Incident Response in the Age of Threat Intelligence with MISP, TheHive & Cortex

The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive — a Security Incident Response Platform, Cortex — a powerful observable analysis engine, and MISP — the de facto standard platform for threat sharing.

All software is free and open source.

Workshop Outline

  • What is Incident Response and Cyber Threat Intelligence in 2018
  • Overview of the software stack
  • Simple case study
  • Dealing with notifications
  • How CTI feeds IR
  • How IR feeds CTI
  • Advanced case study

Attendees need to have a laptop and the ability to run virtual machines (Virtualbox or VMWare), provided by the trainers.

Saâd Kadhi , CERT Banque de France

Saâd Kadhi, head of CERT Banque de France and TheHive Project leader, has over 18 years of experience in cybersecurity. He discovered incident response and digital forensics in early 2008 and has been working exclusively in this fascinating field since then. He built a CSIRT at a French multinational food-products corporation and worked as an analyst at CERT Société Générale before joining the French national central bank where he leads a team of 20 analysts. He frequently writes information security articles in a leading French magazine. He also co-organizes the Botconf security conference.

Raphaël Vinot CIRCL Operator, Computer Incident Response Center Luxembourg

Raphaël Vinot is a longstanding member of Computer Incident Response Center Luxembourg (CIRCL) and of Malware Information Sharing Platform (MISP).