This tutorial addresses the core principles of what it takes to build your own automation tools for cloud security, from detecting events to automatically remediating events, with heavy emphasis on using Python scripts to interact with the AWS API.
We won't be using toy examples: we'll be using the security tools we have used in industry like Splunk and Jira to build realistic end-to-end automation workflows. Students in our workshop will learn how to integrate the following flow 1) Identify an event (in public cloud), 2) Produce and capture the details of the event in Splunk and create a ticket in Jira, 3) Automatically enrich this data and create the appropriate automated remediation response. These steps can be completed to eliminate manual overhead on detection in the cloud as well as proper delegation to the appropriate team (incident response team, compliance, engineering teams, or other). With the use of simple Python scripts students will learn how they can build a simple yet fundamental security automation system.
Infrastructure Setup with Terraform
Searching and Alerting with Splunk
Remediating Open Security Groups with the AWS API