The next workshop for the WLCG Security Operations Centre working group is due to take place at Nikhef from the 21st to 23rd October [1], following the HEPiX meeting the week before [2]. The mandate of this group is to develop reference security operations centre designs that can be deployed at a range of sites throughout the WLCG, however, the participation of neighbouring communities is very welcome.

The primary purpose of this workshop is the technical and social aspects of threat intelligence sharing, particularly using the Malware Information Sharing Platform (MISP); it is anticipated that a mock incident session will be used to explore the full workflow of:

– documenting an incident using a mock payload and developing a MISP event
– propagating this event from the WLCG MISP instance to participating sites
– seeking to detect the same payload at a remote site and providing appropriate alerts

Registration is now open on the meeting page.

[1] https://indico.cern.ch/event/827985/
[2] https://indico.cern.ch/event/810635/