Security:2021 Till Dec Roadmap - ansible/community GitHub Wiki
Status: PLANNED
This is an uncommitted roadmap for 2021 until December (some things might get dropped or added over the period).
Feedback welcome in #ansible-security
on IRC Libera.chat.
Ansible Security Working Group:
Ansible supported Security Platform Collections:
Cisco ASA, IBM Qradar, Splunk ES, Trendmicro Deepsecurity, Symantec EPM.
Follow our progress:
1. Update existing Ansible Security supported collection to use resource modules design and support the states associated with resource module:
- Merged
- Replaced
- Overridden
- Deleted
- Gathered
2. Scaffolding tool to generate module docstring and module code from vendors REST API swagger file
Once available, the tool will assist developers from both the community and the vendor team in simply building integrations with Ansible, with the newer resource module architecture, and all of the best practices that are taken into account when designing an integrated Ansible module.
3. Update and modify existing Ansible security roles
We'll be updating the existing Ansible supported security roles to include the support for all of the certified security platforms/vendors Ansible Security supports, available Ansible supported security roles:
4. Kubernetes and Container security
We've begun collaborating with Kubernetes and Container security platforms and vendors to provide an Ansible integration solution for automating Kubernetes and Container security use cases.
StackRox will be the first platform to launch in the space.
Broader roadmap
Firewall policy automation
Firewall policy visibility
- Dynamic documentation and reporting
- Identify policy misconfigurations
- Policy visibility informs the policy misconfiguration remediation plan
Firewall policy hygiene
- Collect and provide current firewall policy configurations in a human-readable format using facts. Teams can use this data to create a remediation plan to address configuration debt and desired state definitions.
- Teams can then implement desired-state firewall policy definitions across regions and multi-vendor environments.
Firewall policy life-cycle management
- Ensure firewall policies remain optimized and enforced.
- Firewall practitioners can compare current and desired states to identify drift.
SIEM
Modules roadmap
- log_source_management -adding, deleting, modifying log sources
- event_info - obtain information about one or many SIEM events, with filter options
- event_action - assign, protect, follow up, set status, and assign closing reason to a SIEM event
- event_enrich - create or update a SIEM event note/workbench entry
- rule - adding, deleting, modifying SIEM correlation rules, with filter options
- rule_info - obtain information about one or many SIEM correlation rules, with filter options
Additional platforms
- Exabeam
- Securonix
- LogRhythm
- Rapid7
PAM
Modules roadmap
- account - Adding, deleting, modifying a privileged credential
- authentication - Authenticate using PAS services
- credential - retrieving a credential from an object
- user - PAM user management (e.g. Get User Details, Add User, Update User, Delete User)
Additional platforms
- Thycotic
- BeyondTrust
- Centrify
EDR/EPP
Modules roadmap
- security_policy - Configure new security policies
- apikey - Configure API Keys.
- firewall_rule - Configure firewall rules
- hosts_info - Obtain information about one or many hosts under EDR protection
- log_inspection_rule - Configure log inspection rules
- syslog - Configure syslog configuration
- system_settings - Configure EDR system settings
Additional platforms
- Microsoft Defender ATP
- McAfee Endpoint Protection
- Sophos
- SentinelOne
- CrowdStrike
Kubernetes and Container security
Additional platforms
- Palo Alto Networks Prisma Cloud Compute Edition
- Aqua Security
- Anchore