BruCON 0x0E has ended
Back To Schedule
Friday, September 30 • 16:00 - 17:00
In Curation We Trust: Generating Contextual & Actionable Threat Intelligence

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Just like many organizations, we are ingesting Threat Intelligence from a number of different sources. Very frequently however, we notice that the data received is lacking context or generates a lot of false positives (which in turn causes alert fatigue). In this talk we would like to demonstrate how we achieved to get around this problem by setting up a MISP ecosystem backed by a number of automation scripts and processes that support us in the curation and contextualization of individual events.

This dedicated MISP ecosystem consists of multiple MISP instance and ZeroMQ scripts. In conjunction with the extensive use of the MISP tagging features and workflow procedures, we were able to set up a curation process that not only saves us a lot of time, but also provides a clean feed of directly actionable threat intelligence. A happy side effect of this setup was that it allowed us to instill a full TI feedback loop between the SOC, Incident response team and our malware analysts.

Attendees will learn how we at NVISO have set up a functional MISP architecture and operational curation process. The attendees will then be able to duplicate this setup in their own organization to ensure an optimal threat intelligence feedback loop and workflow.

avatar for Michel Coene

Michel Coene

Michel is a senior manager at NVISO where he is responsible for the Incident Response and Threat Intelligence services. As an incident responder, Michel has been (and still is) involved in large scale incidents and forensic investigations. Additionally, Michel is a certified instructor... Read More →
avatar for Robert Nixon

Robert Nixon

Robert Nixon is a seasoned cybersecurity veteran with more than 13 years of experience in the realm of information technology and cybersecurity. He currently leads the Cyber Threat Intelligence services at NVISO as a part of the larger CSIRT Team. He specializes in Cyber Threat Intelligence... Read More →

Friday September 30, 2022 16:00 - 17:00 CEST
01. Gouden Carolus