IDPS-ESCAPE v0.10, SATRAP-DL v0.5 and PyFlowintel v0.3

hackathon.lu
1

IDPS-ESCAPE

Preparing the next release of IDPS-ESCAPE, SATRAP-DL and PyFlowintel with @gulsezim11 and @ivazsndv

  • Validation of one SONAR scenario (probably resource usage)
  • Validation of RADAR support for low-friction baseline threat detection (e.g. detection rules with no anomaly detection), aimed at rapid RADAR deployment without detailed scenario preparation
  • Unified configuration for RADAR and RTF (RADAR Test Framework)
  • Prototype of web management GUI for our Ansible-based RADAR deployment solution
  • Integrate Wazuh ruleset as Code (RaC) added into RADAR to complement its already existing DaC-based model

SATRAP-DL

PyFlowintel

  • Share feedback on Flowintel with the respective team and define updates on PyFlowintel according to the discussion

  • Release an update supporting the incomplete functionality in DECIPHER concerning the use of templates

DECIPHER

  • Update the deployment artifacts to support selecting the Flowintel version to deploy

  • Discuss and study refinements to the CTI scoring formula based on other available taxonomies in MISP, object grouping and MISP decaying models

1 Like
2

The tasks that has been completed during the hackathon and prior:

  1. Validation of RADAR support for low-friction baseline threat detection (e.g. detection rules with no anomaly detection), aimed at rapid RADAR deployment without detailed scenario preparation
  2. Unified configuration for RADAR and RTF (RADAR Test Framework)
1 Like
3

The task has been accomplished.

1 Like
4

The result of the hackathon for IDPS-ESCAPE could be found at idps-escape/CHANGELOG.md at main · AbstractionsLab/idps-escape · GitHub

5

The status by the end:

  • Validation of one SONAR scenario (probably resource usage)

  • Validation of RADAR support for low-friction baseline threat detection (e.g. detection rules with no anomaly detection), aimed at rapid RADAR deployment without detailed scenario preparation

  • Unified configuration for RADAR and RTF (RADAR Test Framework)

  • Prototype of web management GUI for our Ansible-based RADAR deployment solution

  • Integrate Wazuh ruleset as Code (RaC) added into RADAR to complement its already existing DaC-based model

PyFlowintel

  • Share feedback on Flowintel with the respective team and define updates on PyFlowintel according to the discussion

  • Unit tests for the case endpoint (and create issues in the flowintel repo)

DECIPHER

  • Update the deployment artifacts to support selecting the Flowintel version to deploy

  • Discuss and study refinements to the CTI scoring formula based on other available taxonomies in MISP, object grouping and MISP decaying models

6

The updates to PyFlowintel and DECIPHER are summarized in the CHANGELOGs of PyFlowintel v0.2.2 and SATRAP-DL v0.5.1

2 Likes