AusCERT 2109: Open Source Security Orchestration - Automating the Boring Stuff

May 29, 2019
Virtual Event


This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

About this event

Organisations have an increasing number of detective controls in their information security environments. With more and more logs and monitoring there can only be more events to investigate and triage.

In this tutorial Cosive will show participants how they can use open source tooling to automate the contextualisation and remediation of security threats in their environment.

The agenda will include:

  • Installing and configuring the tools
  • Basic automation concepts
  • Creating workflows
  • Debugging workflows
  • Developing end to end playbooks for common security incidents (suspicious executables, phishing emails)
  • Developing integrations for currently unsupported systems

This is a hands-on course with a bare minimum of presenting. Our intention is to make sure that 75% of this does not really require any programming experience and a minimum of systems administration but having some SOC fundamentals and basic Linux will definitely help.

We’re still solidifying tooling but it will either be based on StackStorm - a general purpose automation engine with a wide range of supported integrations) or WALKOFF - NSA released software that is cleaner to work with but has less supported integrations.