Ansible Security Automation Workshop

Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Ansible Security Automation is our expansion deeper into the security use case. The goal is to provide a more efficient, streamlined way for security teams to automate their various processes for the identification, search, and response to security events.

In this workshop you will learn - step by step - how you can use Ansible to orchestrate three security investigation and response activities involving multiple security tools: an enterprise firewall (CheckPoint Next Generation Firewall), an intrusion detection system (Snort) and a SIEM (IBM QRadar).

In this workshop, you will learn the following:

Section one: Introduction to Ansible Security Automation Basics

• Exercise 1.1 - Exploring the lab environment
• Exercise 1.2 - Executing the first Check Point playbook
• Exercise 1.3 - Executing the first Snort playbook
• Exercise 1.4 - Executing the first IBM QRadar playbook

Section two: Ansible Security Automation Use Cases

• Exercise 2.1 - Detection and triage of suspicious activities
• Exercise 2.2 - Threat hunting
• Exercise 2.3 - Incident response
• Exercise 2.4 - Wrap it all up

Who should attend:

• DevOps engineers, operations engineers, systems engineers, release engineers, system administrators, developers, operations staff, network engineers, security professionals and anyone interested in IT automation.

What are the requirements:

• Attendees should have working knowledge of using SSH and command line shell (BASH) as well as a conceptual understanding of linux system admin, DevOps, and distributed application architecture.
• Attendees must use a personal laptop with admin rights and the ability to SSH to a lab environment hosted in a public cloud.