Top Banner
HUBBLE SECURITY FOR DEVOPS
24

HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

Jul 28, 2018

Download

Documents

dinhnhi
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

HUBBLESECURITYFORDEVOPS

Page 2: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

INTRODUCTION

Hubbleisamodular,open-sourcesecurity&complianceauditingframework.

BuiltonSaltStack.

Page 3: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

OVERVIEW

QuickStart

AuditModules(Nova)

AuditProfiles(Nova)

File-IntegrityEvents(Pulsar)

Snapshots(Nebula)

Reporting(Quasar)

Roadmap

Page 4: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

QUICKSTART- SALTSTACK

Page 5: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

INSTALLATION

Page 6: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

QUICKSTART- STANDALONERPM/DEB

Page 7: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

NOWWITH50%LESSSALT!

Page 8: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

STANDALONESCHEDULER

Page 9: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

AUDITMODULESHUBBLESTACK NOVA

Page 10: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

AUDITMODULES

• grep

• iptables

• netstat

• openscap

• openssl

• pkg

• service

• stat

• sysctl

• vulners.com

Page 11: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

AUDITPROFILESHUBBLESTACK NOVA

Page 12: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

PROFILES

• ProfilesarewritteninYAML

• Novaauditsareprofiledriven

• Auditmodulesreadprofilesforinstructions

• Sampleprofilesshippedinhubblestack_nova/samples

• Profilesaremeanttobecustomized

• Customizetomatchyour securitypolicy

Page 13: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

FILE-INTEGRITYEVENTSHUBBLESTACK PULSAR

Page 14: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

PULSAR

Pulsar’sinotifymodulewatchesforfilesystemeventsinreal-time.WhenPulsardetectsaCREATE,MODIFYorDELETEfilesystemeventittakesasnapshotofthefileattributes.ThisdatacanbetrackedandanalyzedusingSplunk (orsimilar).SeeQuasarformoredetails.

Page 15: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

PULSARFAQ

Monitoreddirectoriesareconfigurable

Exceptionsaresupported(ie;monitor/var/butnot/var/log)

MultipleQuasarmodulesaresupported(ie;Splunk +Slack)

Notcurrentlycompatiblewithprelinking

Gatheredfileattributesareconfigurable(checksumtype,filestats)

Page 16: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

SNAPSHOTSHUBBLESTACK NEBULA

Page 17: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

NEBULA

Nebula’sosquerymoduleallowsyoutoqueryyoursystemsforinformationjustlikeadatabase.Runningthesequeriesonacadenceallowsforregular,scheduledsnapshotsofactivityonyourrunningsystems.ThisdatacanthenbetrackedandanalyzedusingSplunk (orsimilar).SeeQuasarformoredetails.

Page 18: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

NEBULAQUERIES

• runningprocesses

• establishedoutboundconnections

• listeningprocesses

• suid binaries

• crontab

• installedpackages

• ...anythingelseyou’dliketoquery

Page 19: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

REPORTINGHUBBLESTACK QUASAR

Page 20: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

QUASAR

QuasarisacollectionofcustommodulesthatcollectdatafromNova,NebulaandPulsaranddeliveritforprocessing.Quasarmodulescanconnecttojustaboutanything,includingSplunk,Slack,email,SMS,etc.

Page 21: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

QUASARMODULES

• NovatoSplunk• NebulatoSplunk• PulsartoSplunk• PulsartoSlack

Page 22: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

ROADMAP2017

Page 23: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

ROADMAP2017

• addtriggerfunctionalitytoNova(remediation)

• addalertfunctionalitytoNova(slack,sms,email,jabber)

• extendPulsartoincludeloginevents

• extendPulsartoincludeshellevents

• template(jinja,includes)supportinNovaprofiles

• extendNovaprofiletemplates(CISlevel2,STIG,etc)

• extendWindowssupport

• containers,containers,containers!

Page 24: HUBBLE - SCALE 16x · INTRODUCTION Hubble is a modular, open-source security & compliance auditing framework. Built on SaltStack.

HUBBLESTACK

Hubbleisamodular,open-sourcesecurity&complianceauditingframework.

BuiltonSaltStack.

Formoreinformationpleasevisit:

https://hubblestack.io

https://github.com/hubblestack


Related Documents
SaltStack Advanced Concepts

SaltStack Advanced Concepts

Category: Technology
NICKE - Lekolar · 2017. 4. 25. · 3 12x 12x 16x 18x 4x 6x 2x 3x 4x 8x 24x 36x 48x 8x 16x 24x 6x 12x 16x 12x 16x 12x

NICKE - Lekolar · 2017. 4. 25. · 3 12x 12x 16x 18x 4x 6x...

Category: Documents
SaltStack-Formulas Documentation

SaltStack-Formulas Documentation

Category: Documents
BRIMNES - ikeabg.azureedge.net · 2 16x 101345 16x 118331 112996 16x 119030 118224 109567 8x 16x 100365 107091 4x 110519 16x 158933 4x 4x 130508 130509 3

BRIMNES - ikeabg.azureedge.net · 2 16x 101345 16x 118331.....

Category: Documents
Configuration Management with Saltstack

Configuration Management with Saltstack

Category: Software
TRYSIL · 100365 113928 100006 110018 4x 113104 1x 150687 4x 128765 123451 6 AA-1989489-3. 16x 16x 16x 16x 16x 27 8x 8x 110519 118331 112996 101345 117434 119030 100365 112108 128642

TRYSIL · 100365 113928 100006 110018 4x 113104 1x 150687.....

Category: Documents
FlyingCloud: Building Docker Containers with SaltStack

FlyingCloud: Building Docker Containers with SaltStack

Category: Software
Using SaltStack To AutoDeploy ElasticSearch

Using SaltStack To AutoDeploy ElasticSearch

Category: Technology
SaltStack - An open source software story

SaltStack - An open source software story

Category: Technology
SaltStack - GigaOm Structure Launchpad 2013

SaltStack - GigaOm Structure Launchpad 2013

Category: Technology
SaltStack For DevOps, Free Sample

SaltStack For DevOps, Free Sample

Category: Software
Automations using Saltstack

Automations using Saltstack

Category: Software