Being able to detect the presence of threat actors within an organisation is one of many roles inherent to being a SOC analyst. However knowing what to look for can be as frustrating as extricating the threat from an organisation's environment can be equally as frustrating. Fortunately there are public data sources available which may allow researchers and analysts alike to finetune their detective skills using relatively accurate log files.
The installation of MISP has long been a contentious issue depending on which flavour of deployment you are willing to run in your environment. I am not overly a fan of the OVA deployments (since I have no control over what was deployed in there previously), and nor would I consider deploying a prebuilt OVA of that description within a production environment.
So instead I will be walking through the deployment of MISP through a newly released Shell script which takes care of everything in a one-liner.