MISP Project @MISPProject@mastodon.opencloud.lu

The Spear phishing Attack analytics with Threat Intel Platform. Thanks @MISPProject for the new insight for the Incident Response.
https://twitter.com/MISPProject/status/1219287233825591296 …

@MISPProject Timeline feature will help with understanding and contextualising events. Well done!
https://twitter.com/MISPProject/status/1219287226581950465 …

We have been busy during holidays and the next release (for tomorrow) will include a new timeline feature in MISP. All attributes and objects can now have a first_seen and last_seen. A convenient timeline editor/viewer is now included to see all activities based on time.pic.twitter.com/uVukhfY4LD

A nice example of spear phishing attempts on a MISP event displayed on the new timeline visualisation. #ThreatIntelpic.twitter.com/OHDcqy3kE8

Want to create your own custom threat feed to enrich your security data in @elastic? Check out this post on using the @MISPProject API + Python and Memecached. #secops #blueteam #automation
https://www.securitydistractions.com/2019/05/17/enriching-elasticsearch-with-threat-data-part-1-misp/ …

"A one-sided Affair: Japan and the People's Republic of China in Cyberspace Hotspot Analysis" by @iiyonite

https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf … #ThreatIntelligence

We are glad to see analysts using MISP threat-actor knowledge base to do further research. Based on such research, we are then able to improve the MISP threat-actor list.
https://github.com/MISP/misp-galaxy/commit/8eeceafc515814d2214862e6f95a6a5c42e3f2cb …pic.twitter.com/gT8dd8EAC1

My code got merged!!! I am officially a contributor to the @MISPProject!!! @th3_jiv3r and I will hopefully be sharing some more of our custom integrations. I am so happy to contribute to such an awesome open source tool! #100DaysOfCode #infosec #opensource #python
https://twitter.com/rafi0t/status/1218531086319390720 …

Our network telemetry engine VAST supports full correlation between PCAP, NetFlow, @zeekurity, and @Suricata_IDS. High-volume ingestion plus fast data extraction. Built for SecOps and SOCs where performance matters. Coming soon: line-rate IoC matching and @MISPProject support.

We setup a mirror of the MISP git repositories for the users and organisations who would like (or need) to download from Europe.

https://www.misp-project.org/license/#export-control …

https://eugit.opencloud.lu/MISP  Thanks to @Vecchi_Paolo for hosting the mirror at
http://opencloud.lu 

it's merged! @turtlefac3 and i are now contributors to the PyMISP project! looking forward to adding more of our custom @MISPProject integrations! #opensource #threatintel

Day:14 I got my Go program to get the response from my get request to the VAP Proofpoint API. I am going to start writing it in Python now so @th3_jiv3r and me can contribute more to the @MISPProject. The code will send parsed json to MISP. #100DaysOfCode @proofpoint

IOC's now added to write up, but
full iocs in @MISPProject event here:
https://github.com/Hestat/intel-sharing/tree/master/trickbot-01-13-20 …

MISP trainings the 18th and 19th February in Luxembourg (@C3_Luxembourg) by @circl_lu Don't wait to register and join us. #ThreatIntel

https://www.misp-project.org/events/#current-misp-trainings …pic.twitter.com/AKjJ46Bev6

How can #SOC analysts operationalize threat intelligence at scale? Learn about the @MISPProject community-based approach to consuming, collecting and sharing #threatintel in this @DarkReading article by Sebastian @Tricaud of Devo.
https://hubs.ly/H0myQ7s0 

Contact me if you want to try out (beta) ATT&CK - #MISP in #Maltego using remote transforms. No local python install needed. #threatintel #cti #osint #intelligence @MITREattack @MISPProject

We created specific data models in the open source @MISPProject to support the sharing of dark patterns. If you see additional patterns or extension, let us know.
https://www.misp-project.org/galaxy.html#_dark_patterns … cc @gallypette

A good paper about "Cyber Threat Information Sharing: Perceived Benefits and Barriers" my only disagreement is to add "free riding" as a barrier in information sharing. It's not, it means that the information shared is gathered & used to improve security at large. #ThreatIntelpic.twitter.com/6yhPvFI1Bb

misp-modules are regularly expanding with new modules and we are glad to see vendors having a very good documentation about MISP integration with their services such as the
https://macaddress.io/api/integrations/MISP-module …
http://macaddress.io  documentation for the MISP modules.
http://misp.github.io/misp-modules/expansion/ …pic.twitter.com/jdOwZnzAsr

A new decaying model has been added in @MISPProject for the vishing/scam phone numbers. MISP has a flexible model system library for expiring/decaying indicators/attributes. You can easily contribute additional models to support your usage. #DFIR #CTI

https://github.com/MISP/misp-decaying-models …pic.twitter.com/wKIzW1VnZu