Cyber Security Operations
MISP is certainly intended to be used like this, however, with some creativity and some technical effort, the MISP Threat Intelligence Platform could be utilized as a missing person’s intelligence database.
In this post, I will discuss a methodology in using MISP as the Intelligence Platform, and more traditional applications such as Maltego (and some custom transforms) to collect, enrich, and manage your intelligence.
Read More “Using MISP in a TraceLabs Missing Persons engagement” »
As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data in to organisational threat data based on a fictitious business.
Part of the complication I am going to start facing, is how to how Elasticsearch and Kibana to find specific information for me from this live data set.
Previously I have indicated that a data set exists which was produced by the Canadian Institute for Cybersecurity, called IDS 2018, which contains Windows Event Logs and PCAP files relating to a set of simulated attacks generated for the purposes of teaching people how to hunt within similar datasets.
Here I will be discussing the deployment, configuration and interaction with this data set to achieve the outcome required.
Read More “Threat hunting with Elasticsearch and Kibana (Part 1)” »
