Upload File

stackstorm - inovex · stackstorm stackstorm matches siem alert to invalid access rule, begins...

  • Home
  • Documents
  • Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins
10
Stackstorm Event Driven Automation Alexander Köhler Karlsruhe, 25.08.2016

Upload: others

Post on 22-May-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Stackstorm

Event Driven Automation

Alexander Köhler Karlsruhe, 25.08.2016

Page 2: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

2

IFTTT.

Page 3: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

3

Event-Driven

Event Regel Aktion

Page 4: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Host B

4

Grundprinzip

Host A

st2sensorcontainer

Sensor

st2api

WebHook

Message Q

ueu

e

st2ruleengine

Trigger

Bedingung

st2actionrunner

ActionHost B

Host A

Service

Page 5: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

5

Demo

CLI {Trigger; Actions; Execution History}

Web GUI {Rules}

Webhooks

Page 6: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Workflow

6

ActionChains

Event Regel

Aktion

AktionAktion

Aktion

Aktion

..oder auch Workflows

Page 7: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

7

Wozu kann man es nutzen?

• Auto-Remedation

• Runbook-Automation

• Chatops

• CI/CD

Page 8: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

8https://www.tomaz.me/slides/event-driven-infrastructure-automation-with-stackstorm/#27

Beispiele

Page 9: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

9

TL; DR

• Weiterentwicklung in Community & Enterprise Edition

• Übergreifende, integrative Plattform

• Scaling: einzelne Teil-Dienste können ausgelagert werden.

• Technologie-Stack: Nginx (FrontEnd), RabbitMQ(MessageQueue), MongoDB (Auditierung), PostgreSql(integrierte Mistral Workflow Engine),

• Community-basedPacks erleichtern den Einstieg (https://github.com/StackStorm/st2contrib)

• Rezentralisieren von Automationen

Page 10: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Vielen Dank

Alexander Köhler

DevOps Engineer Linux

inovex GmbH

Ludwig-Erhard-Allee 6

76131 Karlsruhe

[email protected]

0173 3181 034


Von der Kosten- auf die Umsatzseite - inovex...Quelle: Blog inovex: Datenprodukte erklärt, 2017. 8 Wie findet man Datenprodukte? 9 Ideengenerierung 1. Vorhandene Daten anschauen 2

Selenium Begins

Social Business Erfolgsmessung - inovex GmbH · PDF fileSocial Business Erfolgsmessung ... Das Need-Capability-Result Model Needs . Results . Social Business . Measure- ... Maturity

Software QS-Tag 2017 - Home - inovex GmbH ·  · 2017-10-25 14 ... Model-Based Tester › 2016: ... Quadrant 32 im V …

Katello / Pulp / Candlepin - inovex · Lifecycle Management (versch. ENV's) ... Candlepin - Subscription Management Pulp - Repository and Content Management Foreman - Provisioning

Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

Docker’ized Microservices - inovex GmbH · Docker’ized Microservices 18.12.2014 ... Vagrant Vagrant.configure ... $ vagrant up --provider=docker @ Continuous Delivery Commit stage

Serverprovisioning in einer dynamischen Infrastruktur ... · PDF fileAlexander Pacnik inovex GmbH . 24.05.12 2 ... Server-Orchestration 24.05.12 23 Zustand Puppet Configure Pakete

Jax2009 inovex-tjoch-lift-20090423

Clojure testing with Midje - inovex GmbH · Clojure testing with Midje Author: Tobias Bayer, inovex Subject: clojure, midje, testing Keywords: clojure, midje, testing Created Date:

ST2 Community Update · • All of Mistral functionality, and more. StackStorm Trigger Types e core. st2 CronT i mer No PARAMETERS . StackStorrn Packs v AVAILABLE CONFIG . StackStorm

inovex Meetup Cologne Johannes Giani Köln, 14.05 · • Seit Juli 2017 bei inovex • Masterthesis zum Thema Microservices • Ziel: Handlungsempfehlung für Migrationsprojekte 2

Material Design - Backwards Compatibility - inovex … · Material Design Backwards Compatibility. 2 ... support-annotations:21.0.2' compile 'com.android.support:support-annotations:21.0.2

Revolution Begins

今話題の は 何が嬉しいのか - 日本OSS推進フォーラムossforum.jp/jossfiles/LT201712N11.pdf · 2018-01-10 · StackStorm Sensors Message Queue 00 StackStorm Workers

StackStorm DevOps Automation Webinar

inovex insights: Auswirkung von Social-Media-Aktivitäten auf das Employer Branding - Fokus auf Finanzsektor/Regional-Banken

Kubernetes - inovex GmbH · Kubernetes An open platform for container orchestration Johannes M. Scheuermann Karlsruhe, 30.08.2017

DevOps - inovex · DevOps bedeutet ‣ Technische Komplexität durch Automatisierung und schnelles Feedback zu reduzieren ‣ Organisatorische Komplexität durch Abbau von Verantwortungs-

GeLiftete Web-Applikation mit Scala - Tobias Joch - inovex GmbH

IT Innovation at Dimension Data: DevOps Beyond Deployment ... · IT Innovation at Dimension Data: DevOps Beyond Deployment with StackStorm. ... •Introducing software as a key skill

Findeis inovex robert_boschgmbh-vortrag-WiMa2014

CoreOS integration for Foreman - inovex GmbH · inovex GmbH | Ludwig-Erhard-Allee 6 | 76131 Karlsruhe | Tel. +49 721 619021-0 | [email protected] | CoreOS integration for Foreman

Jax2013 came-karaf-cellar-inovex

React mit TypeScript - inovex...2018/06/25  · › react-transition-group › Firebase › Jest, Mocha, Chai, Sinon › Moment.js › Fetch & Axios › Styleguidist & Storybook ›

FaaS Shell - Linux Foundation Events...Apps Azure Functions Twilio StackStorm IBM Functions Composer IBM Cloud Functions Apache OpenWhisk Fission Workflow Fission Why FaaS Shell? Serverless

Stackstorm – Event driven Automation

Suche mit Apache Lucene & Co Christian Meder - inovex GmbH

Spotlight Data Products - inovex · Spotlight Data Products Digitale Produktanreicherung als Geschäftsmodell für die Beleuchtungsindustrie Dr. Christoph Tempich inovex GmbH Düsseldorf,

Distributed Work with Gearman · Dominik Jungowski 27 years old Scrum Coach at inovex GmbH Psychology student at Fernuni Hagen

Hive begins

OpenStack and Containers - inovex GmbH · OpenStack and Containers ... (Cisco) Adrian Otto ... To use OpenStack as a first class citizen for

Elasticsearch - Suche im Zeitalter der Clouds · PDF fileElasticSearch – Suche im Zeitalter der Clouds Christian Meder Bernhard Pflugfelder inovex Gmbh

Redis begins

WW1 BEGINS