Managed MISP instance
Private malware repository
Financial fraud prevention
Cosive Principal Consultant and CTI expert Prescott Pym discusses the how and why of threat sharing communities, including CTIS, the Australian Signals Directorate's national threat sharing program.
MISP is a powerful open source threat intelligence and sharing platform used by countless SOC teams around the world. Getting a barebones MISP instance up and running is well within the skill-set of most SOC teams. Download MISP, run it on a VM, and log in to the MISP admin console using default credentials… all within about 10 minutes. That part is easy. Now for the hard part: how do you get from a barebones MISP install to actually using MISP to solve real-world cybersecurity problems? Making that leap can be much more complex and challenging than it may seem on the surface.
Security.txt is an effort to make life easier for security researchers and incident responders, and to increase the likelihood that the right people will get notified about security issues. The premise of the idea is that organisations add a ‘security.txt’ document under the ‘.well-known’ directory of websites so that people concerned about your organisation’s security know who to contact. Generally, this will be coupled with a ‘security@’ email address which goes directly to the person or team responsible for security. Here are reasons why adding a security.txt file to your website is probably a good idea.