Hello all,
This is a Request For Feedback (and potentially contributors if
anyone is interested in joining the fun).
I've started creating an Ansible Collection[0][1] with
modules/plugins/roles/etc focused on Security Operators[2], or
basically anyone working in a Security Operations Center who might
need to automate the types of software, utilities, appliances, etc
that are found there. Examples of this would be Intrusion Detection
Systems (IDS), Security Information Event Management (SIEM), Security
Operations/Analytics/Reporting (SOAR) platforms, Firewalls, etc.
Something to note is that at this time I'm not directly targeting
systems compliance for things like DISA STIG because there are already
very capable and well maintained Ansible-powered options catering to
those use cases[3][4][5].
With that in mind though, if there's enough interest I would like to
establish a Security Automation Ansible Community Working Group[6] to
focus on the full gamut of Information Security (or as much of it as
we can) to bring together members of the community interested in all
facets of Information Security around the goal of automating
everything we possibly can in Information Security with Ansible.
My questions to everyone are these:
Does this interest you?
Would this be helpful to you in a real way? (personally, professionally, $other)
What specific things would you like to see automated with Ansible that
aren't already?
Would you be interested in joining a Working Group, contributing code,
or being involved as an user who regularly provides feedback?
[0] - https://docs.ansible.com/ansible/devel/dev_guide/collections_tech_preview.html
[1] - https://galaxy.ansible.com/docs/contributing/creating_collections.html
[2] - https://github.com/ansible-security/community
[3] - https://github.com/mindpointgroup
[4] - https://github.com/ComplianceAsCode/content/
[5] - https://github.com/openstack/ansible-hardening
[6] - https://github.com/ansible/community