解决了

镇定自动化SOC流程

  • 2021年6月16日
  • 1回复
  • 80视图
j
徽章

嗨,专家,

我们需要自动化SOC流程越多越好,

例如 - 使用票务系统(JIRA),当提出请求以阻止大量IP或域列表时,应在没有人为干预的情况下自动实施票证。

需要了解,

  1. 如果有可能将平静与JIRA工作流程整合?如何 ?
  2. 如果有可能在Call的帮助下,IPS/域在安全设备上自动化块/释放过程?如何 ?
  3. 在这里平静的帮助下,我们可以完成哪些其他与安全有关的任务。

寻找一些方向和支持以向前发展。

图标

最好的答案乔森纳克斯2021年6月16日,17:45

Hi Jitendra,<\/p>
  1. Calm provides an API and a CLI that can be consumed by Jira. It\u2019s your choice which one to use. I\u2019m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.<\/li>\t
  2. If the security devices have an API, you can use Calm EScript tasks. If they don\u2019t but have a CLI, then you\u2019ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices<\/li>\t
  3. With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases.\u00a0<\/li><\/ol>","className":"post__content__best_answer"}">
查看原件
Hi Experts,<\/p>

We have a requirement to automate SOC process<\/strong> as much as possible,<\/p>

For example - using ticketing system (JIRA), when a request is raised to block a large list of IP's or domains, the ticket should be implemented automatically with out human intervention.<\/p>

Need to understand,<\/p>

  1. If it is possible to integrate CALM with JIRA workflow<\/strong> ? and how ?<\/li>\t
  2. If it is possible to automate block\/release process of IPs\/Domains at security devices with the help of CALM<\/strong>? and how ?<\/li>\t
  3. What other security related tasks we can achieve with the help of CALM here.<\/li><\/ol>

    Looking for some direction and supportive to move ahead.<\/p>","quoteUsername":"Jitendra Ingale","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

该主题已关闭以供评论

1回复

乔森纳克斯
秩
UserLevel 4
徽章 +5

嗨,吉滕德拉,

  1. 冷静提供了JIRA可以消费的API和CLI。您可以选择使用哪种。我不熟悉JIRA工作流程,但是如果它能够连接到托管平静CLI(平静DSL)的机器,那么如果您不熟悉Call Apis,这将是更容易遵循的方法。
  2. 如果安全设备具有API,则可以使用平静的Escript任务。如果他们没有CLI,那么您必须检查使用CALM CALM是否能够通过SSH连接到它们。平静需要在远程设备中启用SFTP。并非所有时间由于在这些设备中启用安全执法而起作用
  3. 通过平静,您几乎可以实现所需的目标。在此之前共享的方法应该给您一个想法,以了解如何解决其他用例。
何塞·戈麦斯(Jose Gomez)|技术营销工程师|jose.gomez@nutanix.com |@pipoe2H
Hi Jitendra,<\/p>
  1. Calm provides an API and a CLI that can be consumed by Jira. It\u2019s your choice which one to use. I\u2019m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.<\/li>\t
  2. If the security devices have an API, you can use Calm EScript tasks. If they don\u2019t but have a CLI, then you\u2019ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices<\/li>\t
  3. With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases.\u00a0<\/li><\/ol>","quoteUsername":"JoseNutanix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu