15:03:33 <maxamillion> #startmeeting Ansible Security Working Group 15:03:33 <zodbot> Meeting started Mon Apr 6 15:03:33 2020 UTC. 15:03:33 <zodbot> This meeting is logged and archived in a public location. 15:03:33 <zodbot> The chair is maxamillion. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:33 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:03:33 <zodbot> The meeting name has been set to 'ansible_security_working_group' 15:03:54 <maxamillion> #chair ikhan justjais rwolters 15:03:54 <zodbot> Current chairs: ikhan justjais maxamillion rwolters 15:04:52 <rwolters> So, are there topics to discuss from your side? 15:05:55 <rwolters> #info We have our first use case blog post today: Getting Started With Ansible Security Automation: Investigation Enrichment 15:05:57 <rwolters> https://www.ansible.com/blog/getting-started-with-ansible-security-automation-investigation-enrichment 15:07:13 <cyberpear> is qradar open source? (and more generally, is the focus on integrating OSS solutions, or proprietary, or both?) 15:07:35 <maxamillion> cyberpear: QRadar the product is not open source, the integrations I wrote are open source 15:08:29 <maxamillion> cyberpear: it's both ... honestly it's about the type of products and technologies that the industry and Ansible customers are most interested in ... I would personally love to enable open source tech if/when I find it in the categories of tech we're targeting 15:08:38 <rwolters> +1 15:09:16 <rwolters> Snort was an obvious choice, it is kind of the industry standard. In the other fields things often look different. In terms of SOAR and also SIEM there are only few open solutions, if at all. 15:09:43 <maxamillion> cyberpear: do you have any ideas and/or requests of open source tech you'd like to see get some love? 15:11:51 <cyberpear> "auditd server", "rsyslog server", -- basic things that have been on my TODO as part of lockdown efforts 15:12:46 <cyberpear> container scanning 15:12:49 <maxamillion> rwolters: I don't have anything for the agenda today, unfortunately my status is roughly the same as last week ... I've been having trouble finding time to get any coding work done 15:13:23 <maxamillion> cyberpear: so auditd and rsyslog are probably something you'll find from the Linux System Roles crew https://linux-system-roles.github.io/ 15:13:52 <rwolters> Yeah, they have system logging on the roadmapö 15:14:04 <maxamillion> cyberpear: I know the logging thing is on their roadmap ... not sure about auditd ... however container scanning is something that's on my radar, I'm hoping to target Clair and things like twistlock at some point 15:14:26 <cyberpear> I'm not a fan of their "implement the role as a monolithic module" approach 15:14:31 * justjais waves 15:15:00 <cyberpear> (but I am aware of the project and have used it) 15:16:45 <justjais> folks, I also don't have much for this week 15:17:11 <rwolters> Ok, then let's call it a day. 15:17:17 <justjais> I'll be working on optimizing and clearing stuffs out in our available roles 15:17:39 <justjais> rwolters: +1 15:17:42 <rwolters> #endmeeting