Security:2021 Till Dec Roadmap

Status: PLANNED

This is an uncommitted roadmap for 2021 until December (some things might get dropped or added over the period).

Feedback welcome in #ansible-security on IRC Libera.chat.

Ansible Security Working Group:

Security Automation Group.

Ansible supported Security Platform Collections:

Cisco ASA, IBM Qradar, Splunk ES, Trendmicro Deepsecurity, Symantec EPM.

Follow our progress:

1. Update existing Ansible Security supported collection to use resource modules design and support the states associated with resource module:

• Merged
• Replaced
• Overridden
• Deleted
• Gathered

2. Scaffolding tool to generate module docstring and module code from vendors REST API swagger file

Once available, the tool will assist developers from both the community and the vendor team in simply building integrations with Ansible, with the newer resource module architecture, and all of the best practices that are taken into account when designing an integrated Ansible module.

3. Update and modify existing Ansible security roles

We'll be updating the existing Ansible supported security roles to include the support for all of the certified security platforms/vendors Ansible Security supports, available Ansible supported security roles:

• acl_manager
• log_manager
• ids_config
• ids_install
• ids_rule_facts

4. Kubernetes and Container security

We've begun collaborating with Kubernetes and Container security platforms and vendors to provide an Ansible integration solution for automating Kubernetes and Container security use cases.

StackRox will be the first platform to launch in the space.

Broader roadmap

Firewall policy automation

Firewall policy visibility

• Dynamic documentation and reporting
• Identify policy misconfigurations
• Policy visibility informs the policy misconfiguration remediation plan

Firewall policy hygiene

• Collect and provide current firewall policy configurations in a human-readable format using facts. Teams can use this data to create a remediation plan to address configuration debt and desired state definitions.
• Teams can then implement desired-state firewall policy definitions across regions and multi-vendor environments.

Firewall policy life-cycle management

• Ensure firewall policies remain optimized and enforced.
• Firewall practitioners can compare current and desired states to identify drift.

SIEM

Modules roadmap

• log_source_management -adding, deleting, modifying log sources
• event_info - obtain information about one or many SIEM events, with filter options
• event_action - assign, protect, follow up, set status, and assign closing reason to a SIEM event
• event_enrich - create or update a SIEM event note/workbench entry
• rule - adding, deleting, modifying SIEM correlation rules, with filter options
• rule_info - obtain information about one or many SIEM correlation rules, with filter options

Additional platforms

• Exabeam
• Securonix
• LogRhythm
• Rapid7

PAM

Modules roadmap

• account - Adding, deleting, modifying a privileged credential
• authentication - Authenticate using PAS services
• credential - retrieving a credential from an object
• user - PAM user management (e.g. Get User Details, Add User, Update User, Delete User)

Additional platforms

• Thycotic
• BeyondTrust
• Centrify

EDR/EPP

Modules roadmap

• security_policy - Configure new security policies
• apikey - Configure API Keys.
• firewall_rule - Configure firewall rules
• hosts_info - Obtain information about one or many hosts under EDR protection
• log_inspection_rule - Configure log inspection rules
• syslog - Configure syslog configuration
• system_settings - Configure EDR system settings

Additional platforms

• Microsoft Defender ATP
• McAfee Endpoint Protection
• Sophos
• SentinelOne
• CrowdStrike

Kubernetes and Container security

Additional platforms

• Palo Alto Networks Prisma Cloud Compute Edition
• Aqua Security
• Anchore

ansible.security meta collection:

Security.