In Curation We Trust - Generating Contextual & Actionable Threat Intelligence
Just like many organizations, we are ingesting Threat Intelligence from a number of different sources. Very frequently, however, we notice that the data received is lacking context or generates a lot of false positives. In this talk we would like to demonstrate how we achieved to get around this problem by setting up a MISP ecosystem backed by a number of automation scripts and processes that support us in the curation and contextualization of this data. Attendees will learn how we, at NVISO, have set up a functional MISP architecture and created a operational curation process. The attendees will then be able to duplicate this setup in their own organizations to ensure an optimal threat intelligence loop and workflow.