Koen Van Impe#
Koen Van Impe is a freelancer in threat intelligence, incident response and security operations. Koen has more than 20 years of experience in security (https://www.linkedin.com/in/cudeso/), has contributed to many open source projects and is the maintainer of the OSINT feed botvrij.eu. Koen shares his work via GitHub (cudeso), X (@cudeso) or his blog https://www.vanimpe.eu/
Talks (Eastern Timezone)#
Title |
Abstract |
Date |
Time |
|---|---|---|---|
MISP playbooks, common use-cases to interact with the MISP threat intelligence platform |
This talk is about the MISP playbooks. These playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse specific intelligence received by MISP. They are published on MISP/misp-playbooks. The MISP playbooks combine PyMISP (Python library) with Jupyter notebooks and MISP. This talk will have these sections - 6β Introduction. Introduction to MISP, PyMISP, MISP modules and how MISP playbooks glue this together. Overview of whatβs available on the GitHub repository (playbooks and documentation). - 3β Getting started. What do you need? Structure/format/skeleton of a playbook. - 6β Demo of using MISP playbooks. How to query for data in MISP. Create a MISP threat event via a notebook. Update data in MISP. Use the MISP extension modules in a notebook. The demo is done against a local MISP instance filled with OSINT threat data. |
2024-02-16 |
12:45 |