Welcome to Scribd!

Csirt Kit Workshop - 2 PDF

Uploaded by

0% found this document useful (0 votes)

155 views29 pages

This document discusses various tools that can be used for computer security incident response, including CSIRT-KIT, IntelMQ, MISP, RTIR, NFSEN, ELK, and DNS tools. It provides information on what each tool is used for, such as automatic feeds processing and filtering (IntelMQ), facilitating malware information sharing (MISP), and managing incidents and investigations (RTIR). Links are provided for people to learn more about these open source tools and how they can help with security incident response.

Original Description:

Original Title

Csirt-kit-workshop_2.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

155 views29 pages

Csirt Kit Workshop - 2 PDF

Uploaded by

tripel kids sukorame 2

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 29

Search inside document

Page 1

Page 2
Page 3
Page 4
CSIRT-KIT workshop
jordi.guijarro@csuc.cat
@jordiguijarro @javierberciano
•
CSIRT-KIT workshop
@jordiguijarro @jberciano borja.guaita@csuc.cat

Page 5
Tools ecosystem : Csirt-kit inspiration!

Detection

Analysis
&
Visulization

Page 6
Page 7
Disk Image (OVA)
ftp://ftp.csuc.cat/NCN/csirt-kit.ova

Page 8
https://intelmq.org/

Page 9
- Automatic feeds injection and processing
- Easy to configure and change (Python)
- GUI (IntelMQ Manager)
- Opensource
- Various output results («enrichment» with expert bots)
- ASN lookup
- Abuse contact
- Whois
- GeoIP
- DNS lookups
- Filters.

https://intelmq.org/
Page 10
https://intelmq.org/

Page 11
Malware Information
Sharing Platform
http://www.misp-project.org/
Objective

Facilitate the storage of technical and non-technical

information about malware and attacks

Create automatically relations between malware and their

attributes

Store data in a structured format (allowing automated use

of the database to feed detection systems or forensic
tools)
Generate rules for Network Intrusion Detection System
(NIDS) that can be imported on IDS systems (e.g. IP
addresses, domain names, hashes of malicious files,
pattern in memory)
Objective

Share malware and threat attributes with other parties and

trust-groups

Store locally all information from other instances (ensuring

confidentiality on queries)

Create a platform of trust - trusted information from

trusted partners

Improve malware detection and reversing to promote

information exchange among organizations (e.g. avoiding
duplicate works)
MISP (Malware information Sharing
Platform)

Source: http://circl.lu/services/misp-malware-information-sharing-platform/
Model
User 1 User 2

User N
Incident affecting
strategic company IOC without
victim
information

Web access without misp

CERTSI Federation with

strategic company
misp
Threat Intelligence

Compan
y
Architecture

CERTSI
STRATEGIC
COMPANIES HUB

CERTSI MISP
INTERNATIONAL CERTSI MAIN MISP
HUB

MISP COMPANY
… GROUP I

MISP CERT A MISP CERT B

https://bestpractical.com/rtir/

Page 21
RTIR: Request tracker for Incident Response
To manage «easily»:
- Incident Requests
- Incidents
- Investigations
- Blocks

Page 22
- NFDUMP Graphical interface
- BSD license

http://nfsen.sourceforge.net/

Page 23
NFSEN
NFSEN - Stat TopN “proto udp”

Page 25
https://www.elastic.co/

Page 26
ELK and DNS
Intel and external sources
Q&A

Thanks!

