SlideShare une entreprise Scribd logo

Security Automation Approach: Scripting

Télécharger en tant que PPTX, PDF
L
Lauren Kersanske

Here's how security automation works with a scripting approach.

Technologie
1  sur  10
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. Let’s create our first “playbook”, an easy one: we’ll get an alert about a file download, we’ll access the endpoint and we’ll remove the file. Easy.
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Get the alert) 1. Detection tool sends syslog to my system 2. Regex extracts • File Hash • Endpoint IP • File Name That was easy! Alerts Syslog
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Access the endpoint) Now let’s access the endpoint. • Remote WMI calls & power shell script • How do I verify that it works? • Run it on a small subset, run script • What user account should I use? Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Credentials and authentication) • How do I store the credentials? • TODO: Figure out how to store credentials securely (should be easy) • What about authentication? • TODO: Figure out authentication. Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Testing) • Let’s run the script on past alerts. • It worked 63% of the time. Not bad. • Some PCs disabled PowerShell • Others have an old PowerShell version • Few network problems, and a few I’m not sure about Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Testing #2) • It worked 71% of the time. Not bad. • Couldn’t connect to some PCs • Firewall issue? • Network Issue? • WMI can’t run behind NAT (Remote employees) • Access denied (who knows….) Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Production) • Ignore TODO list for now and run the script • First alert worked! Yes!! • Second one failed. Access denied. Need to fix that. (I have it on my TODO) • Aha, I know why. Running process. Easy. Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. • How can I find the right process?? • Process image file and from there the process ID • Get all processes and their image file script • Let’s connect it together…… Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Let’s Automate – (Production #2) • It didn’t work. • Grrrrrrrr. • It had another file handle, locking the file • How can I find that with PowerShell ? Alerts Syslog Automation Framework
Intelligent Security Orchestration and Automation hexadite.com Back to that to-do list… What Time Figure out how to store credentials securely 4 Days Figure out authentication 2 Days Research how to “fight” process with file handles ? How can I exclude my work (scripts) from security tools we have in our organization? ? Figure out access issues (permission denied…) ? Firewall issues – GPO policy? 2 Days WMI can I use WinRM? How do I secure it? (What about Linux and Mac?) ? :- Documentation (I need to document the code) Grrrrrrr QA and Testing  What have I missed?

Recommandé

Intelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital BusinessIntelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital Businessaccenture
 
120229 Fm Tec Intelligent Security Containers Quick Info 2012
120229 Fm Tec Intelligent Security Containers Quick Info 2012120229 Fm Tec Intelligent Security Containers Quick Info 2012
120229 Fm Tec Intelligent Security Containers Quick Info 2012Bindner
 
Its & complex safety
Its & complex safetyIts & complex safety
Its & complex safetysergey-shchemenok
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
International Conference on Building Security Capacity
International Conference on Building Security CapacityInternational Conference on Building Security Capacity
International Conference on Building Security CapacityAustralian Civil-Military Centre
 
Logging and Monitoring your container-based infrastructures
Logging and Monitoring your container-based infrastructuresLogging and Monitoring your container-based infrastructures
Logging and Monitoring your container-based infrastructuresMohammed Aboullaite
 
Effective devops
Effective devops Effective devops
Effective devops Mohammed Aboullaite
 
Using machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversionUsing machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversionTammy Everts
 

Recommandé

Intelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital BusinessIntelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital Businessaccenture
 
120229 Fm Tec Intelligent Security Containers Quick Info 2012
120229 Fm Tec Intelligent Security Containers Quick Info 2012120229 Fm Tec Intelligent Security Containers Quick Info 2012
120229 Fm Tec Intelligent Security Containers Quick Info 2012Bindner
 
Its & complex safety
Its & complex safetyIts & complex safety
Its & complex safetysergey-shchemenok
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
International Conference on Building Security Capacity
International Conference on Building Security CapacityInternational Conference on Building Security Capacity
International Conference on Building Security CapacityAustralian Civil-Military Centre
 
