#ansible-security log

15:00:45 <maxamillion> #startmeeting Ansible Security Working Group
15:00:45 <zodbot> Meeting started Mon Dec 16 15:00:45 2019 UTC.
15:00:45 <zodbot> This meeting is logged and archived in a public location.
15:00:45 <zodbot> The chair is maxamillion. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:45 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:00:45 <zodbot> The meeting name has been set to 'ansible_security_working_group'
15:01:10 <maxamillion> #chair ikhan akasurde maxamillion justjais
15:01:10 <zodbot> Current chairs: akasurde ikhan justjais maxamillion
15:02:18 <maxamillion> #info please feel free to add things to the agenda for next week https://github.com/ansible/community/issues/510
15:02:38 <maxamillion> nothing new was added to the agenda for this week
15:02:42 <maxamillion> #topic Open Floor
15:02:48 <maxamillion> anyone have anything for open floor?
15:02:54 * akasurde waves
15:03:09 <maxamillion> I wanted to be sure and mention that we're likely to have some slow down for a while because of the holiday season coming up
15:05:07 <maxamillion> I've been working on a way to basically combine a Connection plugin with a python api that already provides all the abstraction for connecting to an appliance, this so far seems like a weird mis match but I'm also inexperienced with developing Connection plugins at this time (outside of httpapi Connection plugins) so that's an effort that keeps ongoing in service of enabling some SecOps appliances
15:07:01 <maxamillion> if anyone else has anything, I'll leave the meeting open for a few more minutes
15:07:16 <akasurde> maxamillion, are we targetting any specific secops appliances ?
15:08:12 <akasurde> I would be more than happy to start working if there anything in pipeline
15:10:46 <maxamillion> most of what we've been doing is targeting partner devices and helping their teams get functionality bootstrapped so they can then build on top of that work, I'm not sure if we've got a wishlist anywhere but we definitely should
15:10:55 <maxamillion> I'll take the action item to get that up in the community wiki
15:11:21 <justjais> maxmillion, we have also started working on Cisco ASA front and have recently implemented its facts module
15:11:34 <akasurde> yeah,
15:11:38 <maxamillion> #action maxamillion to create a wishlist of appliances and software solutions we'd like to add functionality to
15:11:43 <maxamillion> +1
15:11:49 <justjais> we can start working on its resource modules, once that's merged
15:11:57 <maxamillion> #info Cisco ASA development is under way, currently have facts module
15:12:04 <maxamillion> aweome
15:12:21 <justjais> @akasurde, yea +1
15:12:39 <akasurde> I have couple of ideas, Like VMware Firewall, Suricata, Snort etc.
15:12:41 <crosslogic> akasurde, so far we've been working on 4 technologies: SIEM, firewalls, IDPS and PAM but we can extend wherever makes sense
15:12:50 <akasurde> these are just vague ideas
15:12:57 <crosslogic> @aka
15:13:02 <maxamillion> the thing that got me initially looking at combining a python library with a connection plugin is that the IBM ISAM team already has a bunch of Roles we're going to move to a collection but they want session persistence between tasksd
15:13:10 <maxamillion> https://github.com/IBM-Security/isam-ansible-roles
15:13:29 <crosslogic> akasurde, maxamillion has been working on Snort quite a bit, Suricata could be an interesting extension of that
15:13:38 <justjais> @akasurde, we have role and modules available for Snort under IPS
15:13:39 <maxamillion> and the whole thing is  a REST API but they already have a python module that does everything https://github.com/IBM-Security/ibmsecurity
15:13:44 <maxamillion> so I'm trying to combine those
15:14:10 <akasurde> Oh cool
15:14:16 <maxamillion> yes, I have snort done for a baseline, would like to expand that offering
15:14:22 <akasurde> nice to hear that we have a bunch of things lined up
15:14:24 <maxamillion> suicata is on the todo list
15:15:12 <akasurde> maxamillion, let me know while starting with suricata, i have prior experience with that
15:15:16 <crosslogic> akasurde, we'd also like to start playing with endpoint security technologies, from good old antivirus to NAC, etc
15:15:21 <justjais> @akasurde, IMO we can definitely work on VMware Firewall front
15:16:07 <justjais> since we already have vmware resource in place already :)
15:16:13 <maxamillion> akasurde: awesome, thanks
15:16:25 <crosslogic> justjais, akasurde VMware firewall makes sense
15:16:52 <akasurde> justjais, best part is VMware now supports REST so httpapi connection is best bet over there
15:17:12 <maxamillion> +1
15:17:18 <justjais> akasurde, awesome what else we can ask for :)
15:18:22 <justjais> maxamillion, crosslogic, we can put it VMware firewall on our roadmap if feasible
15:18:38 <maxamillion> +1
15:19:27 <akasurde> #action akasurde to investigate more on VMware firewall stuff
15:20:05 <crosslogic> akasurde, they may also have something connected to NSX
15:20:36 <akasurde> crosslogic, NSX is already been managed by VMware NSX team
15:21:26 <crosslogic> akasurde, at the time of the acquisition they used to have two different technologies for software defined firewalling
15:25:05 <maxamillion> alright, cool
15:25:12 <maxamillion> anything else for open floor?
15:28:13 <maxamillion> alright, thanks for coming everyone!
15:28:15 <maxamillion> #endmeeting