Intro to MISP | Demo of the MISP virtual machine
Вставка
- Опубліковано 26 лип 2024
- What is MISP threat intelligence sharing platform, and how can you play with the threat intelligence feeds? This short demo shows you how to access the default data feeds provided by the CIRCL virtual machine.
While MISP's greatest strength is to automate your network defences to block and filter known threats, it is also an incredibly useful database for threat research and incident response analysis.
In future videos, I will show you how to use other features, but this is a brief introduction.
4:18 Start of the demo
Links in video:
www.circl.lu/services/misp-tr...
Link to VM:
www.circl.lu/misp-images/latest/
----
HEFESTIS: www.hefestis.ac.uk/
----
Follow Me Online Here:
LinkedIn: / schroederjordan
Jordan's site: jordanmschroeder.wordpress.com
----
Check out my Cyber Security books:
"Advanced Persistent Training" amzn.to/3aeG7gU
"Cask Strength Security Non-Compliance: Four Ways to Respond When Someone Breaches Cybersecurity Policy" amzn.to/2XKal8W
----
CPE entry (CSV):
Link, Type, Title, Presenter, Year Published, Domain, Length
• Intro to MISP | Demo o... , video/webinar, Intro to MISP, Jordan M Schroeder, 2020, Security Operations, 9:00 - Наука та технологія
I have just started to use MISP today. This video was very helpful. I think I will be trying to learn this tool for weeks
I'm glad it was helpful!
Thank you for intro demo Jordan. Very useful and helpful. I will be setting up a VM to explore more soon.
Great to hear!
Hi Jordan, my 1st time here. I cant wait to dig into the rest of your content. I was 2 mins in the video and already subscribed and "hit" the bell. Thank you awesome content.
Awesome! Thank you!
This helped me a lot - just to get started! Thank you!
Glad it helped!
High Quality Content--- thank you
Glad you enjoyed it
PLEASE CREATE MORE MSIP STUFF! both INDEPTH and HIGH LEVEL. take your time. i have subscribed!
Thanks so much for the feedback. I do have more things coming. Look for a Cisco SecureX + MISP integration!
@@JordanMSchroeder Do you have an ETA for this. Would be extremely interested :) Thanks mate.
Thanks Jordan. This is great info.
Glad it was helpful!
Thank you Jordan, excelent "how to".
You are welcome! I am setting up my next videos. Is there anything you want me to cover?
@@JordanMSchroeder Would love to hear about integrating STIX & TAXII feeds into MISP.
Amazing video
Thanks!
great jordan
I'm glad you liked it!
ty very helpfull did you have some video to help to import json file from ex spidefoot torbot etc ?
Hey, thanks for the video. Does this have capabilities such as configuring keywords and alerting upon them each time they are found? I have this very simple use case whereby I have a list of 200 org names. I need to be notified of any data breaches and cyber incidents relating to those 200 organisations.
Is the achievable easily through this platform?
You can use the tagging function to tag those organisations when your instance receives them. Then you have some options on what to do with tagged events. MISP is not a robust workflow engine, but you could use the API to send those events to another alerting system, or assign those events to an "alerting user" that is configured with an email of your choice.
Thank you for this! Can you create a video how to sync 2 instance MISP?
Yes, soon
Jordan, In the current MISP version, feeds can create and event, be cached, or both. Is there a best practice on which to use? How do you schedule updates to these feeds?
Cache the feeds to have all the features enabled, including correlations. There is also a task scheduler in the Admin section. Set the "fetch_feeds" task hourly frequency to anything above 0.
@@JordanMSchroeder Have you played with Cortex for doing the enrichments instead of going direct?
@dansmart nope - not yet!
Dear Jordan, could you please help me with the below questions, thank you
1.Once we deploy MISP as a stand-alone, Where to link MISP to monitor alerts? SIEM/SOAR or EDR , LDAP , AWS or any other? (In other words: If I deploy MISP in server, how does it look for threats in our environment, what logs does it to need to check, what should I link MISP to AWS? LDAP? Any other? To check all the machines)
2.Do MISP gather information from various OSINT tools and compare the risk/threat in our environment ?
No, it is not a threat-hunting platform. You can inject the IOCs collected by MISP in your environment using SOAR tools or similar. MISP becomes your central database for these IOCs from various sources.
good
Thanks
Any links to getting this up and running in vmware? misp site lacking in documentation.
You just open with VMWare, like any other virtual machine.
@@JordanMSchroeder Hi Jordan. can MISP be downloaded on Mac? I can't seem to find the GUI VM for virtualbox.
Can you make video on MISP to Azure sentinel Integration with diagram
If I had access to a Sentinel environment, I might!
Thank you for the great videos. Let's say if we have an unknown phishing link, how can we check whether the link is legit or not using MISP?
You can only know if the link has been identified by others as suspicious. MISP doesn't investigate the link. And to check the history, you use the search function. If you want to check to see if the link is malicious, you will need to use something like VirusTotal or a malware sandbox, like cuckoo.ee
@@JordanMSchroeder Thank you for the insights. I have used docker to install the MISP and is running on localhost. If I upload malicious activity as an event in the MISP, will others see my event?
I am not able to get events, sir