Lecture 4 pt. 7

Question 1

What does MISP stand for?

Answer 1

MISP stands for Malware Information Sharing Platform.

Question 2

What is TheHive?

Answer 2

TheHive is a scalable, open source, and free Security Incident Response Platform, integrated with MISP, designed for SOCs, CSIRTs, CERTs, and information security practitioners.

Question 3

What is a Detection Playbook?

Answer 3

A Detection Playbook consists of individual Plays that describe different aspects of a particular detection strategy.

Question 4

Fill in the blank: TheHive is a scalable, open source Security Incident Response Platform tightly integrated with _______.

Answer 4

MISP

Question 5

What is the primary focus of osquery?

Answer 5

To leverage a relational data-model to describe a device using SQL commands

Question 6

What is Wazuh?

Answer 6

A full-featured HIDS solution providing endpoint protection mechanisms

Question 7

What does Snort do?

Answer 7

It’s a Network Intrusion Detection System (NIDS) that sniffs network traffic and generates alerts

Question 8

What is the function of the Cyber Swiss Army Knife, CyberChef?

Answer 8

To carry out various ‘cyber’ operations within a web browser

Question 9

What tool provides an interactive dashboard for visualizing NSM data?

Answer 9

Kibana

Question 10

What are the four priority levels in Sguil alerts?

Answer 10

• Very low
• Low
• Medium
• High