Registration
Start Date:
End Date:
Event dates
Start Date:
End Date:
Location
Global or multi-regional
Training topics
  • Cybersecurity
Training type
Training course
Training modality
Online instructor led
Languages
  • English
Event mail contact
rj@nrdcs.lt
Tutors
  • Vilius Benetis
Coordinators
  • Rūta Jašinskiene
  • Kristina Hojstricova
Course level

Intermediate

Duration
2 days
Price
$0.00

Event organizer(s)

NRD logo
NRD Cyber Security (NRDCS)

Description

This hands-on training program is designed to equip attendees from Least Developed Countries (LDCs) with practical analysis skills using MISP, one of the most widely adopted Threat Intelligence Platforms (TIP) in the field. MISP is a robust, open-source platform that organizations can use to store, share, and receive information about malware, threats, and vulnerabilities in a structured manner. Training will be delivered under the Cyber for Good project.

Participants will engage in discussions about the reasoning behind various CTI analysis tasks and explore real-world scenarios to understand how responder teams effectively leverage CTI through MISP. With a focus on intelligence sharing, including contributions to TIP, students will acquire critical knowledge about what information can be shared, the appropriate methods for sharing, and the right recipients, all tailored to specific objectives.

They will also learn how to extract valuable insights from intelligence feeds, develop strategic questions, create effective queries, and share intelligence to maximize organizational benefits.

Access to the MISP platform will be provided, allowing participants to practice and complete homework assignments designed to reinforce their learning.

This training course is intended for incident response specialist and managers from least developed countries who are working in SOC or CISRT and use or are planning to use MISP, one of the most widely used Threat Intelligence Platform (TIP) platform in the field. 

The training courses are open for applications from all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female applicants 

At least basic knowledge on cyber threat Intelligence or an analyst job role. 

Number of available places in the cohort: 30. 

Upon completion of this course, participants will be able to:  

 

  • Use MISP for situational awareness, most common cyber threat intelligence tasks 
  • More effectively compose search queries in in CTI datasets  
  • Encode typical cyberthreat artifacts into MISP (for ex. scams, phishing, impersonation, technical attacks) 
  • Justify the creation/collection of own CTI datasets  

The course consists of 3 modules and is divided into 2 online sessions lasting 5 hours daily with two 30-minute breaks. 

Participants will be given access to the MISP CTI platform, where they will be able to not only complete the assignments, but also practice alongside the assignments to gain a better understanding of how it works and its benefits. 

The first session ends with a practical task to be completed before the next session, and after the second session, participants are given several tasks to complete at their convenience within a week of the training. This will help them to reinforce the knowledge gained during the training and practice with MISP. 

All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform. 

To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical exercises, discussions to identify learning points, and individual notetaking to reflect on relevant habits that can be changed moving forward. At the end of each day, a review will be conducted to reinforce the key takeaways. 

Students will be graded on whether or not they have completed the assignments 80% of the total, and on their active participation in the lectures (max. 20% for lecture attendance). 

 

Activity  / Weighting (%) 

Practical assignment (homework_1)  40% 

Practical assignment (homework_2)  40% 

Active participation in lectures  20% 

 

A total score higher than 70% is required to obtain the ITU certificate. 

Module 1 Introduction to CTI – where it fits according to CSIRT services framework 

Introduction to and discussion about Cyber Threat Intelligence, definition and purpose. Intelligence Lifecycle (direction, collection, processing, analysis, dissemination, evaluation). 

CTI “location” in different services model – FIRST.org CSIRT services, SOC-CMM. What to expect from CTI and how it facilitates CSIRT operations. 

Training activities details 

Lecturing, discussions  

 

Module 2 Value of CTI technology 

Introduction to the MISP tool and interface 

Practicing searching in MISP  

CTI Outputs and deliverables, MISP examples 
Typical CTI samples to understand their practical applications. 

Training activities details 

Lecturing, discussions 

Practical assignment (semi-individual work) 

 

Module 3 CTI data modelling   

Data structures of CTI – STIX, MISP Objects, Galaxies, Tags 

Encoding simple threat intelligence instance 

Utilize internal and external threat intelligence feeds within MISP. 

Training activities details 

Lecturing, discussions  

Practical assignment (homework) 

 

Module 4 Processes and workflows of Situational Awareness 

Typical activities and workflows of CTI analyst 

Challenges of CTI analyst  

Learning how different organizations are using MISP and other CTI platforms 

Training activities details 

Lecturing, discussions 

 

Module 5 Cyber events encoding into CTI platform 

Methods to decompose different cyberthreat events (scam, phishing etc.) into data structures 

Encoding scams, phishing into the MISP 

Training activities details 

Lecturing, discussions 

Practical assignment (semi-individual work) 

 

Module 6 Sharing of CT 

Facilitating the exchange of Indicators of Compromise among trusted communities.  

Understand different sharing models in MISP (private, community, public). 

Configure secure sharing of CTI data with trusted partners. 

Training activities details 

Lecturing, discussions 

Practical assignments (homework)  

 

Registration information

Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.

Related documentation and links
Share in

The registration to the course is closed.