The purpose of the symposium was to provide an appropriate platform for senior ICT and cyber security officials from the Africa region to discuss, formulate strategic directions and plans to tackle emerging threats to the global and regional Security sector and the purpose of the cyberdrill was to enhance the communication and incident response capabilities of the participating teams as well as to ensure a continued collective effort in mitigating cyber threats among the Region’s national Computer Incident Response Teams (CIRTs).
The cyberdrill exercise was structured around various scenarios involving the most common types of cyberattacks while the sharing sessions provides a platform for cooperation and discussions on cybersecurity.
Building threat Intel pipelines Course level: Intermediate (1st & 2nd October 2018)
1. Participants should be familiar with the operational aspects of CSIRTs/SOCs, including incident handling, analysis and mitigation. In particular, a good understanding of IoCs and other types of information used for network defense is crucial.
2. The hands-on part will require a laptop with a recent version of VirtualBox (virtualbox.org) and capable of running a VM with 4G of RAM and 20G disk. Alternatively, participants will be able to use their own Linux systems directly, as long as they have docker and docker-compose installed.
The course covers the design of processes to effectively handle variety of information useful for security operations. Participants will learn how to select sources of information and how to process it to obtain actionable conclusions. Issues related to the evaluation, collection, analysis and exchange of information will be explained. The training includes a hands-on practical part, which will introduce several open source tools for handling threat intelligence and incident-related data.