MISP Kickstart Training
Gain MISP experience with lab scenarios that reflect real-world use cases.
Interested in MISP training for your team? We run private MISP Kickstart training for organisations around the globe. Contact us to request a quote.
Facilitated by some of the world's foremost CTI experts, including Chris Horsley (global CTI speaker and trainer, MISP core contributor), this course will establish a foundational understanding of the practical applications of the MISP Threat Intelligence Platform.
Participants will follow engaging lab scenarios based on real-world use cases, including setting up a local MISP instance, configuring an organisation and users, and creating events and information based on the threat profile of an organisation and its industry vertical.
Participants will gain an understanding of the common use cases for MISP, learn how to set up and manage sharing communities, select relevant threat feeds (and also ones to avoid!) and how to utilise automation workflows.
By the end of the course you’ll have a working instance of MISP, and will be able to export events so that if you decide to run MISP in production you won’t need to duplicate work.
This course will equip participants with the knowledge and skills to set up MISP to meet organisational requirements and understand how to effectively leverage the world's most popular open source threat intelligence platform.
Register your interest in MISP Kickstart training from Cosive.
Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.
Course Delivery & Duration
Duration: 2x Half Days (8 Hours Total) of training delivered by our expert instructors.
Delivery: The course will be held live and online in your timezone.
Course outline
Module 1 - Introduction
By the end of Module 1, you'll have gained a comprehensive introduction to MISP. You'll understand its background, functions, and its role in Cyber Threat Intelligence (CTI) sharing. Additionally, you'll be primed on CTI sharing fundamentals. The module concludes with an overview of the course lab scenario, setting the stage for hands-on application of your newly acquired knowledge.
Module 2 - Setting Up Your Own MISP Instance
By the end of Module 2, you'll have achieved the following learning goals: configuring and setting up MISP, and creating your initial user account with a focus on security best practices.
This module walks you through the process of downloading and importing the MISP Appliance, and logging in for the first time. Through hands-on labs, you'll gain practical experience in these steps. The module also covers upgrading MISP, addressing common problems, and provides valuable lessons learned and recommendations. Module 2 concludes with a summary of key takeaways from the setup process.
Module 3 - MISP in Action
Upon completing Module 3, you'll have achieved the following learning goals: understanding the role of organisations in MISP, comprehending user roles and permissions, navigating the dashboard, and effectively managing events and attributes. This module introduces MISP terminology and guides you through setting up your organisation, including a hands-on lab for configuring the primary organisation. User management is explored, with a practical exercise for setting up a new admin user. Additionally, you'll gain insights into dashboard functionalities and learn about taxonomies and galaxies in MISP. The module concludes with a summary of key takeaways from the practical aspects of utilizing MISP in cyber threat intelligence workflows.
Module 4 - Threat Data Ingestion
By the conclusion of Module 4, you will have achieved the following learning goals: mastering the art of importing threat feeds, efficiently performing manual data entry, and harnessing the capabilities of custom feeds and various data sources. This module provides a comprehensive understanding of threat data ingestion in MISP, emphasising practical skills in data enrichment. You'll gain hands-on experience in integrating diverse threat intelligence sources, equipping you with the expertise needed to effectively manage and enrich threat data within the MISP platform.
Module 5 - Threat Data Analysis
Upon completing Module 5, you will have achieved the following learning goals: mastering event correlation and analysis within MISP, developing skills in effectively handling false positives, understanding the concept of MISP Sightings, and conducting malware analysis using MISP. This module focuses on enhancing your proficiency in analysing threat data, providing practical insights into identifying patterns, mitigating false positives, leveraging MISP Sightings, and utilising MISP for in-depth malware analysis. By the end of this module, you'll be well-equipped to navigate and analyse threat data within the MISP platform.
Module 6 - Threat Data Sharing
By the conclusion of Module 6, you will have achieved the following learning goals: understanding the intricacies of sharing groups and communities, mastering distribution levels, and effectively sharing events and attributes within MISP. Additionally, this module briefly explores the integration of STIX/TAXII, providing insights into leveraging these standards for enhanced threat data sharing capabilities. You'll gain practical experience in configuring sharing settings, defining access levels, and participating in collaborative threat intelligence efforts, ensuring that you are well-versed in the art of sharing threat data within the MISP ecosystem.
Module 7 - Course Review and Q&A
In Module 7, we will conduct a comprehensive review of key concepts covered throughout the course, reinforcing your understanding of critical elements. The session will also feature an open discussion and Q&A segment, providing an opportunity for participants to seek clarification, discuss specific topics, and share insights. Additionally, we will engage in a course evaluation, allowing participants to provide valuable feedback. This module serves as a final opportunity to solidify your grasp of the material, address any lingering questions, and contribute to the continuous improvement of our training program.
Course benefits
- Gain proficiency in MISP setup and configuration.
- Enhance your threat intelligence analysis skills.
- Streamline threat detection and response with MISP.
- Understand the importance of threat sharing in today's cybersecurity landscape.
- Participants will receive a certificate of completion for the course.
Course materials
Participants will receive course materials, including slides, documentation, and practical exercises. Access to MISP community resources, forums, and further reading materials will be provided to support ongoing learning.
Who should attend
The MISP Kickstart training is designed to benefit professionals across a wide range of roles interested in cybersecurity and threat intelligence sharing including;
- CTI analysts who want to use MISP for ingestion, collection, automations and analysis of IoCs
- SOC analysts and personnel who monitor and respond to security incidents can use MISP to improve their threat detection and response capabilities.
- Personnel in law enforcement and government agencies dealing with cybersecurity and threat intelligence can leverage MISP for threat sharing.
- Researchers exploring cybersecurity threats and vulnerabilities can use MISP to aggregate, analyse, and share threat intelligence.
- System or network administrators interested in understanding how to set up and maintain a MISP instance for their organisation.
Participants will need
In order to complete this course, participants will require the following:
- A computer on which they have administrative privileges to install software, download software and information.
- Familiarity with working on the command line.
Register your interest in MISP Kickstart training from Cosive.
Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.