$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
•Download as PPTX, PDF•
1 like•964 views
@tryphantom Orchestrate Security with Phantom
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to $10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
Similar to $10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki (20)
More from Joel W. King
More from Joel W. King (16)
Recently uploaded
Recently uploaded (20)
$10,000 Phantom App & Playbook Contest - F5 and Cisco Meraki
- 1. Joel W. King Engineering and Innovations - Network Solutions, World Wide Technology, Inc. joel.king@wwt.com
- 2. 2016 Phantom Cyber, Proprietary and Confidential, Goal How we got here? Focus on ‘Why’ rather than ‘What’ Data Ingest F5 App Meraki App Key Take-aways
- 3. 2016 Phantom Cyber, Proprietary and Confidential, whoami Past Experience NetApp: Digital Video Surveillance | Big Data | E-Series Cisco: Enterprise Systems Engineering (ESE) Cisco Validated Designs (CVDs) AMP Incorporated: Network Architect | CCIE No. 1846 (retired) Joel W. King joel.king@wwt.com @joel_w_king github.com/joelwking www.linkedin.com/in/programmablenetworks
- 4. World Wide Technology Headquartered in St. Louis, Missouri 2015 revenue: $7.4 billion Integration labs in the U.S. and Europe 2 million+ square feet of warehousing, distribution and integration space 3,000+ professionals 500+ engineers and technical resources Business classification: Minority Business Enterprise (MBE) Ownership: Privately held 4
- 5. 2016 Phantom Cyber, Proprietary and Confidential, Why the Interest in Automation? feature nx-api Nexus 3000 | 9000 Nexus 9000 ACI APIC-EM
- 6. 2016 Phantom Cyber, Proprietary and Confidential,
- 7. 2016 Phantom Cyber, Proprietary and Confidential, Why Start with Ingesting Data via REST API? Prior experience with REST API calls Provided a means to begin learning the architecture and Lexicon Container Artifact Playbooks Asset Owners CEF Test data for apps and Playbooks
- 8. 2016 Phantom Cyber, Proprietary and Confidential, IP Phone Metadata collection REST Ingest to Phantom VoIP RemoteAddr REST API Phantom Server REST API SOHO – RTP NC Advanced Technology Center >python meta_data_collection.py Usage: python meta_data_collection.py <phone_ip_address> <token> >python meta_data_collection.py 192.168.0.4 JWa4redactedRG2g= Created container: 7 and artifact: 4
- 9. 2016 Phantom Cyber, Proprietary and Confidential, PhantomIngest.py Class and methods to abstract creating a container and artifacts https://github.com/joelwking/Phantom-Cyber/tree/master/REST_ingest import PhantomIngest as ingest from basic_test_constants import * # # Initialize class # p = ingest.PhantomIngest(params['host'], params['token']) # # Create container # kontainer = {"name": "Cras_scelerisque", "description": "characters bear no relation to living persons"} container_id = p.add_container(**kontainer) # # Create artifact # art_i_fact = {"name": "Lorem Ipsum", "source_data_identifier": "IR_3458575"} cef = {'sourceAddress': '192.0.2.1', 'sourcePort': '6553'} meta_data = {"mock content": "Nunc in a velit eu, risus fusce leo ligula"} artifact_id = p.add_artifact(container_id, cef, meta_data, **art_i_fact) print "%s n%s n%s" % (p.message, p.status_code, p.content)
- 10. 2016 Phantom Cyber, Proprietary and Confidential,
- 11. 2016 Phantom Cyber, Proprietary and Confidential, Why develop an F5 app? There wasn’t one! WWT is a F5 Platinum Partner and 2016 Unity™ U.S. Partner of the Year. Actively developing automation solutions for deploying F5 using Ansible. DC 2DC 1 F5 iControl – REST API F5 Auto Config Sync F5 Config.csv
- 12. 2016 Phantom Cyber, Proprietary and Confidential, F5 App shares F5 iControl code base
- 13. 2016 Phantom Cyber, Proprietary and Confidential, F5 Network Firewall Policies
- 14. 2016 Phantom Cyber, Proprietary and Confidential,
- 15. 2016 Phantom Cyber, Proprietary and Confidential, Why a Cisco Meraki app? Meraki is Cloud Controlled WiFi, Routing and Security targeted at branch offices. User interface primarily a GUI, provisioning APIs in Beta, now released. Wireless APs, security (firewall) appliance, Ethernet switch. Commonly deployed for both employee and guest access. Goal: Demonstration of Meraki API, return output to the Phantom playbook.
- 16. 2016 Phantom Cyber, Proprietary and Confidential, Meraki “locate device” Organization Network Device Client(s) Meraki dashboard provides a top down view of the topology App walks the tree and locates device based on a match in MAC or Description
- 17. 2016 Phantom Cyber, Proprietary and Confidential, Key Take-aways A community edition, extensible architecture is the ideal software delivery model in a Software-Defined world. …select technologies that embrace open standards for ingesting data and enriching it.* * https://blog.phantom.us/2016/07/14/series-defining-security-automation-orchestration- automatic-ingestion-enrichment-of-data/ Exploit regularity to create patterns, automate the patterns. … Dinesh Dutt Chief Scientist at Cumulus Networks
- 18. 2016 Phantom Cyber, Proprietary and Confidential, References github.com/joelwking/Phantom-Cyber
- 19. Thank You