Ansible Security Automation Workshop

Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Ansible Security Automation is our expansion deeper into the security use case. The goal is to provide a more efficient, streamlined way for security teams to automate their various processes for the identification, search, and response to security events.

In this workshop you will learn - step by step - how you can use Ansible to orchestrate three security investigation and response activities involving multiple security tools: an enterprise firewall (CheckPoint Next Generation Firewall), an intrusion detection system (Snort) and a SIEM (IBM QRadar).

You will learn the following:

Section 1: Introduction to Ansible Security Automation Basics

• Exercise 1.1 - How Ansible works for network automation
• Exercise 1.2 - Exploring the lab environment
• Exercise 1.3 - Executing the first Check Point playbook
• Exercise 1.4 - Executing the first Snort playbook
• Exercise 1.5 - Executing the first IBM QRadar playbook

Section 2: Ansible Security Automation Use Cases

• Exercise 2.1 - Detection and triage of suspicious activities
• Exercise 2.2 - Threat hunting
• Exercise 2.3 - Incident response
• Exercise 2.4 - Wrap it all up

Who is this workshop best for?

• The workshop is intended as an introductory course for Ansible Security Automation designed for people who want to learn how Ansible can be leveraged in security environments. The intended audience is technical professionals in automation [part of a cross-functional team or supporting other vertical teams in their company], security operations and vulnerability management.
• There is no previous knowledge about Ansible required to access this workshop, though it certainly helps.

Who should attend:

• DevOps engineers, operations engineers, systems engineers, release engineers, system administrators, developers, operations staff, network engineers, security professionals and anyone interested in IT automation.

What are the requirements:

• Attendees should have working knowledge of using SSH and command line shell (BASH) as well as a conceptual understanding of linux system admin, DevOps, and distributed application architecture.
• Attendees must use a personal laptop with admin rights and the ability to SSH to a lab environment hosted in a public cloud.