This week's articles
The Githubification of InfoSec
This paper from John Lambert
shows how a community-based approach of infosec can speed up learning for defenders. The tools are already there: attack knowledge curated in the MITRE ATT&CK framework, detection definitions expressed in Sigma rules, and repeatable analysis written in Jupyter notebooks form a stackable set of practices. If organizations were to contribute and share their unique expertise using these frameworks, and organizations were in this way to build on the expertise of others, defenders in every organization would benefit from the best defense in any organization.
Kubernetes Audit: Making Log Auditing a Viable Practice Again
This blog post from the CNCF examines how audit logs are configured and used in the Kubernetes world, what valuable information they contain, and how they can be utilized to enhance the security of a Kubernetes-based data center.
OPA Summit 2019 Recap
If you are an OPA (Open Policy Agent) user, then you won't want to miss their recap on the OPA happenings at KubeCon 2019. Within the article, many good talks are listed: from how Pinterest uses OPA, to how Chef uses OPA to implement IAM in Chef Automate, and how Goldman Sachs uses OPA to do policy-based provisioning in Kubernetes.
The GitOps Engine
Two of the biggest GitOps projects (Argo CD and Flux CD) are joining forces to create the ultimate GitOps solution. The first step on this journey is the GitOps Engine, which will be responsible for access to Git repositories, Kubernetes resource cache, manifest generation, resources reconciliation, etc.
An enterprise friendly way of detecting and preventing secrets in code. However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backwards compatible, systematic means of preventing new secrets from entering the code base, detecting if such preventions are explicitly bypassed, and providing a checklist of secrets to roll, and migrate off to a more secure storage.
HashiCorp Vault SSH CA and Sentinel
In this post, Hashicorp shows how to use, audit, and enforce policies on a SSH certificate authority workflow with Vault.
Dynamic Secrets with Terraform and Vault
This blog post is about how you can avoid any static secrets inside your infrastructure as code using Terraform and Vault’s dynamic secrets, and provides an example of Vault-generated dynamic secrets deployed via Terraform.
Announcing omnibot: a Slack proxy and Slack bot framework
Lyft just announced the initial open source release of omnibot
: a Slack proxy, and Slack bot framework. Ultimately, omnibot is a Slack-specialized HTTP proxy. You can point all Slack apps at omnibot for event subscriptions, slash commands, and interactive components. omnibot routes those events to configured callbacks, whether the callbacks are within omnibot, or in another backend service.
Security release of Envoy 1.12.2 is now available
EnvoyProxy v1.12.2 has been released to address 3 vulnerabilities: 1 Critical (CVE-2019-18801), and 2 High (CVE-1019-18802, CVE-1019-18838). Update if you are impacted.