https://www.csirt-kit.org

Page 29

CIS Community Defense Model v2.0
Document50 pages
CIS Community Defense Model v2.0
darkblade310
No ratings yet
Julabo FP 50 He User Manual
Document82 pages
Julabo FP 50 He User Manual
api-239932254
No ratings yet
Gard+LP+presentation+on+cyber+security +jan+2019 PDF
Document32 pages
Gard+LP+presentation+on+cyber+security +jan+2019 PDF
Rexon dela Cruz
No ratings yet
Slidefinalcompagnucci
Document21 pages
Slidefinalcompagnucci
Hshhahwhu Su
No ratings yet
Cyber Security Activities at The
Document49 pages
Cyber Security Activities at The
Sakthi Kamal Nathan Sambasivam
No ratings yet
The Graph Tech Ecosystem Visualization Linkurious
Document117 pages
The Graph Tech Ecosystem Visualization Linkurious
1977am
No ratings yet
Cisco Secure Network Analytics (Formerly Stealthwatch) Data Sheet
Document14 pages
Cisco Secure Network Analytics (Formerly Stealthwatch) Data Sheet
Timucin DIKMEN
No ratings yet
Resources: Common Tool List Memory Acquisition Tools
Document12 pages
Resources: Common Tool List Memory Acquisition Tools
uzenho
100% (1)
MongCTILiguriaNov 21
Document114 pages
MongCTILiguriaNov 21
mousemove
No ratings yet
Juan Manuel Corchado - 2 - Presentación DeepSIEM
Document13 pages
Juan Manuel Corchado - 2 - Presentación DeepSIEM
felgam
No ratings yet
Devnet-3603 (2018)
Document68 pages
Devnet-3603 (2018)
Paul Zeto
No ratings yet
Software Defined Perimeter and Zero Trust
Document24 pages
Software Defined Perimeter and Zero Trust
Кирилл Латышов
No ratings yet
Forti SIEM
Document8 pages
Forti SIEM
Jose
No ratings yet
APIs and Software Programmability - Stage 1 PDF
Document25 pages
APIs and Software Programmability - Stage 1 PDF
Elmmy Dionisio F.
No ratings yet
War Dialing
Document5 pages
War Dialing
Muhammad Hasnain
No ratings yet
Patching Nist SP 1800 31b Draft
Document59 pages
Patching Nist SP 1800 31b Draft
Pedro Andres Alvarado Niño
No ratings yet
1 Onboarding Guide Questions
Document3 pages
1 Onboarding Guide Questions
Gerika Lynn Cortez
No ratings yet
Materi Kuliah Pekan 16
Document32 pages
Materi Kuliah Pekan 16
Darryl Sinaga
No ratings yet
Juan Manuel Corchado - 4 - Presentación DeepSIEM
Document13 pages
Juan Manuel Corchado - 4 - Presentación DeepSIEM
felgam
No ratings yet
Information Technologies Smart City
Document27 pages
Information Technologies Smart City
Heru Purnomo
No ratings yet
Kenneth Frische How Are Cybersecurity Standards and Technologies Relevant To DCS PDF
Document18 pages
Kenneth Frische How Are Cybersecurity Standards and Technologies Relevant To DCS PDF
Ahmed Khan
No ratings yet
6 Hot Network Specializations To Pursue
Document5 pages
6 Hot Network Specializations To Pursue
AbuSyeed Raihan
No ratings yet
Poetter-Compris-AI ML DS Infographics-Cheat Sheets
Document239 pages
Poetter-Compris-AI ML DS Infographics-Cheat Sheets
Mohammad Mashrequl Islam
No ratings yet
5-Services Csirt
Document45 pages
5-Services Csirt
COOPERATIVA DE APORTES Y PRESTAMOS COACPESAN
No ratings yet
Forti SIEM
Document7 pages
Forti SIEM
Oscar Bracamonte Z.
No ratings yet
Chapter 1 Syncing IT Strategy
Document36 pages
Chapter 1 Syncing IT Strategy
Nurul Adilah Abdul Halim
No ratings yet
Di Nist Sp1800 11c Final
Document386 pages
Di Nist Sp1800 11c Final
ahlem moussa
No ratings yet
Cert-In Cert-In Cert-In: Information Desk Incident Response Help Desk
Document5 pages
Cert-In Cert-In Cert-In: Information Desk Incident Response Help Desk
Sunil Uniyal
No ratings yet
A Solution Guide To Operational Technology Cybersecurity: White Paper
Document24 pages
A Solution Guide To Operational Technology Cybersecurity: White Paper
Manuel
No ratings yet
SCADA Security Overview
Document16 pages
SCADA Security Overview
tevexin998
100% (1)
Intech October 2023 Issue
Document56 pages
