Remi Seguy
I work in cybersecurity for more than 15 years mainly in Blue teams but I am interested to foster purple teaming. I fully support Libre software and try to contribute to the open source community.
Session
In cybersecurity, CTI and SOC teams often seat next to each other. The CTI team accumulates impressive amount of threat intelligence including technical IOCs. On SOC side even more impressive amount of data is collected in data lakes even now data oceans (logs, telemetry, network flow or traffic, etc.).
MISP has been available for years as a Threat Intelligence platform and had highly facilitated sharing across the security community, mainly between CTI teams. In particular, MISP allows an organisation to have IOC data set ready to be used.
Still SOC teams rather often struggle to consume those IOCs into their monitoring and detection platforms and event more to feed back into MISP for new findings or sightings from the alerts or retro searches run on the SOC platforms.
MISP42 is an open-source app developed to help SOC teams using Splunk platform to make the use of IOCs in MISP an easy workflow that can be automated.