How I've Broken Every Threat Intel Platform and Settled on MISP

Explore a conference talk that delves into the challenges of categorizing, storing, and operationalizing various sources of intelligence in enterprise environments. Learn about the design flaws in many intel platforms and the importance of correlating diverse data points like IP addresses, hostnames, file names, and TLS certificates into common events for effective threat intelligence. Discover the speaker's journey in finding a suitable platform to store a large malware configuration database, ultimately settling on MISP. Gain insights into shifting the paradigm from indicators to events as the starting point for threat intelligence work, emphasizing the significance of retaining, analyzing, and correlating the relationships between all observables in an attack. The talk is presented by John Bambenek, an experienced cybersecurity professional with extensive background in threat research, incident handling, and intelligence dataset production.

Hack.lu 2017 How I’ve Broken Every Threat Intel Platform I’ve Ever Had (And Settled on MISP)