Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP

hosted by CIRCL

CIRCL/SMILE g.i.e, HSBC building, 2nd floor

Start: Monday, 10 Dec 2018 10:00

End: Monday, 10 Dec 2018 17:30

  • Event description

    The goal of the tutorial is to familiarize participants with Incident Response and Cyber Threat Intelligence using TheHive, a Security Incident Response Platform, Cortex, a powerful observable analysis engine and MISP, a popular threat sharing platform. All software is free and open source.

    Agenda: what is Incident Response and Cyber Threat Intelligence in 2018, overview of the software stack, installation and configuration, an IR case study, the CTI-IR cycle case study.



    The training is free but there is a no-show fee of 40,- EUR if you register and don’t join us at the training without reasonable prior notice.

    More information about TheHive: https://thehive-project.org
    More information about MISP: https://www.circl.lu/services/misp-malware-information-sharing-platform/

    About the MISP project:https://www.misp-project.org - https://twitter.com/MISPProject

  • Register to this free training

    The event is over. It is not possible to purchase tickets anymore.This event used XING Events for online ticketing. Start to organise your own events in an effective and professional way.
    Test it now

  • Costs of the training

    This training is free-of-charge but there is a no-show fee of 40,- EUR if you register and don’t join us for the training without reasonable prior cancellation. 

  • Practical information

    Prerequisites:

    As this is a technical workshop, attendees are expected to bring their own laptop to the course.

    Who benefits most from this training:

    • Security/SOC analysts, CSIRT/CERT team members

    Requirements:

    • Your physical presence
    • It is important that you are able to connect with SSH to the VMs.
    • This assumes that you know how to configure the Guest VM to have an IP visible on the Host.
    • Laptop and an up to date browser that is not only iexplore.exe
    • If you want to get a head start you can always fetch the "The Hive" VM: https://github.com/TheHive-Project/TheHiveDocs/blob/master/training-material.md
    • Hardware requirements:
      1.4+ GHz, singlecore
      4+ GB of RAM
      15 GB of disk space
      Blank USB Stick, just in case
      Internet connectivity on-site
      Bottom line, you need to at least be able to decently run a VM with an Apache/PHP/Python3 running.

    • Software requirements:
      Host OS:
      Win/*NIX as a HOST OS with administrator rights
      Virtualization environments:
      VMware Workstation (recent) / Fusion (recent) or VirtualBox (recent)
      Full access rights for USB devices and Network interfaces.


    For more information: https://www.circl.lu/services/misp-training-materials/

    Duration:

    This is an 8 hour training.

    What is included:

    • Training material
    • Beverages
    • Light lunch

    Language of the course:

    The course is given in English.

  • About CIRCL and the speakers

    The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. CIRCL is the CERT for the private sector, communes and non-governmental entities in Luxembourg.

    Saâd Kadhi leads a large CERT at a reputable French financial institution. TheHive and Cortex are his brainchildren. He has been working in information security for twenty years. A decade ago, he was exposed to DFIR and what we call threat intelligence nowadays and developed a passion for these fields. He co-organizes Botconf, the botnet fighting conference and frequently writes infosec articles. He has also been a speaker at several events throughout the world.

  • More events

    Event title Event venue Date Registration
    AIL training - Framework for analysis of information leaks (includes a practical deep dive into the darkweb with AIL) CIRCL/SMILE g.i.e, HSBC building, 2nd floor 25 March 2019 10:00 Registration
    MISP Training - Threat Intelligence Analyst and Administrators CIRCL/SMILE g.i.e, HSBC building, 2nd floor 25 March 2019 10:00 Registration
    MISP Training - Threat Intelligence Analyst and Administrators CIRCL/SMILE g.i.e, HSBC building, 2nd floor 26 March 2019 10:00 Registration
    Introduction to Information Security and Privacy CIRCL/CASES/SMILE g.i.e, HSBC building, 2nd floor 26 March 2019 10:00 Registration
    MISP Training - Developers session CIRCL/SMILE g.i.e, HSBC building, 2nd floor 27 March 2019 10:00 Registration
    MONARC Training - Learn how to master Risk Analysis CASES/SMILE g.i.e, HSBC building, 2nd floor 28 March 2019 09:30 Registration
    Digital forensics primer (DFIR 1.0.1) CIRCL/SMILE g.i.e, HSBC building, 2nd floor 28 March 2019 10:00 Registration
    D4 Core Working Group meeting CIRCL/SMILE g.i.e, HSBC building, 2nd floor 29 March 2019 10:00 Registration
    EU MITRE ATT&CK User workshop #3 Eurocontrol premises 9 May 2019 Registration
    MISP Training - Threat Intelligence Analyst and Administrators CIRCL/SMILE g.i.e, HSBC building, 2nd floor 20 May 2019 10:00 Registration

Share

Or share this link:

Export

  • Venue & Access

    Event venue address

    CIRCL/SMILE g.i.e, HSBC building, 2nd floor 16, Boulevard d'Avranches 1160 Luxembourg Luxembourg

    Directions:

    Our training rooms are located close to the train station of Luxembourg city and excellently accessible, especially by public transport.

    How to reach us?

    by Car

    • Closest Parkings:
      • Rocade, Saint-Esprit, Nobilis, Gare, Kons

    by Bus

    • Closest bus stops:
      • Al Molkerei: 19, 117, 159, 160, 162, 163
      • Al Avenue: 19
      • Wallis: 3, 5, 6, 15, 30

     by Bike

    • Closest Vel'oh station:
      • #4 (Rocade)
powered by XING Events

Event organiser: CIRCL
More participants thanks to online event management solutions from XING Events.

Imprint