09:00-12:00 pm

András Iklódy

Creating well defined and contextualised information in MISP


The training is meant as both an introductiory workshop into threat information creation as well as an advanced techniques workshop for MISP in particular. Participants will learn how to create proper threat reports as well as how to encode rich and well structured MISP events using all of the modern tooling the platform offers.Topics explored will include:– best practices– considerations of the needs of the community– contextualisation– creating graph based data– enrichment– writing supporting reports– false positive handling– building workflows to assist your CTI processesMISP newcomers as well as veterans that may not be up to date with the latest feature-set of MISP are both welcome and expected to come out of the workshop with new ideas and tools in their toolbelts.



Andras Iklody works at the Luxembourgian Computer Security Incident Response Team (CSIRT) CIRCL as a software engineer and has been leading the development of the MISP core since early 2013. He is a firm believer that there are no problems that cannot be tackled by building the right tool.