Intech October 2023 Issue
Salah Eldeen Gasim
No ratings yet
Forti SIEM
Document7 pages
Forti SIEM
benjamin
No ratings yet
Awesome SOC-3
Document17 pages
Awesome SOC-3
Yasmin Sarinho
No ratings yet
Introduction To IT Security
Document32 pages
Introduction To IT Security
Dilshan
No ratings yet
RidgeBot VAPT
Document4 pages
RidgeBot VAPT
imtiaznafiz50
No ratings yet
Cyber Threat Intelligence CERT-EU Vision
Document22 pages
Cyber Threat Intelligence CERT-EU Vision
Vladislav Alekseev
No ratings yet
Managing Virtual Infrastructure With Veeam One: Page 1 / 4
Document4 pages
Managing Virtual Infrastructure With Veeam One: Page 1 / 4
zsmo
No ratings yet
Effectively Enhancing Our Soc With Sysmon Powershell Logging and Machine Learning To Detect and Respond To Todays Threats PDF
Document43 pages
Effectively Enhancing Our Soc With Sysmon Powershell Logging and Machine Learning To Detect and Respond To Todays Threats PDF
Hamza Idris
No ratings yet
Fortisiem
Document6 pages
Fortisiem
EDGA
No ratings yet
Corelight 10523 Webinar Draft - 946774
Document23 pages
Corelight 10523 Webinar Draft - 946774
subin28o5
No ratings yet
Analytics: Adding Value To Big Data
Document24 pages
Analytics: Adding Value To Big Data
Fido Fido
No ratings yet
GET YOUR S.O.S. How-To Guide - (STUFF OFF SEARCH)
Document2 pages
GET YOUR S.O.S. How-To Guide - (STUFF OFF SEARCH)
Alexis A. Abreu A.
No ratings yet
Microstrategy Introduction
Document34 pages
Microstrategy Introduction
Kukila 1809
No ratings yet
Wipro Reduces Ticket Handling Time With Adaptive End-User Analytics
Document6 pages
Wipro Reduces Ticket Handling Time With Adaptive End-User Analytics
sik
No ratings yet
Project 02
Document38 pages
Project 02
api-403951553
No ratings yet
Implementing A Smart Data Platform (2017) PDF
Document71 pages
Implementing A Smart Data Platform (2017) PDF
Rodrigo Tinoco
No ratings yet
SDN Network DDOS Detection Using ML
Document7 pages
SDN Network DDOS Detection Using ML
International Journal of Innovative Science and Research Technology
No ratings yet
Accelerate 2024 LATAM and Caribbean Partner Breakout Session
Document26 pages
Accelerate 2024 LATAM and Caribbean Partner Breakout Session
jose
No ratings yet
IT Asset Management
Document237 pages
IT Asset Management
Khallau Arauc
100% (1)
ISAC Corporate Profile-Oct 22
Document19 pages
ISAC Corporate Profile-Oct 22
er.apsingh
No ratings yet
Thesis Snort
Document4 pages
Thesis Snort
qrikaiiig
100% (2)
Unleashing It Magazine Aci Ed
Document20 pages
Unleashing It Magazine Aci Ed
test123
No ratings yet
Demisto and PacketSled Integrate Network Visibility With Workflow Orchestration
Document3 pages
Demisto and PacketSled Integrate Network Visibility With Workflow Orchestration
PR.com
No ratings yet
Node - Js The Internet of Things: Charlie K Ey / at Zwi Gby Structure / @getstructure
Document31 pages
Node - Js The Internet of Things: Charlie K Ey / at Zwi Gby Structure / @getstructure
manishk_47
No ratings yet
Cyber Career Path
Document4 pages
Cyber Career Path
tedcwe
No ratings yet
Red Hat Single Sign-On: Dean Peterson Senior Specialist Solution Architect
Document25 pages
Red Hat Single Sign-On: Dean Peterson Senior Specialist Solution Architect
protos
No ratings yet
Chasing Alerts
Document40 pages
Chasing Alerts
test123
No ratings yet
Artificial Intelligence and Machine Learning Trends in OT-IoT Security
Document14 pages
Artificial Intelligence and Machine Learning Trends in OT-IoT Security
salvadorelo1467
No ratings yet
Information Technology SRMA Fact Sheet - 508
Document2 pages
Information Technology SRMA Fact Sheet - 508
Mario Andrianarimanga
No ratings yet
Lectures - Weeks 1 and 2
Document78 pages
Lectures - Weeks 1 and 2
Ankita Kar ee23d405
No ratings yet
