• Aucun résultat trouvé

FIR Fast Incident Response

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "FIR Fast Incident Response"

Copied!
24
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

FIR

Fast Incident Response

(2)

Questions ?

Ask them any time

(3)

Life before FIR

was not tender

6000 line Excel file

1 row per incident, some columns 1 cell for eventual comments

Stats & reports were generated with a macro Single user (locked files)

(4)

No tracking

(5)

No tracking No lessons

learned

(6)

No tracking No lessons

learned

No intel

(7)

Alternatives

back in 2012

We asked around...

Commercial solutions → not well adapted RTIR (Request Tracker mod) → user hostile No serious FOSS project

(8)

No flexibility

(9)

No flexibility Workflow

changes

(10)

No flexibility Workflow

changes

~50% need

coverage

(11)

The solution seemed

pretty clear

(12)

BUILD !

Tailored environment No useless features

Near-perfect UX

(13)

FIR in a nutshell

Count, track, manage cybersec incidents More efficient, less overhead

Provides intelligence on past incidents

Generates on-demand reports and statistics Extensible framework

Multi-user (web-based)

Workflow demo

(14)

And more ...

Demos, demos, demos!

collection correlation

Investigation (nuggets) Incident

Artifact Incident

timelines attributes

Statistics

(15)

Under the hood

Web framework - Django Main language - Python

Sugar coating - Bootstrap + jQuery Bells and whistles - D3.js

Database - MySQL (not limited to...)

(16)

Similar stuff

- more malware -centric - more intel -centric

MISP

CRITS

(17)

FIR as in beer

(18)

Why open it?

Figured that most IR teams had been confronted to the problem

Give something back to the community Learn from their contributions

(19)

Why open it?

Figured that most IR teams had been confronted to the problem

Give something back to the community Learn from their contributions

Challenge

(20)

Why open it?

Figured that most IR teams had been confronted to the problem

Give something back to the community Learn from their contributions

Challenge - make it as generic as

possible

(21)

Not custom enough?

Roll your own ,

then share

(22)

Contributions

Available on since March Internationalisation (+ in le French) Dockerfiles

New modules! (artifacts, articles) 7 merged PRs, 42 forks, 29 issues Globally positive feedback

GitHub

(23)

Roadmap

More work on the TI part Email ingestion

Web API

Events & hooks

(24)

That's all folks!

Last chance for questions

$ git clone https://github.com/certsocietegenerale/FIR

Références

Télécharger maintenant ( PDF - 24 Page - 80.33 KB )

Documents relatifs

Le no a, une maladie qui ne

Les membres du réseau international d'action contre le noma - qu'ils tra- vaillent pour des gouvernements , pour des organisations internationales ou non-

k NO NO (1) N O + k k (2)NO O NO NO NO + + + k 3 NO N O (3) NO +

Montrer que le mécanisme est compatible avec l’ordre expérimental déterminé et exprimer la constante de vitesse k en fonction des constantes de vitesse k i

A Model to Summarize User Action Log Files

In this work, a new method to produce a concise summary of sequences of events related to time is presented, which is based on the data size reduction obtained merging time

Transformer-based model on aviation incident reports

According to (Chalkidis et al., 2020 ; Gu et al., 2021 ; Beltagy et al., 2019), when used in a context where the text is related to a specialized field, a heavy performance factor

MATHEMATICAL REPORTS VOL. 11(61)· No. 1· 2009

Monica PATRICHE Equilibrium of abstract economies in L.C.- metric spaces Costin Ciprian POPESCU A clustering model with Rényi entropy regularization J. RUIZ de

Plant Mutation Reports Vol. 2, No. 3, March 2011 | IAEA

Plants treated with chemical mutagenic agents and gamma rays exhibited different responses, depending on the cultivar, concentration of chemical mutagens and duration

Plant Mutation Reports Vol. 2, No. 2, June 2010 | IAEA

She has succeeded in portraying a comprehensive picture of research and application of mutation breeding in Bulgaria: about 80 mutant varieties of 14 different plant species;

Plant Mutation Reports Vol. 2, No. 1, December 2008 | IAEA

In the in- vestigation of gamma irradiation effects on mungbean, we observed a series of morphological changes such as stunted plants, reduction of the length of primary