Ansible Workshop - Ansible Security Automation

This is documentation for Ansible Automation Platform 2

Get started with Ansible Security Automation by implementing automation for three security use cases: 1) orchestrating firewalls, 2) IDS and SIEM: investigating suspicious traffic on a web server, and 3) threat hunting: analyzing unusual denied accesses on a firewall and remediation of a SQL injection. After a brief introduction, this workshop will guide you through basic concepts and show you how to use Ansible security automation in combination with existing third-party security solutions.

Read this in other languages:
English, 日本語, Français, Español.

Time planning

The time required to do the workshops strongly depends on multiple factors: the number of participants, how familiar those are with Linux in general and how much discussions are done in between.

Given students with basic experience with Ansible:

• the introduction takes roughly 30 minutes
• the first exercise takes roughly one hour
• the second exercise takes roughly two hours

If your experience is different in scheduling those workshops, please let us know and fill an issue.

Lab Diagram

Section 1 - Introduction to Ansible Security Automation Basics

• Exercise 1.1 - Exploring the lab environment
• Exercise 1.2 - Executing the first Check Point playbook
• Exercise 1.3 - Executing the first Snort playbook
• Exercise 1.4 - Executing the first IBM QRadar playbook

Section 2 - Ansible Security Automation Use Cases

• Exercise 2.1 - Investigation Enrichment
• Exercise 2.2 - Threat hunting
• Exercise 2.3 - Incident response

---