The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive — a Security Incident Response Platform, Cortex — a powerful observable analysis engine, and MISP — the de facto standard platform for threat sharing.
All software is free and open source.
Workshop Outline
- What is Incident Response and Cyber Threat Intelligence in 2018
- Overview of the software stack
- Simple case study
- Dealing with notifications
- How CTI feeds IR
- How IR feeds CTI
- Advanced case study
Attendees need to have a laptop and the ability to run virtual machines (Virtualbox or VMWare), provided by the trainers.