$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
-
Upload
joel-king -
Category
Technology
-
view
160 -
download
4
Transcript of $10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
Joel W. KingEngineering and Innovations - Network Solutions, World Wide Technology, Inc.
2016 Phantom Cyber, Proprietary and Confidential,
Goal
How we got here?
Focus on ‘Why’ rather than ‘What’
Data Ingest
F5 App
Meraki App
Key Take-aways
2016 Phantom Cyber, Proprietary and Confidential,
whoami
Past ExperienceNetApp: Digital Video Surveillance | Big Data | E-SeriesCisco: Enterprise Systems Engineering (ESE) Cisco Validated Designs (CVDs)AMP Incorporated: Network Architect | CCIE No. 1846 (retired)
Joel W. King
[email protected]@joel_w_kinggithub.com/joelwkingwww.linkedin.com/in/programmablenetworks
4
World Wide Technology
Headquartered in St. Louis, Missouri 2015 revenue: $7.4 billion Integration labs in the U.S. and Europe 2 million+ square feet of warehousing,
distribution and integration space 3,000+ professionals 500+ engineers and technical resources Business classification: Minority Business
Enterprise (MBE) Ownership: Privately held
2016 Phantom Cyber, Proprietary and Confidential,
Why the Interest in Automation?
feature nx-api
Nexus 3000 | 9000
Nexus 9000ACI
APIC-EM
2016 Phantom Cyber, Proprietary and Confidential,
2016 Phantom Cyber, Proprietary and Confidential,
Why Start with Ingesting Data via REST API?
Prior experience with REST API calls
Provided a means to begin learning the architecture and Lexicon
Container
Artifact
Playbooks
Asset
Owners
CEF
Test data for apps andPlaybooks
2016 Phantom Cyber, Proprietary and Confidential,
IP Phone Metadata collectionREST Ingest to Phantom
VoIPRemoteAddr
REST API Phantom Server
REST API
SOHO – RTP NC
Advanced Technology Center
>python meta_data_collection.pyUsage:
python meta_data_collection.py <phone_ip_address> <token>
>python meta_data_collection.py 192.168.0.4 JWa4redactedRG2g=Created container: 7 and artifact: 4
2016 Phantom Cyber, Proprietary and Confidential,
PhantomIngest.py Class and methods to abstract creating a container and artifacts
https://github.com/joelwking/Phantom-Cyber/tree/master/REST_ingest
import PhantomIngest as ingestfrom basic_test_constants import *## Initialize class#p = ingest.PhantomIngest(params['host'], params['token'])## Create container#kontainer = {"name": "Cras_scelerisque", "description": "characters bear no relation to living persons"}container_id = p.add_container(**kontainer)## Create artifact#art_i_fact = {"name": "Lorem Ipsum", "source_data_identifier": "IR_3458575"}cef = {'sourceAddress': '192.0.2.1', 'sourcePort': '6553'}meta_data = {"mock content": "Nunc in a velit eu, risus fusce leo ligula"}artifact_id = p.add_artifact(container_id, cef, meta_data, **art_i_fact)
print "%s \n%s \n%s" % (p.message, p.status_code, p.content)
2016 Phantom Cyber, Proprietary and Confidential,
2016 Phantom Cyber, Proprietary and Confidential,
Why develop an F5 app?
There wasn’t one! WWT is a F5 Platinum Partner and
2016 Unity™ U.S. Partner of the Year. Actively developing
automation solutions for deploying F5 using Ansible.
DC 2DC 1
F5 iControl – REST API
F5 Auto Config Sync
F5 Config.csv
2016 Phantom Cyber, Proprietary and Confidential,
F5 Appshares F5 iControl code base
2016 Phantom Cyber, Proprietary and Confidential,
F5 Network Firewall Policies
2016 Phantom Cyber, Proprietary and Confidential,
2016 Phantom Cyber, Proprietary and Confidential,
Why a Cisco Meraki app?
Meraki is Cloud Controlled WiFi, Routing and Security targeted at branch offices.
User interface primarily a GUI, provisioning APIs in Beta, now released.
Wireless APs, security (firewall) appliance, Ethernet switch.
Commonly deployed for both employee and guest access.
Goal:Demonstration of Meraki API,return output to the Phantom playbook.
2016 Phantom Cyber, Proprietary and Confidential,
Meraki “locate device”
OrganizationNetwork
DeviceClient(s)
Meraki dashboard provides a top down view of the topology
App walks the tree and locates device based on a match in MAC or Description
2016 Phantom Cyber, Proprietary and Confidential,
Key Take-aways
A community edition, extensible architecture is the ideal software delivery model in a Software-Defined world.
…select technologies that embrace open standards for ingesting data and enriching it.*
* https://blog.phantom.us/2016/07/14/series-defining-security-automation-orchestration-automatic-ingestion-enrichment-of-data/
Exploit regularity to create patterns, automate the patterns.
… Dinesh Dutt Chief Scientist at Cumulus Networks
2016 Phantom Cyber, Proprietary and Confidential,
References
github.com/joelwking/Phantom-Cyber
Thank You