• Home

  • Documents

  • Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins...
10
Stackstorm Event Driven Automation Alexander Köhler Karlsruhe, 25.08.2016

Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Stackstorm

Event Driven Automation

Alexander Köhler Karlsruhe, 25.08.2016

Page 2: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

2

IFTTT.

Page 3: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

3

Event-Driven

Event Regel Aktion

Page 4: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Host B

4

Grundprinzip

Host A

st2sensorcontainer

Sensor

st2api

WebHook

Message Q

ueu

e

st2ruleengine

Trigger

Bedingung

st2actionrunner

ActionHost B

Host A

Service

Page 5: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

5

Demo

CLI {Trigger; Actions; Execution History}

Web GUI {Rules}

Webhooks

Page 6: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Workflow

6

ActionChains

Event Regel

Aktion

AktionAktion

Aktion

Aktion

..oder auch Workflows

Page 7: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

7

Wozu kann man es nutzen?

• Auto-Remedation

• Runbook-Automation

• Chatops

• CI/CD

Page 8: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

8https://www.tomaz.me/slides/event-driven-infrastructure-automation-with-stackstorm/#27

Beispiele

Page 9: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

9

TL; DR

• Weiterentwicklung in Community & Enterprise Edition

• Übergreifende, integrative Plattform

• Scaling: einzelne Teil-Dienste können ausgelagert werden.

• Technologie-Stack: Nginx (FrontEnd), RabbitMQ(MessageQueue), MongoDB (Auditierung), PostgreSql(integrierte Mistral Workflow Engine),

• Community-basedPacks erleichtern den Einstieg (https://github.com/StackStorm/st2contrib)

• Rezentralisieren von Automationen

Page 10: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins

Vielen Dank

Alexander Köhler

DevOps Engineer Linux

inovex GmbH

Ludwig-Erhard-Allee 6

76131 Karlsruhe

[email protected]

0173 3181 034


Das Android Phänomen und seine Mythen - inovex€¦ · Das Android Phänomen und seine Mythen Christian Meder Berlin, 3.8.2014

Das Android Phänomen und seine Mythen - inovex€¦ · Das Android Phänomen und seine Mythen Christian Meder Berlin, 3.8.2014

Documents
Big Data MDX with Mondrian and Apache Kylin - inovex · PDF fileSébastien*Jelsch London,*741142015 Big*Data*MDX*with*Mondrian*and*Apache*Kylin

Big Data MDX with Mondrian and Apache Kylin - inovex · PDF fileSébastien*Jelsch London,*741142015 Big*Data*MDX*with*Mondrian*and*Apache*Kylin

Documents
A New Era Begins Common Core: The Future Begins Now

A New Era Begins Common Core: The Future Begins Now

Documents
Katello / Pulp / Candlepin - inovex · Lifecycle Management (versch. ENV's) ... Candlepin - Subscription Management Pulp - Repository and Content Management Foreman - Provisioning

Katello / Pulp / Candlepin - inovex · Lifecycle Management (versch. ENV's) ... Candlepin - Subscription Management Pulp - Repository and Content Management Foreman - Provisioning

Documents
Clojure testing with Midje - inovex GmbH · Clojure testing with Midje Author: Tobias Bayer, inovex Subject: clojure, midje, testing Keywords: clojure, midje, testing Created Date:

Clojure testing with Midje - inovex GmbH · Clojure testing with Midje Author: Tobias Bayer, inovex Subject: clojure, midje, testing Keywords: clojure, midje, testing Created Date:

Documents
A modern approach to monitoring? - inovex€¦ · Monitoring with Graylog A modern approach to monitoring? Christoph Petrausch Karlsruhe, 06.11.2015. Christoph Petrausch Systems Engineer

A modern approach to monitoring? - inovex€¦ · Monitoring with Graylog A modern approach to monitoring? Christoph Petrausch Karlsruhe, 06.11.2015. Christoph Petrausch Systems Engineer

Documents
SMSF Begins

SMSF Begins

Economy & Finance
Social Business Erfolgsmessung - inovex GmbH · PDF fileSocial Business Erfolgsmessung ... Das Need-Capability-Result Model Needs . Results . Social Business . Measure- ... Maturity

Social Business Erfolgsmessung - inovex GmbH · PDF fileSocial Business Erfolgsmessung ... Das Need-Capability-Result Model Needs . Results . Social Business . Measure- ... Maturity

Documents
It begins the way life begins, with the sound of screaming. all the … · 2018. 4. 3. · 1 Of course, you know where it begins. It begins the way life begins, with the sound of

It begins the way life begins, with the sound of screaming. all the … · 2018. 4. 3. · 1 Of course, you know where it begins. It begins the way life begins, with the sound of

Documents
Prometheus Monitoring - inovex GmbH · ›Fasst ein oder mehrere Container zusammen ›Kleinste schedulbare Einheit ›Hat eigenen Network Namespace ›Kann Volumes mounten 5 Kubernetes

Prometheus Monitoring - inovex GmbH · ›Fasst ein oder mehrere Container zusammen ›Kleinste schedulbare Einheit ›Hat eigenen Network Namespace ›Kann Volumes mounten 5 Kubernetes

Documents
The Civil War Begins The Civil War Begins --1861 1861

The Civil War Begins The Civil War Begins --1861 1861

Documents
Automating OpenStack clouds and beyond w/ StackStorm

Automating OpenStack clouds and beyond w/ StackStorm

Technology
Material Design - Backwards Compatibility - inovex … · Material Design Backwards Compatibility. 2 ... support-annotations:21.0.2' compile 'com.android.support:support-annotations:21.0.2

