2 Days, $990 AUD

MISP Kickstart

MISP Kickstart provides a comprehensive introduction to the popular Open Source Threat Intelligence and Sharing Platform, "MISP", with lab scenarios closely based on real-world use cases.
Company
This is some text inside of a div block.
Category
This is some text inside of a div block.
Date
This is some text inside of a div block.
Website
Visit website

Gain MISP experience with lab scenarios that reflect real-world use cases.

Facilitated by two of Australia's foremost CTI experts, this course will establish a foundational understanding of the practical applications of the MISP Threat Intelligence Platform.

Participants will follow lab scenarios based on real-world use cases, including setting up a local MISP instance, configuring an organisation and users, and creating events and information based on the threat profile of an organisation and its industry vertical.

Participants will gain an understanding of the common use cases for MISP, learn how to set up and manage sharing communities, select relevant threat feeds (and also ones to avoid!) and how to utilise automation workflows.

This isn't just another dry "RTFM" walkthrough. Participants will be challenged by an engaging lab scenario that mimics real world use cases and CTI sharing scenarios.

Alongside the good, this course also covers the bad and the ugly.

Upgrades don’t always go to plan, databases randomly fall over, events can duplicate seemingly on their own. We provide guidance on how to troubleshoot and fix these issues as they arise.

By the end of the course you’ll have a working instance of MISP, and will be able to export events so that if you decide to run MISP in production you won’t need to do the work again. This course will equip participants with the knowledge and skills to set up MISP to meet their own personal or organisational requirements and understand how to effectively leverage the world's most popular open source threat intelligence platform.

Course outline

Module 1 - Introduction

By the end of Module 1, you'll have gained a comprehensive introduction to MISP. You'll understand its background, functions, and its role in Cyber Threat Intelligence (CTI) sharing. Additionally, you'll be primed on CTI sharing fundamentals. The module concludes with an overview of the course lab scenario, setting the stage for hands-on application of your newly acquired knowledge.

Module 2 - Setting Up Your Own MISP Instance

By the end of Module 2, you'll have achieved the following learning goals: successfully installing a local instance of MISP, configuring and setting up MISP, and creating your initial user account with a focus on security best practices.

This module walks you through the process of installing VirtualBox, downloading and importing the MISP Appliance, and logging in for the first time. Through hands-on labs, you'll gain practical experience in these steps. The module also covers upgrading MISP, addressing common problems, and provides valuable lessons learned and recommendations. Module 2 concludes with a summary of key takeaways from the setup process.

Module 3 - MISP in Action

Upon completing Module 3, you'll have achieved the following learning goals: understanding the role of organisations in MISP, comprehending user roles and permissions, navigating the dashboard, and effectively managing events and attributes. This module introduces MISP terminology and guides you through setting up your organisation, including a hands-on lab for configuring the primary organisation. User management is explored, with a practical exercise for setting up a new admin user. Additionally, you'll gain insights into dashboard functionalities and learn about taxonomies and galaxies in MISP. The module concludes with a summary of key takeaways from the practical aspects of utilizing MISP in cyber threat intelligence workflows.

Module 4 - Threat Data Ingestion

By the conclusion of Module 4, you will have achieved the following learning goals: mastering the art of importing threat feeds, efficiently performing manual data entry, and harnessing the capabilities of custom feeds and various data sources. This module provides a comprehensive understanding of threat data ingestion in MISP, emphasising practical skills in data enrichment. You'll gain hands-on experience in integrating diverse threat intelligence sources, equipping you with the expertise needed to effectively manage and enrich threat data within the MISP platform.

Module 5 - Threat Data Analysis

Upon completing Module 5, you will have achieved the following learning goals: mastering event correlation and analysis within MISP, developing skills in effectively handling false positives, understanding the concept of MISP Sightings, and conducting malware analysis using MISP. This module focuses on enhancing your proficiency in analysing threat data, providing practical insights into identifying patterns, mitigating false positives, leveraging MISP Sightings, and utilising MISP for in-depth malware analysis. By the end of this module, you'll be well-equipped to navigate and analyse threat data within the MISP platform.

Module 6 - Threat Data Sharing

By the conclusion of Module 6, you will have achieved the following learning goals: understanding the intricacies of sharing groups and communities, mastering distribution levels, and effectively sharing events and attributes within MISP. Additionally, this module explores the integration of STIX/TAXII, providing insights into leveraging these standards for enhanced threat data sharing capabilities. You'll gain practical experience in configuring sharing settings, defining access levels, and participating in collaborative threat intelligence efforts, ensuring that you are well-versed in the art of sharing threat data within the MISP ecosystem.

Module 7 - Automation with MISP

Upon completion of Module 7, you will have achieved the following learning goals: This module delves into the world of automation with MISP, providing practical insights into leveraging PyMISP and APIs for streamlined data handling. You'll explore automated threat detection techniques, learn how to integrate MISP with diverse security tools, and discover the flexibility of creating custom automation workflows tailored to your specific cybersecurity requirements.

Module 8 - Course Review and Q&A

In Module 8, we will conduct a comprehensive review of key concepts covered throughout the course, reinforcing your understanding of critical elements. The session will also feature an open discussion and Q&A segment, providing an opportunity for participants to seek clarification, discuss specific topics, and share insights. Additionally, we will engage in a course evaluation, allowing participants to provide valuable feedback. This module serves as a final opportunity to solidify your grasp of the material, address any lingering questions, and contribute to the continuous improvement of our training program.

Course benefits

  • Gain proficiency in MISP setup and configuration.
  • Enhance your threat intelligence analysis skills.
  • Streamline threat detection and response with MISP.
  • Understand the importance of threat sharing in today's cybersecurity landscape.
  • Access a supportive network of professionals in the field.

Course materials

Participants will receive course materials, including slides, documentation, and practical exercises. Access to MISP community resources, forums, and further reading materials will be provided to support ongoing learning.

Who should attend

MISP Kickstart training class is designed to benefit a wide range of individuals interested in cybersecurity and threat intelligence sharing including;

  • SOC analysts and personnel who monitor and respond to security incidents can use MISP to improve their threat detection and response capabilities.
  • Personnel in law enforcement and government agencies dealing with cybersecurity and threat intelligence can leverage MISP for threat sharing.
  • Researchers exploring cybersecurity threats and vulnerabilities can use MISP to aggregate, analyse, and share threat intelligence.
  • System or network administrators interested in understanding how to set up and maintain a MISP instance for their organisation.

Participants will need

In order to complete this course, participants will require the following:

  • A laptop on which they have administrative privileges to install software, download software and information.
  • Have at least 50GB of free hard drive space and be able to allocate 4GB of RAM to a virtual machine.
  • Be familiar with working on the command line.

Register your interest

Fill out the form below to register your interest - we'll get in touch with next steps.