Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP

hosted by CIRCL

CIRCL/SMILE g.i.e, HSBC building, 2nd floor

Start: Monday, 10 Dec 2018 10:00

End: Monday, 10 Dec 2018 17:30

  • Event description

    The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive, a Security Incident Response Platform, Cortex, a powerful observable analysis engine and MISP, a popular threat sharing platform. All software is free and open source.

    Agenda: what is Incident Response and Cyber Threat Intelligence in 2018, overview of the software stack, installation and configuration, an IR case study, the CTI-IR cycle case study.



    The training is free but there is a no-show fee of 40,- EUR if you register and don’t join us at the training without reasonable prior notice.

    More information about TheHive: https://thehive-project.org
    More information about MISP: https://www.circl.lu/services/misp-malware-information-sharing-platform/

    About the MISP project:https://www.misp-project.org - https://twitter.com/MISPProject

  • Register to this free training

    Category Amount Still available
    Standard
    14
  • Costs of the training

    This training is free-of-charge but there is a no-show fee of 40,- EUR if you register and don’t join us for the training without reasonable prior cancellation. 

  • Practical information

    Prerequisites:

    As this is a technical workshop, attendees are expected to bring their own laptop to the course.

    Who benefits most from this training:

    • Security/SOC analysts, CSIRT/CERT team members

    Requirements:

    • Your physical presence
    • It is important that you are able to connect with SSH to the VMs.
    • This assumes that you know how to configure the Guest VM to have an IP visible on the Host.
    • Laptop and an up to date browser that is not only iexplore.exe
    • If you want to get a head start you can always fetch the "The Hive" VM: https://github.com/TheHive-Project/TheHiveDocs/blob/master/training-material.md
    • Hardware requirements:
      1.4+ GHz, singlecore
      4+ GB of RAM
      15 GB of disk space
      Blank USB Stick, just in case
      Internet connectivity on-site
      Bottom line, you need to at least be able to decently run a VM with an Apache/PHP/Python3 running.

    • Software requirements:
      Host OS:
      Win/*NIX as a HOST OS with administrator rights
      Virtualization environments:
      VMware Workstation (recent) / Fusion (recent) or VirtualBox (recent)
      Full access rights for USB devices and Network interfaces.


    For more information: https://www.circl.lu/services/misp-training-materials/

    Duration:

    This is an 8 hour training.

    What is included:

    • Training material
    • Beverages
    • Light lunch

    Language of the course:

    The course is given in English.

  • About CIRCL and the speakers

    The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. CIRCL is the CERT for the private sector, communes and non-governmental entities in Luxembourg.

    Saâd Kadhi leads a large CERT at a reputable French financial institution. TheHive and Cortex are his brainchildren. He has been working in information security for twenty years. A decade ago, he was exposed to DFIR and what we call threat intelligence nowadays and developed a passion for these fields. He co-organizes Botconf, the botnet fighting conference and frequently writes infosec articles. He has also been a speaker at several events throughout the world.

  • More events

    Event title Event venue Date Registration
    hack.lu 2018 Alvisse Parc Hotel Dommeldange 16 October 2018 Registration
    EU ATT&CK community workshop #2 Alvisse Parc Hotel Dommeldange 19 October 2018 10:00 Registration
    Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP CIRCL/SMILE g.i.e, HSBC building, 2nd floor 10 December 2018 10:00 Registration
    MISP Training - Threat Intelligence Analyst and Administrators CIRCL/SMILE g.i.e, HSBC building, 2nd floor 17 December 2018 10:00 Registration
    MISP Training - Developers session CIRCL/SMILE g.i.e, HSBC building, 2nd floor 18 December 2018 10:00 Registration
    MONARC Training - Learn how to master Risk Analysis CASES/SMILE g.i.e, HSBC building, 2nd floor 19 December 2018 09:30 Registration
    Digital forensics primer (Winter session 1) CIRCL/SMILE g.i.e, HSBC building, 2nd floor 19 December 2018 10:00 Registration
    Digital forensics primer (Winter session 2) CIRCL/SMILE g.i.e, HSBC building, 2nd floor 20 December 2018 10:00 Registration
    AIL training - Framework for analysis of information leaks CIRCL/SMILE g.i.e, HSBC building, 2nd floor 20 December 2018 10:00 Registration
    Digital forensics Challenge CIRCL/SMILE g.i.e, HSBC building, 2nd floor 21 December 2018 10:00 Registration

Share

Or share this link:

Export

  • Venue & Access

    Event venue address

    16, Boulevard d'Avranches 1160 Luxembourg Luxembourg

    Directions:

    Our training rooms are located close to the train station of Luxembourg city and excellently accessible, especially by public transport.

    How to reach us?

    by Car

    • Closest Parkings:
      • Rocade, Saint-Esprit, Nobilis, Gare, Kons

    by Bus

    • Closest bus stops:
      • Al Molkerei: 19, 117, 159, 160, 162, 163
      • Al Avenue: 19
      • Wallis: 3, 5, 6, 15, 30

     by Bike

    • Closest Vel'oh station:
      • #4 (Rocade)
powered by XING Events

Event organiser: CIRCL
More participants thanks to online event management solutions from XING Events.

Imprint