Security Automation
The Security Automation Working Group collaborates on Topics in Information Security Automation in Ansible.
Ansible can be the automation glue between disjoint systems and security appliances that have little to no integrations. Security Operators can utilize Ansible to be more productive, adapt to the growing demand of the modern IT landscape, ensure consistency in their IT environments, and respond to security incidents faster. Beyond that, Ansible can be utilized for automated implementation of security standards, systems hardening, and compliance. Our goal here is to help foster a cross discipline and cross functional collaborative community of Information Security Professionals through the power of automation via Ansible.
Learn more about security automation challenges at ansible.com.
We just had a new blog post: Getting Started with Ansible and Check Point (2020-04-13)
| Name | GitHub (+ IRC) | Role | Affiliation |
|---|---|---|---|
| Adam Miller | maxamillion | Lead | Red Hat/Ansible |
| Sumit Jaiswal | justjais | Lead | Red Hat/Ansible |
| Abhijeet Kasurde | Akasurde | Member | Red Hat/Ansible |
| James Cassell | jamescassell | Reviewer | Independent |
| Thomas Young | tyoung2018 | Reviewer | Red Hat |
| Jonathan Lozada De La Matta | jlozadad | Member | Red Hat |
| Francisco Ramirez | Cisco-redhat | Member | Red Hat |
| Roland Wolters | liquidat | Member | Red Hat |
Add yourself to this list as a Reviewer (help review PRs) or as a Member (discuss issues/roadmap) and join the IRC Channel! :)
- Ansible security on Galaxy
- Ansible Security Collections & Roles
- What security automation is all about
- Ansible Security Workshop exercises
- Security Automation playlist in our Ansible youtube channel
- Getting Started with Ansible and Check Point; April 13, 2020 by Sumit Jaiswal
- Getting Started with Ansible Security Automation: Investigation Enrichment; April 6, 2020 by Roland Wolters
- The journey to security automation; October 7, 2019 by Massimo Ferrari
- Ansible Security Automation is our Answer to the Lack of Integration across the IT Industry; September 20, 2019 by Alessandro Perilli
If you want to bring up an issue, a review-request or a PR to discuss on the meeting, just put it on the meeting agenda.
We have weekly meetings on Mondays at 15:00 UTC on IRC channel #ansible-security.
Meetings are managed and logged by meetbot, we use the Fedora Project møte: meeting wrangler. Meeting minutes and logs are available by channel or by team. For community members interested in how to use meetbot or how to host an effective meeting, please consult this guide.
Feedback welcome in the #ansible-security IRC channel!
- Move modules from /network to security collections?
- Improve existing collections
- Identify missing collections/features
- Get workshop in a shape to demo other vendors
- Get workshop in a shape to demo more use cases
You can find the general Ansible roadmaps at Ansible Roadmaps.
- Help foster a community of automation practitioners in Information Security
- Collaborative development on various efforts in the community space
- Engagement with the broader InfoSec Community (meetups, events, online communities, etc)
- Your idea here!
| Project | Status |
|---|---|
| IBM QRadar Collection |
 
|
| Splunk Enterprise Security Collection |
 
|
| Symantec Endpoint Protection Manager |
 
|
| ids_install Role |
 
|
| ids_config Role |
 
|
| ids_rule Role |
 
|
| ids_rule_facts Role |
 
|
| log_manager Role |
 
|
| acl_manager Role |
 
|
We exist within the Ansible Community and therefore use all typical outlets you would expect us to. However, we do have our own #ansible-security IRC channel as our discussions would often be off-topic for other channels.