the submission - https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/expansion/assemblyline_query.py …https://twitter.com/MISPProject/status/1199032889754767361 …