Defining MISP configuration recommendations to enhance R&E community collaboration

Submitted by ogomezal on

Agenda

  1. Taxonomy: 
    •  Define the preferred taxonomies that will potentially define synchronization rules.
  2. Galaxy Policy:
    • Establishing guidelines for the utilization of galaxies and their role in threat intelligence classification.

Action Items

  • Publish the recommendations on GitLab to facilitate distribution and promotion within the community.
  • Define all configurations that may be relevant for the community and can be recommended by SAFER.

Other possible discussions

  1. Sharing/Distribution Policy:
    •  Defining and clarifying the scope of confidentiality within SAFER and the broader community, ensuring partners are aware and understand how to handle sensitive information appropriately.
  2. Suspension Policies:
    • Establishing clear criteria for the suspension of collaborators, such as lack of engagement (e.g., never logging in) and other.
  3. Decay Models Implementation:
    • Deciding on the implementation of decay models to manage the relevance and lifecycle of threat intelligence data.

General recommendations for the community

  1. Feed Selection and Quality Assessment:
    • Evaluating and deciding on the most useful feeds for inclusion, while minimizing the risk of false positives.
  2. Warning Lists Usage:
    • Determining which warning lists will be enabled and how they will be applied within the community.
Type
Lecture
Timezone
Europe/Zurich
Category
SAFER
Category ID
17656
Indico link
https://indico.cern.ch/event/1373574/
Indico iCal
https://indico.cern.ch/export/event/1373574.ics
Start Date
End Date
Upcoming Events
ICRC 2025 - The Astroparticle Physics Conference
Conference / Department of Astronomy
TH Institute on Quantum Simulation & Computation in High-Energy Physics
Conference / TH institutes