- Cybersecurity
- English
- Vilius Benetis
- Rūta Jašinskiene
- Kristina Hojstricova
Intermediate
Event organizer(s)
Description
This hands-on training program is designed to equip attendees from Least Developed Countries (LDCs) with practical analysis skills using MISP, one of the most widely adopted Threat Intelligence Platforms (TIP) in the field. MISP is a robust, open-source platform that organizations can use to store, share, and receive information about malware, threats, and vulnerabilities in a structured manner. Training will be delivered under the Cyber for Good project.
Participants will engage in discussions about the reasoning behind various CTI analysis tasks and explore real-world scenarios to understand how responder teams effectively leverage CTI through MISP. With a focus on intelligence sharing, including contributions to TIP, students will acquire critical knowledge about what information can be shared, the appropriate methods for sharing, and the right recipients, all tailored to specific objectives.
They will also learn how to extract valuable insights from intelligence feeds, develop strategic questions, create effective queries, and share intelligence to maximize organizational benefits.
Access to the MISP platform will be provided, allowing participants to practice and complete homework assignments designed to reinforce their learning.
This training course is intended for incident response specialist and managers from least developed countries who are working in SOC or CISRT and use or are planning to use MISP, one of the most widely used Threat Intelligence Platform (TIP) platform in the field.
The training courses are open for applications from all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female applicants
At least basic knowledge on cyber threat Intelligence or an analyst job role.
Number of available places in the cohort: 30.
Upon completion of this course, participants will be able to:
- Use MISP for situational awareness, most common cyber threat intelligence tasks
- More effectively compose search queries in in CTI datasets
- Encode typical cyberthreat artifacts into MISP (for ex. scams, phishing, impersonation, technical attacks)
- Justify the creation/collection of own CTI datasets
The course consists of 3 modules and is divided into 2 online sessions lasting 5 hours daily with two 30-minute breaks.
Participants will be given access to the MISP CTI platform, where they will be able to not only complete the assignments, but also practice alongside the assignments to gain a better understanding of how it works and its benefits.
The first session ends with a practical task to be completed before the next session, and after the second session, participants are given several tasks to complete at their convenience within a week of the training. This will help them to reinforce the knowledge gained during the training and practice with MISP.
All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform.
To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical exercises, discussions to identify learning points, and individual notetaking to reflect on relevant habits that can be changed moving forward. At the end of each day, a review will be conducted to reinforce the key takeaways.
Students will be graded on whether or not they have completed the assignments 80% of the total, and on their active participation in the lectures (max. 20% for lecture attendance).
Activity / Weighting (%)
Practical assignment (homework_1) 40%
Practical assignment (homework_2) 40%
Active participation in lectures 20%
A total score higher than 70% is required to obtain the ITU certificate.
Module 1 Introduction to CTI – where it fits according to CSIRT services framework
Introduction to and discussion about Cyber Threat Intelligence, definition and purpose. Intelligence Lifecycle (direction, collection, processing, analysis, dissemination, evaluation).
CTI “location” in different services model – FIRST.org CSIRT services, SOC-CMM. What to expect from CTI and how it facilitates CSIRT operations.
Training activities details
Lecturing, discussions
Module 2 Value of CTI technology
Introduction to the MISP tool and interface
Practicing searching in MISP
CTI Outputs and deliverables, MISP examples
Typical CTI samples to understand their practical applications.
Training activities details
Lecturing, discussions
Practical assignment (semi-individual work)
Module 3 CTI data modelling
Data structures of CTI – STIX, MISP Objects, Galaxies, Tags
Encoding simple threat intelligence instance
Utilize internal and external threat intelligence feeds within MISP.
Training activities details
Lecturing, discussions
Practical assignment (homework)
Module 4 Processes and workflows of Situational Awareness
Typical activities and workflows of CTI analyst
Challenges of CTI analyst
Learning how different organizations are using MISP and other CTI platforms
Training activities details
Lecturing, discussions
Module 5 Cyber events encoding into CTI platform
Methods to decompose different cyberthreat events (scam, phishing etc.) into data structures
Encoding scams, phishing into the MISP
Training activities details
Lecturing, discussions
Practical assignment (semi-individual work)
Module 6 Sharing of CT
Facilitating the exchange of Indicators of Compromise among trusted communities.
Understand different sharing models in MISP (private, community, public).
Configure secure sharing of CTI data with trusted partners.
Training activities details
Lecturing, discussions
Practical assignments (homework)
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.