Incident Response in the Age of Threat Intelligence with MISP, TheHive & Cortex

Back to the list of Speakers and Sessions

The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive — a Security Incident Response Platform, Cortex — a powerful observable analysis engine, and MISP — the de facto standard platform for threat sharing.

All software is free and open source.

Workshop Outline

  • What is Incident Response and Cyber Threat Intelligence in 2018
  • Overview of the software stack
  • Simple case study
  • Dealing with notifications
  • How CTI feeds IR
  • How IR feeds CTI
  • Advanced case study

Attendees need to have a laptop and the ability to run virtual machines (Virtualbox or VMWare), provided by the trainers.