Ansible Security Workshop

Who is this workshop best for?

The workshop is intended as an introductory course for Ansible® Security Automation designed for people who want to learn how Ansible can be leveraged in security environments. The intended audience is technical professionals in automation [part of a cross-functional team or supporting other vertical teams in their company], security operations and vulnerability management. There is no previous knowledge about Ansible required to access this workshop, though it certainly helps.

Description

Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Get started with Ansible Security Automation by implementing automation for three security use cases:

• orchestrating firewalls
• IDS and SIEM: investigating suspicious traffic on a web server
• threat hunting: analyzing unusual denied accesses on a firewall and remediation of a SQL injection

After a brief introduction, this workshop will guide you through basic concepts and show you how to use Ansible security automation in combination with existing third-party security solutions.

Agenda

Introduction to Ansible Security Automation Basics

• Executing the first Check Point playbook
• Executing the first Snort playbook
• Executing the first IBM QRadar playbook

Ansible Security Automation Use Cases

• Investigation Enrichment
• Threat hunting
• Incident response