Meeting Archive:
Fresh Prints of Mal-ware: Why The OpenIOC Framework Needs a Facelift

Meeting Description:
The OpenIOC Framework has been in use for over five years without a schema change. In that time, we've matured as an industry and the current process of OpenIOC is beginning to show its age. In order for OpenIOC to support the needs of the incident responder, the format needs to change by identifying weaknesses and exploring ideas for improvement.  
In this webinar, we will explain the history of OpenIOC, identity some of its more apparent shortcomings and explore possible modifications to extend its utility.
Attendees will be shown:
  • A brief history of the OpenIOC framework
  • Deep-dive explanation of process
    • How it is failing as industry needs change
    • How we can improve it
  • Current Intelligence
    • Discussion of the recent APT1 report 
    • Using IOCEditor & Redline to work with the 3,000 indicators
  • Tactical vs. Strategic approach
  • A call for ideas from attendees
    • Share your ideas with us
As always, we will leave plenty of time for Q&A.
Date: Thu, Feb 21, 2013
Time: 02:00 PM EST
Duration: 1 hour
Host(s): Mandiant
 Presenter Information
David Ross - MCIRT Technical Director

Shanna Battaglia - Incident Analyst, MCIRT