FOSStering an ISAC: Enabling a Community with Open-Source Tools

Defending against the latest threats requires timely, actionable intelligence. In an active sharing community that has members of varying maturity, resources, and team staffing, you need a way to collect, normalize, enrich, and vet the shared intelligence at scale. Most will have different intelligence requirements, so flexibility is demanded to tailor to the disparate use-cases and existing workflows they may have. This presentation shows how the Retail & Hospitality ISAC leverages MISP as a community instance for their members and incorporates other free and open-source software to address these topics and more! Presentation Importance: I'm making this presentation because I want to drive the importance of sharing threat intelligence, being a part of a sharing community, and especially on the use of free and open source software. Lots of organizations today are facing very similar threats. Having a platform to facilitate the sharing and dissemination of threat intelligence is vital to any sharing community and by leveraging free and open source software you don't need to break the bank to do so.