** Cisco DevNet Express ** Prague - 5-6.3.2018
- We created a simple automated workflow, using a different APIs.
- We identified the Rouge endpoints where malware has executed in our network using AMP for endpoints.
- We used ISE to quarantine these endpoints to contain the known threats.
- We used the AMP data to collect intelligence on the SHAs using Threat Grid.
- We developed the IPs and Domain list associated with these SHAs from Threat Grid.
- We used Umbrella Investigate to gather intelligence on the Domains/IPs.
- We used Umbrella Enforcement to contain the threat and prevent the malware from executing, as it can't call home.
- We used FirePower FDM APIs to enforce and contain the threat on the NextGen firewalls.
- We used the Python programming language to call different APIs.
- We used Python to pull and push data from different security systems - creating one.
- We used the Python to parse the JSON, XML, YAML and REST API.
- We learn how to gather the Intelligence and use it to quickly contain the threat to protect the rest of the network.
- The future of DevOps is needed in Security Business already and coming fast to the networking as well.
For one of the participants it was also very happy day as he gained not only knowledge but also a fully equipped Raspberry Pi 3B+ !
It was my first reward gained from a CyberSecOps business :) And a fourth RPi into the collection :D
No comments:
Post a Comment
Thank you for your comment. Will try to react as soon as possible.
Regards,
Networ King