Material Design - Backwards Compatibility - inovex … · Material Design Backwards Compatibility. 2 ... support-annotations:21.0.2' compile 'com.android.support:support-annotations:21.0.2

Documents
Globales Reporting mit Pentaho Business Analytics - inovex.de · Globales Reporting mit Pentaho Business Analytics Rolf Petry, Bosch Security Systems GmbH Dr. Alexander Thiel, inovex

Globales Reporting mit Pentaho Business Analytics - inovex.de · Globales Reporting mit Pentaho Business Analytics Rolf Petry, Bosch Security Systems GmbH Dr. Alexander Thiel, inovex

Documents
3 The Digestive 3 The Digestive Process Process Begins Begins

3 The Digestive 3 The Digestive Process Process Begins Begins

Documents
* Progressive Web Apps - inovex · * Progressive Web Apps. Tim Web & Android Dev @ inovex Jonas Web & .NET Dev @ inovex Amsterdam, 2016 Just a week ago. PWATF? Progressive (Enhancement)

* Progressive Web Apps - inovex · * Progressive Web Apps. Tim Web & Android Dev @ inovex Jonas Web & .NET Dev @ inovex Amsterdam, 2016 Just a week ago. PWATF? Progressive (Enhancement)

Documents
Software QS-Tag 2017 - Home - inovex GmbH ·  · 2017-10-25 14 ... Model-Based Tester › 2016: ... Quadrant 32 im V …

Software QS-Tag 2017 - Home - inovex GmbH ·  · 2017-10-25 14 ... Model-Based Tester › 2016: ... Quadrant 32 im V …

Documents
~*My Winter Vacation*~ The fun begins! ^-^ Vacation begins!~ ~ Vacation begins!~ -fun!- ski -Free time - blackcomb

~*My Winter Vacation*~ The fun begins! ^-^ Vacation begins!~ ~ Vacation begins!~ -fun!- ski -Free time - blackcomb

Documents
Elasticsearch - Suche im Zeitalter der Clouds · PDF fileElasticSearch – Suche im Zeitalter der Clouds Christian Meder Bernhard Pflugfelder inovex Gmbh

Elasticsearch - Suche im Zeitalter der Clouds · PDF fileElasticSearch – Suche im Zeitalter der Clouds Christian Meder Bernhard Pflugfelder inovex Gmbh

Documents
Kubernetes - inovex GmbH · Kubernetes An open platform for container orchestration Johannes M. Scheuermann Karlsruhe, 30.08.2017

Kubernetes - inovex GmbH · Kubernetes An open platform for container orchestration Johannes M. Scheuermann Karlsruhe, 30.08.2017

Documents
Distributed Work with Gearman · Dominik Jungowski 27 years old Scrum Coach at inovex GmbH Psychology student at Fernuni Hagen

Distributed Work with Gearman · Dominik Jungowski 27 years old Scrum Coach at inovex GmbH Psychology student at Fernuni Hagen

Documents
Begins 2013-14 school year Begins 2014-15 school year

Begins 2013-14 school year Begins 2014-15 school year

Documents
Real-time Data Analytics mit Elasticsearch - inovex GmbH · PDF fileReal-time Data Analytics mit Elasticsearch Bernhard Pflugfelder ... json, date, grep ... ‣ deep hadoop integration

Real-time Data Analytics mit Elasticsearch - inovex GmbH · PDF fileReal-time Data Analytics mit Elasticsearch Bernhard Pflugfelder ... json, date, grep ... ‣ deep hadoop integration

Documents
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

Software
Android Lollipop - Material Design - inovex...Android Lollipop - Material Design Author Tim Roes Subject Android Lollipop, Android 5.0, Material Design Keywords android lollipop, android

Android Lollipop - Material Design - inovex...Android Lollipop - Material Design Author Tim Roes Subject Android Lollipop, Android 5.0, Material Design Keywords android lollipop, android

Documents
FaaS Shell - Linux Foundation Events...Apps Azure Functions Twilio StackStorm IBM Functions Composer IBM Cloud Functions Apache OpenWhisk Fission Workflow Fission Why FaaS Shell? Serverless

FaaS Shell - Linux Foundation Events...Apps Azure Functions Twilio StackStorm IBM Functions Composer IBM Cloud Functions Apache OpenWhisk Fission Workflow Fission Why FaaS Shell? Serverless

Documents
REACT - inovex€¦ · React Facts > Library (NOT a framework) > Is only the view-part of the application > Open source > Developed (and used) by facebook

REACT - inovex€¦ · React Facts > Library (NOT a framework) > Is only the view-part of the application > Open source > Developed (and used) by facebook

Documents
StackStorm DevOps Automation Webinar

StackStorm DevOps Automation Webinar

Technology
Deep Learning for Recommender Systems - inovex · “Collaborative Deep Learning for Recommender Systems“ Proceedings of the 21th ACM SIGKDD International Conference on Knowledge

Deep Learning for Recommender Systems - inovex · “Collaborative Deep Learning for Recommender Systems“ Proceedings of the 21th ACM SIGKDD International Conference on Knowledge

Documents
Advanced Clojure Microservices - inovex GmbH · Clojure, Java, Cloud tobias.bayer@inovex.de 2 Tobias Bayer Senior Developer / Software Architect inovex GmbH

Advanced Clojure Microservices - inovex GmbH · Clojure, Java, Cloud [email protected] 2 Tobias Bayer Senior Developer / Software Architect inovex GmbH

Documents