11-12 December 2017
Europe/Zurich timezone

Please note: if you require a visitor's pass to attend this event in person, please indicate this in the registration form.

Update [Tuesday 5/12]: Baseline requirements

To help sites decide if they would benefit from attending, we would identify these broad areas as being of particular focus for this workshop:

  1. Installation of Bro
  2. Installation of MISP
  3. Integration of Bro & MISP
  4. Enrichment of Bro data and integration into wider SOC components

The intention of the workshop is to allow sites with different levels of experience and areas of interest to make meaningful progress. A guide timeline for a site with no previous experience could be (for the full day of the 12th of December):

  • 9-10: Initial site preparation including network configuration and initial basic configuration
  • 10-12: Initial installation and configuration of Bro
  • 2-3: Initial installation and configuration of MISP web instance
  • 3-4: Integration of MISP and Bro
  • 4-6: Discussion

The outline agenda for each day is planned as (exact timings to follow):

Monday 2pm-6pm

  • Introduction
  • Demonstration of CERN SOC
  • Discussion of outcomes for the workshop including necessary components and specific goals of individual sites

Tuesday 9am-6pm

  • Guided workshop as discussed above
  • Identify areas where sites can work together, for example to generate provisioning modules or to enhance existing documentation
  • Wrap up period to include feedback, ongoing activities generated from workshop, future goals for working group, and potential future workshop plans
Registration for this event is currently open.