The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive — a Security Incident Response Platform, Cortex — a powerful observable analysis engine, and MISP — the de facto standard platform for threat sharing.
All software is free and open source.
- What is Incident Response and Cyber Threat Intelligence in 2018
- Overview of the software stack
- Simple case study
- Dealing with notifications
- How CTI feeds IR
- How IR feeds CTI
- Advanced case study
Attendees need to have a laptop and the ability to run virtual machines (Virtualbox or VMWare), provided by the trainers.
Saâd Kadhi , CERT Banque de France
Saâd Kadhi, head of CERT Banque de France and TheHive Project leader, has over 18 years of experience in cybersecurity. He discovered incident response and digital forensics in early 2008 and has been working exclusively in this fascinating field since then. He built a CSIRT at a French multinational food-products corporation and worked as an analyst at CERT Société Générale before joining the French national central bank where he leads a team of 20 analysts. He frequently writes information security articles in a leading French magazine. He also co-organizes the Botconf security conference.
Raphaël Vinot CIRCL Operator, Computer Incident Response Center Luxembourg
Raphaël Vinot is a longstanding member of Computer Incident Response Center Luxembourg (CIRCL) and of Malware Information Sharing Platform (MISP).