Академический Документы
Профессиональный Документы
Культура Документы
Saâd Kadhi
TheHive Project Leader
WHAT’S WRONG?
OBSERVATIONS
STATING THE OBVIOUS…
CTI
DETECT REACT
PREVENT
SHARE RECOVER
DRIVE DOWN THE TIME TO REACT
Continuous improvement
AUTOMATION
FAST-PACED HIGH NUMBER
THREAT OF SECURITY
LANDSCAPE EVENTS
COLLABORATION
TALENT LIMITED
COMPLEXITY
SHORTAGE MONEY & TIME
FACTS
▸ Collaboration
A A A A
ANALYZERS
STORAGE
WORKFLOW
AUDIT
TASK
TASK OBSERVABLE
OBSERVABLE ANALYZER
ANALYZER
TASK OBSERVABLE ANALYZER
USER
Alert Sources
Alert
(SIEM, email, …) Feeders
Raise alerts
Security Incident
Response Platform
An
es
al
as
yz
c
e
rt
nt
ob
po
ve
se
Ex
le
rv
l
a
Po
bl
es
Threat Sharing
Observable Analysis
Platform Engine
Enrich events
Additional analyzers
Sea
rch Analyzers
Expansion Modules o bser
vab
les w
ithin
MIS
P ev
ents
27 ANALYZERS (AND COUNTING)
GOOGLE SAFE
CIRCL PSSL CIRCL PDNS JOE SANDBOX CUCKOO
BROWSING
PHISHING OTXQUERY
FILEINFO NESSUS PHISHTANK
INITIATIVE
EMAIL
REPORTS
MISP
MISP 1
CIRCL
SIEM
SOCIAL MISP 2
MEDIA
MONITOR
THREAT
INTEL
PROVIDER
DOMAIN CUCKOO
ABUSE FINDER VIRUSTOTAL PASSIVETOTAL MAXMIND TOOLS SANDBOX
PHISHING
HIPPOCAMPE PHISHTANK OTXQUERY DNSDB
INITIATIVE JOE
SANDBOX
MISP SEARCH CIRCL PDNS CIRCL PSSL URLCATEGORY MSG PARSER
Analyzers
GOOGLE SAFE
FILEINFO YARA NESSUS YETI
BR.
Analyzers
GET THE SOFTWARE
TRAINING VM
AVAILABLE
▸ https://thehive-project.org/
▸ https://misp-project.org/
QUESTIONS?
THEHIVE PROJECT
CORE TEAM
CONTRIBUTORS
GUILLAUME
ERIC CAPUANO MEHDI ASCHY ANTOINE BRODIN
ROUSSE
NICK PRATLEY