This is documentation for Ansible Automation Platform 2
Get started with Ansible Security Automation by implementing automation for three security use cases: 1) orchestrating firewalls, 2) IDS and SIEM: investigating suspicious traffic on a web server, and 3) threat hunting: analyzing unusual denied accesses on a firewall and remediation of a SQL injection. After a brief introduction, this workshop will guide you through basic concepts and show you how to use Ansible security automation in combination with existing third-party security solutions.
Read this in other languages:
English, 日本語, Français.
The time required to do the workshops strongly depends on multiple factors: the number of participants, how familiar those are with Linux in general and how much discussions are done in between.
Given students with basic experience with Ansible:
- the introduction takes roughly 30 minutes
- the first exercise takes roughly one hour
- the second exercise takes roughly two hours
If your experience is different in scheduling those workshops, please let us know and fill an issue.
- Exercise 1.1 - Exploring the lab environment
- Exercise 1.2 - Executing the first Check Point playbook
- Exercise 1.3 - Executing the first Snort playbook
- Exercise 1.4 - Executing the first IBM QRadar playbook
- Exercise 2.1 - Investigation Enrichment
- Exercise 2.2 - Threat hunting
- Exercise 2.3 - Incident response