Logging and Monitoring your container-based infrastructures
Logging and Monitoring your container-based infrastructuresLogging and Monitoring your container-based infrastructures
Logging and Monitoring your container-based infrastructuresMohammed Aboullaite
 
Effective devops
Effective devops Effective devops
Effective devops Mohammed Aboullaite
 
Using machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversionUsing machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversionTammy Everts
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realistsKarthik Gaekwad
 
Seminar ppt...; )
Seminar ppt...; )Seminar ppt...; )
Seminar ppt...; )Priya_Srivastava
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration WarsKarl Isenberg
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Krishna-Kumar
 
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)Galina Yaceiko
 
K8S in prod
K8S in prodK8S in prod
K8S in prodMageshwaran Rajendran
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Contenu connexe

En vedette

Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realistsKarthik Gaekwad
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration WarsKarl Isenberg
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Krishna-Kumar
 
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)Galina Yaceiko
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 

En vedette (8)

Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and Containers
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realists
 
Seminar ppt...; )
Seminar ppt...; )Seminar ppt...; )
Seminar ppt...; )
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration Wars
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
 
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)Abb85fb57f02f7b85c8eba91f28b7c99 (1)
Abb85fb57f02f7b85c8eba91f28b7c99 (1)
 
K8S in prod
K8S in prodK8S in prod
K8S in prod
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 

Dernier

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Security Automation Approach: Scripting

  • 1. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. Let’s create our first “playbook”, an easy one: we’ll get an alert about a file download, we’ll access the endpoint and we’ll remove the file. Easy.
  • 2. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Get the alert) 1. Detection tool sends syslog to my system 2. Regex extracts • File Hash • Endpoint IP • File Name That was easy! Alerts Syslog
  • 3. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Access the endpoint) Now let’s access the endpoint. • Remote WMI calls & power shell script • How do I verify that it works? • Run it on a small subset, run script • What user account should I use? Alerts Syslog Automation Framework
  • 4. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Credentials and authentication) • How do I store the credentials? • TODO: Figure out how to store credentials securely (should be easy) • What about authentication? • TODO: Figure out authentication. Alerts Syslog Automation Framework
  • 5. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Testing) • Let’s run the script on past alerts. • It worked 63% of the time. Not bad. • Some PCs disabled PowerShell • Others have an old PowerShell version • Few network problems, and a few I’m not sure about Alerts Syslog Automation Framework
  • 6. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Testing #2) • It worked 71% of the time. Not bad. • Couldn’t connect to some PCs • Firewall issue? • Network Issue? • WMI can’t run behind NAT (Remote employees) • Access denied (who knows….) Alerts Syslog Automation Framework
  • 7. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. (Production) • Ignore TODO list for now and run the script • First alert worked! Yes!! • Second one failed. Access denied. Need to fix that. (I have it on my TODO) • Aha, I know why. Running process. Easy. Alerts Syslog Automation Framework
  • 8. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate. • How can I find the right process?? • Process image file and from there the process ID • Get all processes and their image file script • Let’s connect it together…… Alerts Syslog Automation Framework
  • 9. Intelligent Security Orchestration and Automation hexadite.com Let’s Automate – (Production #2) • It didn’t work. • Grrrrrrrr. • It had another file handle, locking the file • How can I find that with PowerShell ? Alerts Syslog Automation Framework
  • 10. Intelligent Security Orchestration and Automation hexadite.com Back to that to-do list… What Time Figure out how to store credentials securely 4 Days Figure out authentication 2 Days Research how to “fight” process with file handles ? How can I exclude my work (scripts) from security tools we have in our organization? ? Figure out access issues (permission denied…) ? Firewall issues – GPO policy? 2 Days WMI can I use WinRM? How do I secure it? (What about Linux and Mac?) ? :- Documentation (I need to document the code) Grrrrrrr QA and Testing  What have I missed?