Security Operations: Examining automation and scripting uses Flashcards
What is Automation?
Automation uses technology to minimized human interaction.
What cases you would use automation?
User provisioning and recovery.
Resource and recovery provisioning.
Ticket creation and escalation.
Enabling and disabling services and access. An example is using a server-deployment template with a security baseline to deploy a server into a security group that only allows Secure Shell (SSH) connections inbound.
How are automation, continuous integration, and testing related?
They’re part of the Continuous Integration/Continuous Delivery (CI/CD) development method, which provides:
A consistent environment for deployment and configuration. Includes ensuring that code integration and testing environments are in parity with the deployment environment.
Starting, stopping, and restarting services and dependencies.
Testing is a collection of automated processes and tests such as regression testing.
How do GaurdRails help?
In automation, GuardRails are an open-source orchestration technology that provides integration into security tools and provides:
Monitoring for potential vulnerabilities, introduced through daily code integrations and changes across hosted repos such as GitHub, GitLab, and Bitbucket.
Reduce the technical debt: The drive to deliver code daily may outweigh the drive to reduce or eliminate the maintenance of older code or code reuse. This introduces complexity, overhead, additional vulnerabilities, and cost.
What are the benefits of automation and scripting?
Benefits of automation and scripting
There are many benefits associated with automation and scripting, including:
Standard infrastructure deployment and configurations: Through automation, infrastructure environments can be easily repeated and deployed in a consistent manner. Additionally, the infrastructure can be deployed in a secure manner by enforcing security configuration baselines, which are a predefined collection of security configuration settings commonly controlled through policy enforcement.
Improved response or reaction time.
Workforce multiplier: Through automation and scripting, the amount of work that can get accomplished increases greatly with less human interaction.
What languages are used in task automation and scripting?
There are several, including:
Bash: Unix/Linux-based command shell and language.
PowerShell: Commonly used in Windows, task automation, and in continuous integration and continuous delivery/continuous deployment (CI/CD).
JavaScript: Client-side scripting language (web-browser processing).
Python: Programming language used to build websites and software and automate tasks.
PHP: Short for Hypertext Preprocessor, this is a server-side scripting language.
Perl: Server-side scripting language.
Ruby: Server-side scripting language.
Other formats, including:
JSON: Short for JavaScript Object Notation, this is a form for defining, storing, and transporting data.
XML: Short for eXtensible Markup Language, this is a format for defining, storing, and transporting data.