In a previous post we looked at building AlienVault OSSIM, but the setup of a SIEM is pretty Spartan without any data sources feeding it. The Operating System integration for AlienVault is surprisingly Windows-centric for a Linux platform, but let’s take a look at it. Windows Log Management For this configuration, we’ll be using the existing mc-ossim OSSIM server set up previously and capturing logs from a Domain Controller named . . .
I noticed around 2015 that SIEM became the new buzzword that IT consultancies started throwing around to sell things that sensible admins had already been doing for decades, namely a centralised platform for the storing and management of logs. The king of these solutions is unarguably ELK (now known as ElasticStack), however ELK is a dark art and scares a lot of people away, when we’re talking about a SIEM . . .
Previously I’ve looked in detail at the uses of two of Hashicorp’s offering’s; Terraform and Vault. Predictably, the union of these two platforms allows for some ideal ways to further streamline the process of cloud provisioning, in this case by securely handling the myriad secrets needed for cloud shaping and configuration. In this post I’ll be looking at a fairly simple configuration to get started. The sample code for this . . .
Even in the age of Linux dominance on public clouds, there’s no denying that Windows still rules the roost in on-premise deployments and Active Directory still lies at the heart of authentication schemes. AD is everywhere to the point where it’s a surprise for some admins to learn that LDAP and Kerberos aren’t native to Microsoft. Knowing that, it is often essential for a good product to provide LDAP authentication . . .
In my recent posts I’ve covered the hardened setup of Vault and covered the basics of using the REST API. As we’ve seen so far, Vault is primarily designed for programmatic interactions from external systems via the API, so lets take a look a favourite of mine; Ansible Tower, which is a prime candidate as a third party system which often has a requirement to call secrets from external systems. . . .
Recently we looked at integrating Ansible Tower with Hashicorp Vault, but I thought it would be worth taking a look at another popular Secrets management system, Azure Key Vault. Whilst the solution isn’t exactly the same using Azure Key Vault and Tower was my first time trying to integrate Ansible with a centralised Secrets repository, so let’s take a look at how to achieve the integration as it’s not very . . .
Following my look at integrating Ansible Tower with Windows, I thought I’d take a look at another common requirement that needs some slight tweaking (though not nearly to the extent of Windows), networking devices, specifically Cisco devices running IOS, ASA and NX-OS platforms. Networking – It’s Built In Unlike the additional layers of configuration that comes with Windows, the use of Cisco platforms is native to Ansible, however some steps . . .
Since the release of Ansible 1.7, way back in the forgotten era of 2014, Ansible can connect to Windows (2008 and higher) using remote PowerShell over that most finicky of mechanisms, WinRM. Red Hat are quick to sell the unilateral management capabilities of Ansible (which do exist), but under the hood we see a uniquely Windows problem. Ansible was built for SSH initially and because Microsoft as ever adopt a . . .
UPDATE: At the time I wrote this the Netbox Collection was still pretty immature, it isn’t anymore. If you’re trying to do a simple task then you probably just want to go and install the Netbox Collection from Ansible Galaxy and use the native Modules. You can find the Collection here! Ansible Tower and Netbox are two of my favourite tools, and their integration is seemingly painless on the surface . . .