Koen Van Impe#


Koen Van Impe is a freelancer in threat intelligence, incident response and security operations. Koen has more than 20 years of experience in security (https://www.linkedin.com/in/cudeso/), has contributed to many open source projects and is the maintainer of the OSINT feed botvrij.eu. Koen shares his work via GitHub (cudeso), X (@cudeso) or his blog https://www.vanimpe.eu/

Talks (Eastern Timezone)#





MISP playbooks, common use-cases to interact with the MISP threat intelligence platform

This talk is about the MISP playbooks. These playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse specific intelligence received by MISP. They are published on MISP/misp-playbooks. The MISP playbooks combine PyMISP (Python library) with Jupyter notebooks and MISP. This talk will have these sections - 6’ Introduction. Introduction to MISP, PyMISP, MISP modules and how MISP playbooks glue this together. Overview of what’s available on the GitHub repository (playbooks and documentation). - 3’ Getting started. What do you need? Structure/format/skeleton of a playbook. - 6’ Demo of using MISP playbooks. How to query for data in MISP. Create a MISP threat event via a notebook. Update data in MISP. Use the MISP extension modules in a notebook. The demo is done against a local MISP instance filled with OSINT threat data.