Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Ansible Security Automation is our expansion deeper into the security use case. The goal is to provide a more efficient, streamlined way for security teams to automate their various processes for the identification, search, and response to security events.
In this workshop shows you will learn - step by step - how you can use Ansible to orchestrate 3 security investigation and response activities involving multiple security tools: an enterprise firewall (CheckPoint Next Generation Firewall), an intrusion detection system (Snort) and a SIEM (IBM QRadar).
Read this in other languages: English.
The time required to do the workshops strongly depends on multiple factors: the number of participants, how familiar those are with Linux in general and how much discussions are done in between.
Given students with basic experience with Ansible:
- the introduction takes roughly 30 minutes
- the first exercise takes roughly one hour
- the second exercise takes roughly two hours
If your experience is different in schedulung those workshops, please let us know and fill an issue.
- Exercise 1.1 - Exploring the lab environment
- Exercise 1.2 - Executing the first Check Point playbook
- Exercise 1.3 - Executing the first Snort playbook
- Exercise 1.4 - Executing the first IBM QRadar playbook
- Exercise 2.1 - Investigation Enrichment
- Exercise 2.2 - Threat hunting
- Exercise 2.3 - Incident response