Open-Source-Security-Software-hackathon/archive/OS3-20180326/etherpad-archive.md

OS3 hackathon - 26th March 2018 in Luxembourg and Japan

List of Projects, Team Members, Hackathon Page and Project Live Chat

This is the list of open source security software projects at the hackathon and the ongoing project during this hackathon event. Feel free to add your project.

• AIL
• WiP BGPRanking
• MISP, Core Team, Hackathon Page and MISP Gitter
• MISP dashboard
• [The Hive] (https://github.com/TheHive-Project/TheHive) (see also Cortex and Cortex-Analyzers on the github org (https://github.com/TheHive-Project ) page)
• https://github.com/monarc-project/MonarcAppFO - MONARC - Method for an Optimised aNAlysis of Risks

Outcome

List the current outcome including git repository, issue, notes, wiki or photo.

TheHive Project

Ideas for the day: - Review Cortex 2 documentation, create a QS guide. Target release date of Cortex 2: Thu March 29, 2018 - Make sure MISP will work with Cortex 2 (API update) for enrichment - Improve the Cortex FileInfo analyzer - Improve TheHive4py

Telco ideas

• Objects review: ss7, gtp, diam

• PyMISP

• Feeds:https://github.com/MISP/PyMISP/tree/master/examples/feed-generator-from-redis

• Feeds definition: enable preview, per event (down arrow = import)

• Sighting idea https://github.com/MISP/misp-sighting-tools/blob/master/bin/pcapreader.py

  Strategies for watching new events: ZMQ Feeds pubsub with all activities, API REST list events (last) through PyMISP (examples/last.py)

• IDS flag : per attributes, indicates automation can be enabled for this event

• Download as... : standardized format - https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod

• Expansion on value: modules / expansion: On Net / Roaming

Use cases:

• PTM Import Hot numbers "phone-numbers" attributes: PROTO WORKING
• Feed to import events
• Add "hits" to events: Sightings
• Expansion on values related to telco on P1 central db (GDPR friendly)
• VKB Expansion: module to match vague Title/Description/related topic to Precise Vulnerability record
• Tags fromt MISPobject (VKB)

Problem: FIXED: How to get same results as https://misppriv.circl.lu/attributes/search Results for all attributes of type "phone-number" --> 197 results with: ./searchall.py -s phone_number | jq . | grep 'phone-number' | wc 39 78 1558 OPEN: Can a feed item have sightings?

Practical details

Venue Luxembourg

• CIRCL - Computer Incident Response Center Luxembourg, c/o "security made in Lëtzebuerg" (SMILE) g.i.e., 16, bd d'Avranches, L-1160 Luxembourg

Venue Japan

• JPCERT/CC - 東京都千代田区神田錦町3-17 廣瀬ビル11 階

Pad Japan

https://pad.riseup.net/p/OS1-Tokyo-hackathon

Open Questions

Feel free to add your question below.

• How the transition of projects/ideas will be done between Luxembourg and Japan?

Misc Contributions

Phil: Let me share some great tool that we feel is better than etherpad now: HackMD https://github.com/hackmdio/hackmd

docker-hackmd: https://github.com/hackmdio/docker-hackmd

test it here: https://hackmd.io/8IhqdQlqSQeCCdqac2t0rQ

Fabien: I have a nice tool that we use in our day to day. If someone is interested in "Web Application Security Scanner Framework" -> https://github.com/Arachni/arachni

MISP Notice

MISP/misp-noticelist : https://github.com/MISP/misp-noticelist