Security Automation with Red Hat Ansible Automation

Updated -

Red Hat Ansible introduced Security Automation as a set of Ansible roles and modules dedicated to security teams. Their goal is to provide a faster, more efficient and streamlined way to automate the processes for the identification, triage, and response to security events. This effort targets integrations for automating and orchestrating enterprise security solutions not specifically designed to talk to each other and is more complex and higher-value than the application of a security baseline (PCI, STIG, CIS) to a server.

Getting Started

Ansible Galaxy

Roles to use Ansible Security Automation are available via Ansible Galaxy at galaxy.ansible.com/ansible_security. They can be downloaded into a roles/ directory, or referenced via a requirements.yml file.

Currently the following roles are available:

Role Name Description
acl_manager Ansible role to manage access control lists for many firewall devices
ids_config Intrusion Detection System Configuration Role
ids_install A role to install many different Intrusion Detection Systems, these are defined as "providers" to the Role.
ids_rule Ansible role to manage rules and signatures for Intrusion Detection Systems
ids_rule_facts Intrusion Detection System Rule maintenance
log_manager Role to manage logs in multiple firewall devices
splunkenterprisesecurity Modules for interacting with Splunk Enterprise Security

Some of the roles mentioned above come with additional modules which are included as part of the role.

Installing Ansible Security Automation Modules

Some modules are are part of the Ansible distribution, but may require a recent version of Ansible. For example, Check Point modules are part of the Ansible distribution starting with version 2.8.

Please install a recent version of Ansible Engine. Please note the compatibility between Ansible Engine and Ansible Tower versions.

Modules

The modules listed below are part of the Ansible distribution and are supported as Technical Preview as part of Red Hat Ansible Automation. The effort is based on development of the Ansible Security upstream project. As such the modules are tested as stable but the interface (module inputs) may receive future updates that could be incompatible with the current state. Additional information can be found at Top Support Policies for Red Hat Ansible Automation.

Module Name [from Ansible devel -- deprecated] Platform Description
checkpoint_access_layer_facts Check Point Enterprise Firewalls Get access layer facts on Check Point over Web Services API
checkpoint_access_rule Check Point Enterprise Firewalls Manages access rules on Checkpoint over Web Services API
checkpoint_access_rule_facts Check Point Enterprise Firewalls Get access rules objects facts on Checkpoint over Web Services API
checkpoint_host Check Point Enterprise Firewalls Manages host objects on Checkpoint over Web Services API
checkpoint_host_facts Check Point Enterprise Firewalls Get host objects facts on Checkpoint over Web Services API
checkpoint_object_facts Check Point Enterprise Firewalls Get object facts on Check Point over Web Services API
checkpoint_run_script Check Point Enterprise Firewalls Run scripts on Checkpoint devices over Web Services API
checkpoint_session Check Point Enterprise Firewalls Manages session objects on Check Point over Web Services API
checkpoint_task_facts Check Point Enterprise Firewalls Get task objects facts on Checkpoint over Web Services API

Further modules are part of the roles mentioned above.

Table of Contents

Automatically generate a table of contents