Hi, new to the forum


#1

Hello, I’m new to the forum. Got started in this career after a few years in IT. I haven’t been working in the field for too long. I would like to learn how to integrate my security systems, and build policies that can help my company stay secure.


#2

@Java Welcome to the community!
Let me know if we can help with anything.

Cheers,
Emma


#3

I am new to security operations too! Excited to see how this community can help me out!!!


#4

Hi @Oscar welcome! Glad you’ve joined us!

Please let me know any feedback you may have and how we can help!

Best,
Emma


#5

hello! just joined the SecOps Hub. looks like this will be a good community. i’ve been in security for about 15 years now. i think i’ve been involved in just about every part of security over the years. lately, i’ve had a strong focus on scaled hunting operations. looking forward to chatting!

-kris


#6

Welcome, @kris! Glad you’ve joined us. Let me know if I can help with anything.

Cheers,
Emma Furtado
SecOps Hub Community Manager


#7

Hi, new to the forum and just sticking the toe in the water with Swimlane, but been a big fan of empowering people with automation for a long time now. Know just enough about most things to be dangerous! :joy::rofl::joy:


#8

HI @z3ndrag0n,
Welcome to the community!

Hah I hear you. I’m ready for a robot to help me with my work. Have you automated some of your work? We would love to hear about it.

Cheers,
Emma


#9

I did this thing with Jenkins where I automated the processing steps of a basic forensic investigation. Nothing overly bright, just saves a lot of time. I can see porting that to an SAO system (eg Swimlane) would allow it to be far more powerful. Seems like that would make a good app for Swimlane, as I’m not willing to make it depend on Swimlane, but am willing to have it be empowered by Swimlane.


#10

@z3ndrag0n, would be interested to hear more. @mike_dunn & @nick.allen on our side do a lot of work with Jenkins, and might drag in a couple more people, but would love to collaborate.


#11

Thanks @cody.cornell - it’s called Forensicator FATE. It’s on GitHub (where truth be told it looks like abandonware because I spent the last couple of years being busy AF) and there’s a paper in the SANS reading room (and even a talk on YouTube from the 2015(?) DFIR Summit). They’re probably the best places to start to get a feel for if it still interests you! I’m going to be doing some work to bring it up to date and was going to support GoCD as well as Jenkins anyway, but those approaches were always more about abusing the platform to do what I wanted, whereas SAO approaches look well suited to the problem.

Cheers,
Barry


#12

Would be interested to take a closer look at what you’ve got if it’s public. More than happy to kick around some ideas for how Swimlane could support it or similar approaches, whether that’s in Jenkins and friends, or something entirely separate.


#13

Thanks @nick.allen, please see my reply above to @cody.cornell and if this interests you let me know!


#14

#15

Would be curious to see what you have in mind for supporting multiple different CI/automation platforms. Definitely some potential for supporting a more targeted SAO approach than just a generic automation pipeline based on your docs and usecase.


#16

Hi @z3ndrag0n, I’d definitely be interested in seeing what you’ve done as well. We’re doing a lot with Jenkins here, specifically with the declarative pipelines. It seems like this has given Jenkins a major boost in power and competitiveness with other products. Are you using the standard-style Jenkins jobs, or have you had the chance to start using the Groovy pipelines?


#17

Hey Just wanted to introduce myself, some of you know me as a lucky dragon when I am in Vegas, though typically the luck positively affects everyone around me, and not me directly. Been in the security business for ~15 years, and am looking forward to learning and contributing.


#18

Welcome, @halcyon! Glad you’ve joined us!


#19

@mike_dunn: I used old style at the time - I had issues around Jenkins because one revision they totally broke jobs loading from cli, so I had to even lock in an old version (which of course was hideous because they also had the serialisation issue). Short version, need to get back in the saddle as it were, update to latest Jenkins (and ideally the declarative pipelines) and GoCD (because you get the farming out jobs to multiple agents without needing commercial support, plus Thoughtworks) and I figure that’s where I go Swimlane as well - because SAO really is that next step for me if only because of the bits and pieces (integrations) that people have already done, so I get to abstract away low-level details, so I figure I end up with support for the Orchestration platforms most people will use and features come to Swimlane users first, and then trickle down either as I have time or as people want to pay to have that feature in the Jenkins/GoCD supporting version (or as they add it themselves).

Cheers,
Barry


#20

Hey all, just joined the forum and looking forward to learning and sharing! I’ve been in the field for about 10 years now, having focused most of my time on research and reverse engineering of network traffic and applications.