Saturday, September 14, 2019
The installation of MISP has long been a contentious issue depending on which flavour of deployment you are willing to run in your environment. I am not overly a fan of the OVA deployments (since I have no control over what was deployed in there previously), and nor would I consider deploying a prebuilt OVA of that description within a production environment. So instead I will be walking through the deployment of MISP through a newly released Shell script which takes care of everything in a one-liner.
Sunday, August 25, 2019
If you have read anything I have already published here, you will likely see I am somewhat biased to using TheHive as a Cyber security Case Management tool. There are many other tools, but my focus is on enabling a SOC operator no matter the budget for a business (something is well and truly better than nothing). So with that, I will be walking through the deployment of a collection of VMs designed to operate as a SOC enclave for Incident Investigation and Analysis. All using Open Source tools and technologies which can be acquired for no cost outlay.
Sunday, August 18, 2019
I have been playing with TheHive, Cortex and MISP for a few months now, and have been working a way forward to have it programmatically analyse new observables whilst the SOC operator is working on other tasks. Effectively having TheHive start core jobs on observables automatically and then waiting for the operator to check over the results as required. Here is Version 2 of what I have been putting together to expedite the process of observable analysis...