Ansible Security Automation Hands-on LIVE Workshop (PERTH)

Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Ansible Security Automation is our expansion deeper into the security use case. The goal is to provide a more efficient, streamlined way for security teams to automate their various processes for the identification, search, and response to security events.

This workshop shows - step by step - how you can use Ansible to orchestrate three security investigation and response activities. It will provide examples of how to automate security operations involving multiple security tools: an enterprise firewall (CheckPoint Next Generation Firewall), an intrusion detection system (Snort) and a SIEM (IBM QRadar).

Attendees will learn the following:

Section one: Introduction to Ansible Security Automation Basics

• Exercise 1.1 - Exploring the lab environment
• Exercise 1.2 - Executing the first Check Point playbook
• Exercise 1.3 - Executing the first Snort playbook
• Exercise 1.4 - Executing the first IBM QRadar playbook

Section two: Ansible Security Automation Use Cases

• Exercise 2.1 - Detection and triage of suspicious activities
• Exercise 2.2 - Threat hunting
• Exercise 2.3 - Incident response
• Exercise 2.4 - Wrap it all up

Who should attend:

• DevOps engineers, operations engineers, systems engineers, release engineers, system administrators, developers, operations staff, network engineers, security professionals and anyone interested in IT automation.

Prerequisites:

• Attendees should have a working knowledge of using SSH and command line shell (BASH) as well as a conceptual understanding of Linux system admin, DevOps, and distributed application architecture.
• Attendees must use a personal laptop with admin rights and the ability to SSH to a lab environment hosted in a public cloud.

Virtual Workshop details to be announced to registrants via email soon.