嗨专家,
我们有要求自动化SOC过程越多越好,
例如 - 使用票务系统(JIRA),当提出请求以阻止大量IP或域名时,应自动实现票证以人为干预来实现。
需要理解,
- 如果有可能与JIRA工作流程整合还如何 ?
- 如果有可能在平静的帮助下,在安全设备上自动化IPS /域的块/发布过程还如何 ?
- 在这里平静的帮助下,我们可以实现哪些其他安全相关任务。
寻找一些方向和支持前进。
最好的答案josenutanix
- Calm provides an API and a CLI that can be consumed by Jira. It\u2019s your choice which one to use. I\u2019m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.<\/li>\t
- If the security devices have an API, you can use Calm EScript tasks. If they don\u2019t but have a CLI, then you\u2019ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices<\/li>\t
- With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases.\u00a0<\/li><\/ol>","className":"post__content__best_answer"}">