![Page 1: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/1.jpg)
Stackstorm
Event Driven Automation
Alexander Köhler Karlsruhe, 25.08.2016
![Page 2: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/2.jpg)
2
IFTTT.
![Page 3: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/3.jpg)
3
Event-Driven
Event Regel Aktion
![Page 4: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/4.jpg)
Host B
4
Grundprinzip
Host A
st2sensorcontainer
Sensor
st2api
WebHook
Message Q
ueu
e
st2ruleengine
Trigger
Bedingung
st2actionrunner
ActionHost B
Host A
Service
![Page 5: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/5.jpg)
5
Demo
CLI {Trigger; Actions; Execution History}
Web GUI {Rules}
Webhooks
![Page 6: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/6.jpg)
Workflow
6
ActionChains
Event Regel
Aktion
AktionAktion
Aktion
Aktion
..oder auch Workflows
![Page 7: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/7.jpg)
7
Wozu kann man es nutzen?
• Auto-Remedation
• Runbook-Automation
• Chatops
• CI/CD
![Page 8: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/8.jpg)
8https://www.tomaz.me/slides/event-driven-infrastructure-automation-with-stackstorm/#27
Beispiele
![Page 9: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/9.jpg)
9
TL; DR
• Weiterentwicklung in Community & Enterprise Edition
• Übergreifende, integrative Plattform
• Scaling: einzelne Teil-Dienste können ausgelagert werden.
• Technologie-Stack: Nginx (FrontEnd), RabbitMQ(MessageQueue), MongoDB (Auditierung), PostgreSql(integrierte Mistral Workflow Engine),
• Community-basedPacks erleichtern den Einstieg (https://github.com/StackStorm/st2contrib)
• Rezentralisieren von Automationen
![Page 10: Stackstorm - inovex · StackStorm StackStorm matches SIEM Alert to Invalid Access rule, begins lockdown workflow O Remediation issue opened in Ticket tracking System StackStorm begins](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec967b2726ed378f96c9721/html5/thumbnails/10.jpg)
Vielen Dank
Alexander Köhler
DevOps Engineer Linux
inovex GmbH
Ludwig-Erhard-Allee 6
76131 Karlsruhe
0173 3181 034