#ansible-security log

15:03:33 <maxamillion> #startmeeting Ansible Security Working Group
15:03:33 <zodbot> Meeting started Mon Apr  6 15:03:33 2020 UTC.
15:03:33 <zodbot> This meeting is logged and archived in a public location.
15:03:33 <zodbot> The chair is maxamillion. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:33 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:03:33 <zodbot> The meeting name has been set to 'ansible_security_working_group'
15:03:54 <maxamillion> #chair ikhan justjais rwolters
15:03:54 <zodbot> Current chairs: ikhan justjais maxamillion rwolters
15:04:52 <rwolters> So, are there topics to discuss from your side?
15:05:55 <rwolters> #info We have our first use case blog post today: Getting Started With Ansible Security Automation: Investigation Enrichment
15:05:57 <rwolters> https://www.ansible.com/blog/getting-started-with-ansible-security-automation-investigation-enrichment
15:07:13 <cyberpear> is qradar open source? (and more generally, is the focus on integrating OSS solutions, or proprietary, or both?)
15:07:35 <maxamillion> cyberpear: QRadar the product is not open source, the integrations I wrote are open source
15:08:29 <maxamillion> cyberpear: it's both ... honestly it's about the type of products and technologies that the industry and Ansible customers are most interested in ... I would personally love to enable open source tech if/when I find it in the categories of tech we're targeting
15:08:38 <rwolters> +1
15:09:16 <rwolters> Snort was an obvious choice, it is kind of the industry standard. In the other fields things often look different. In terms of SOAR and also SIEM there are only few open solutions, if at all.
15:09:43 <maxamillion> cyberpear: do you have any ideas and/or requests of open source tech you'd like to see get some love?
15:11:51 <cyberpear> "auditd server", "rsyslog server", -- basic things that have been on my TODO as part of lockdown efforts
15:12:46 <cyberpear> container scanning
15:12:49 <maxamillion> rwolters: I don't have anything for the agenda today, unfortunately my status is roughly the same as last week ... I've been having trouble finding time to get any coding work done
15:13:23 <maxamillion> cyberpear: so auditd and rsyslog are probably something you'll find from the Linux System Roles crew https://linux-system-roles.github.io/
15:13:52 <rwolters> Yeah, they have system logging on the roadmapö
15:14:04 <maxamillion> cyberpear: I know the logging thing is on their roadmap ... not sure about auditd ... however container scanning is something that's on my radar, I'm hoping to target Clair and things like twistlock at some point
15:14:26 <cyberpear> I'm not a fan of their "implement the role as a monolithic module" approach
15:14:31 * justjais waves
15:15:00 <cyberpear> (but I am aware of the project and have used it)
15:16:45 <justjais> folks, I also don't have much for this week
15:17:11 <rwolters> Ok, then let's call it a day.
15:17:17 <justjais> I'll be working on optimizing and clearing stuffs out in our available roles
15:17:39 <justjais> rwolters: +1
15:17:42 <rwolters> #endmeeting