Advanced Platform Development with Kubernetes: Enabling Data Management, the Internet of Things, Blockchain, and Machine Learning
From Everand
Advanced Platform Development with Kubernetes: Enabling Data Management, the Internet of Things, Blockchain, and Machine Learning
Craig Johnston
No ratings yet
Module-2: Introduction, Lexical Analysis: Syllabus
Document28 pages
Module-2: Introduction, Lexical Analysis: Syllabus
Samba Shiva Reddy.g Shiva
No ratings yet
Emerging Trends With Answers
Document2 pages
Emerging Trends With Answers
Rafiya95z Mynir
No ratings yet
Flow Over Airfoil
Document22 pages
Flow Over Airfoil
Rahis Pal Singh
No ratings yet
Tinderbox3-2 1v1
Document179 pages
Tinderbox3-2 1v1
io.clarence.2007
No ratings yet
Tms320F2833X, Tms320F2823X Digital Signal Controllers (DSCS)
Document203 pages
Tms320F2833X, Tms320F2823X Digital Signal Controllers (DSCS)
PrashanthManikumar
No ratings yet
Disk Explanation
Document5 pages
Disk Explanation
Renegade Diver
No ratings yet
Create The Glass Shelf Dock From Leopard OS in Photoshop - Tutorial9
Document12 pages
Create The Glass Shelf Dock From Leopard OS in Photoshop - Tutorial9
Poe Poe
No ratings yet
Duarte Slidedoc Download
Document165 pages
Duarte Slidedoc Download
Peter Now
No ratings yet
6014 Question Paper
Document2 pages
6014 Question Paper
rahulgupta32005
No ratings yet
Useful Python Libraries For Network Engineers
Document50 pages
Useful Python Libraries For Network Engineers
LAngel Reyes
No ratings yet
Switch Game Spyro - Google Search
Document1 page
Switch Game Spyro - Google Search
Charlotte Smith
No ratings yet
Plutous It Req
Document2 pages
Plutous It Req
R. R. Arivazhagan
No ratings yet
The Soc Hiring Handbook
Document28 pages
The Soc Hiring Handbook
Forense Orlando
No ratings yet
Sublime Text For Windows Cheat Sheet
Document11 pages
Sublime Text For Windows Cheat Sheet
trmpereira
No ratings yet
Actual4Test: Actual4test - Actual Test Exam Dumps-Pass For IT Exams
Document8 pages
Actual4Test: Actual4test - Actual Test Exam Dumps-Pass For IT Exams
German Delgadillo
No ratings yet
An Approach To Analyzing The Windows and Linux Security Models
Document6 pages
An Approach To Analyzing The Windows and Linux Security Models
Muhammad Fahad
No ratings yet
OneIM ITShop Administration
Document270 pages
OneIM ITShop Administration
Iker Maletas
No ratings yet
Release Notes: Analyzer Update May 2019
Document17 pages
Release Notes: Analyzer Update May 2019
henry457
No ratings yet
Intro License Smart PDF
Document48 pages
Intro License Smart PDF
Abdelhai
No ratings yet
Pico Bricks Ebook Final PDF
Document207 pages
Pico Bricks Ebook Final PDF
rasyoung
No ratings yet
Installation Guide: Chromeleon 7 Chromatography Data System
Document100 pages
Installation Guide: Chromeleon 7 Chromatography Data System
Miguel Saucedo Mora
No ratings yet
Finding The Square of A Number - Class 8 Maths MCQ - Sanfoundry
Document6 pages
Finding The Square of A Number - Class 8 Maths MCQ - Sanfoundry
jonvishal15
No ratings yet
Data Science Projects For Final Year
Document1 page
Data Science Projects For Final Year
Nageswar Makala
No ratings yet
Functions: Var S Add
Document13 pages
Functions: Var S Add
Revati Menghani
No ratings yet
Name: Chandrasekhar Email: Mobile:+: Professional Summary
Document3 pages
Name: Chandrasekhar Email: Mobile:+: Professional Summary
Chandra
No ratings yet
Coc 2
Document5 pages
Coc 2
wesen desta
100% (1)
3 - OEP100320 LTE Radio Network Capacity Dimensioning ISSUE 1 PDF
Document37 pages
3 - OEP100320 LTE Radio Network Capacity Dimensioning ISSUE 1 PDF
miltonarturo
No ratings yet
Pps - Question Bank
Document65 pages
Pps - Question Bank
S.SRI KRISHNA (RA2111026020166)
No ratings yet
Dual-Port Memory Block Diagram PDF
Document8 pages
Dual-Port Memory Block Diagram PDF
ivanramljak
No ratings yet