Interested in MISP training for your team? We run private MISP Kickstart training for organisations like yours. Contact us to request a quote.
Facilitated by some of the world's foremost CTI experts, this course will establish a foundational understanding of the practical applications of the MISP Threat Intelligence Platform.
Participants will follow lab scenarios based on real-world use cases, including setting up a local MISP instance, configuring an organisation and users, and creating events and information based on the threat profile of an organisation and its industry vertical.
Participants will gain an understanding of the common use cases for MISP, learn how to set up and manage sharing communities, select relevant threat feeds (and also ones to avoid!) and how to utilise automation workflows.
This isn't just another dry "RTFM" walkthrough. Participants will be challenged by an engaging lab scenario that mimics real world use cases and CTI sharing scenarios.
Alongside the good, this course also covers the bad and the ugly.
Upgrades don’t always go to plan, databases randomly fall over, events can duplicate seemingly on their own. We provide guidance on how to troubleshoot and fix these issues as they arise.
By the end of the course you’ll have a working instance of MISP, and will be able to export events so that if you decide to run MISP in production you won’t need to do the work again. This course will equip participants with the knowledge and skills to set up MISP to meet their own personal or organisational requirements and understand how to effectively leverage the world's most popular open source threat intelligence platform.
Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.
Duration: 2x Half Days (8 Hours Total) of training delivered by our expert instructors.
Delivery: The course will be held live and online in your timezone.
By the end of Module 1, you'll have gained a comprehensive introduction to MISP. You'll understand its background, functions, and its role in Cyber Threat Intelligence (CTI) sharing. Additionally, you'll be primed on CTI sharing fundamentals. The module concludes with an overview of the course lab scenario, setting the stage for hands-on application of your newly acquired knowledge.
By the end of Module 2, you'll have achieved the following learning goals: configuring and setting up MISP, and creating your initial user account with a focus on security best practices.
This module walks you through the process of downloading and importing the MISP Appliance, and logging in for the first time. Through hands-on labs, you'll gain practical experience in these steps. The module also covers upgrading MISP, addressing common problems, and provides valuable lessons learned and recommendations. Module 2 concludes with a summary of key takeaways from the setup process.
Upon completing Module 3, you'll have achieved the following learning goals: understanding the role of organisations in MISP, comprehending user roles and permissions, navigating the dashboard, and effectively managing events and attributes. This module introduces MISP terminology and guides you through setting up your organisation, including a hands-on lab for configuring the primary organisation. User management is explored, with a practical exercise for setting up a new admin user. Additionally, you'll gain insights into dashboard functionalities and learn about taxonomies and galaxies in MISP. The module concludes with a summary of key takeaways from the practical aspects of utilizing MISP in cyber threat intelligence workflows.
By the conclusion of Module 4, you will have achieved the following learning goals: mastering the art of importing threat feeds, efficiently performing manual data entry, and harnessing the capabilities of custom feeds and various data sources. This module provides a comprehensive understanding of threat data ingestion in MISP, emphasising practical skills in data enrichment. You'll gain hands-on experience in integrating diverse threat intelligence sources, equipping you with the expertise needed to effectively manage and enrich threat data within the MISP platform.
Upon completing Module 5, you will have achieved the following learning goals: mastering event correlation and analysis within MISP, developing skills in effectively handling false positives, understanding the concept of MISP Sightings, and conducting malware analysis using MISP. This module focuses on enhancing your proficiency in analysing threat data, providing practical insights into identifying patterns, mitigating false positives, leveraging MISP Sightings, and utilising MISP for in-depth malware analysis. By the end of this module, you'll be well-equipped to navigate and analyse threat data within the MISP platform.
By the conclusion of Module 6, you will have achieved the following learning goals: understanding the intricacies of sharing groups and communities, mastering distribution levels, and effectively sharing events and attributes within MISP. Additionally, this module briefly explores the integration of STIX/TAXII, providing insights into leveraging these standards for enhanced threat data sharing capabilities. You'll gain practical experience in configuring sharing settings, defining access levels, and participating in collaborative threat intelligence efforts, ensuring that you are well-versed in the art of sharing threat data within the MISP ecosystem.
In Module 7, we will conduct a comprehensive review of key concepts covered throughout the course, reinforcing your understanding of critical elements. The session will also feature an open discussion and Q&A segment, providing an opportunity for participants to seek clarification, discuss specific topics, and share insights. Additionally, we will engage in a course evaluation, allowing participants to provide valuable feedback. This module serves as a final opportunity to solidify your grasp of the material, address any lingering questions, and contribute to the continuous improvement of our training program.
Participants will receive course materials, including slides, documentation, and practical exercises. Access to MISP community resources, forums, and further reading materials will be provided to support ongoing learning.
MISP Kickstart training class is designed to benefit professionals across a wide range of roles interested in cybersecurity and threat intelligence sharing including;
In order to complete this course, participants will require the following:
Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.