# M2 SSI - 2024-02-09 M2 SSI - [website 2023/2024](https://www.foo.be/cours/dess-20232024/) ## Today's topics reference: [MISP automation](https://github.com/chrisr3d/misp-automation) - Play with MISP content creation libraries - Practical introduction to PyMISP (jupyter) - Examples on how to automate your taxonomies or galaxy clusters creation - An introduction to PCAP parsing - Discover (or not) some commonly used tools - How to extract information from network captures - Automation exercise - Applying knowledge on both network captures parsing and MISP automation tools to extract data from PCAPs and push it to MISP ## Project ideas ### Project format - Contribution to an existing knowledge base (MISP taxonomy, galaxy, etc.) - Extension to MISP (python module) - Automation tool - Documentation - ... ### How to - Add research notes - Describe your progress - Provide any partial piece of code even not complete - If the object of your work is an extension to an existing knowledge base, it is appreciated to provide the code to reproduce the result ### Topic ideas Some ideas to start with: - Extend AIL with new detection rule(s) - Develop a small tool (script, library, etc.) to detect certain types of: - credentials - leaks - threats - etc. - Create a new MISP module to extend data shared in MISP - by querying an external service (API) - Generate new MISP Galaxy Cluster or Taxonomy based on a topic of your choice Additional specific ideas: - Policy/impact on companies having incident based on paper -> https://academic.oup.com/cybersecurity/article/4/1/tyy006/5133288 - Create vulnerability type taxonomy or Galaxy -> https://github.com/MISP/misp-taxonomies/issues/267 - Create creator types taxonomy -> https://groups.niso.org/higherlogic/ws/public/download/26466/ANSI-NISO-Z39.104-2022.pdf - Review and improve preventive measures -> https://www.misp-galaxy.org/preventive-measure/ - Create a taxonomy or galaxy on the data protection measures - like defined by GDPR (RGPD in .fr) - Create a taxonomy or galaxy on the available surveillance tools - possible relation to the surveillance vendors galaxy