NGSOTI (Next Generation Security Operator Training Infrastructure) as an initiative to close a practical gap in cybersecurity education: training SOC analysts not just on individual tools, but on real-world workflows, collaboration, and the operational constraints they will face in modern Security Operations Centers. It emphasizes a human-centric approach—helping analysts learn how to detect, investigate, add context, and respond using realistic data and processes—supported through collaboration between academic and operational partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg.

NGSOTI is built as an integrated open-source ecosystem rather than a set of disconnected projects. MISP sits at the center as the backbone for threat-intelligence sharing and enrichment, while other components add operational realism: Vulnerability-Lookup connects vulnerability information to incident workflows (even beyond CVE identifiers), Poppy teaches high-volume filtering and performance-aware intelligence handling, Kunai provides Linux endpoint telemetry for hands-on detection engineering (with a sandbox integrated with MISP), Rulezet supports collaborative development and review of detection rules (Sigma/YARA/Suricata), and SkillAegis ties everything together with scenario-based training and evaluation. The overall message is that NGSOTI aims to model the full lifecycle of SOC work—from vulnerability context and threat intel through detection engineering and response—so training aligns with how SOCs actually operate.

Source: https://www.misp-project.org/2026/01/02/misp-ngsoti.html/