Solved

Automating SOC processes with CALM

  • 16 June 2021
  • 1 reply
  • 100 views

Badge

Hi Experts,

We have a requirement to automate SOC process as much as possible,

For example - using ticketing system (JIRA), when a request is raised to block a large list of IP's or domains, the ticket should be implemented automatically with out human intervention.

Need to understand,

  1. If it is possible to integrate CALM with JIRA workflow ? and how ?
  2. If it is possible to automate block/release process of IPs/Domains at security devices with the help of CALM? and how ?
  3. What other security related tasks we can achieve with the help of CALM here.

Looking for some direction and supportive to move ahead.

icon

Best answer by JoseNutanix 16 June 2021, 17:45

View original

This topic has been closed for comments

1 reply

Userlevel 4
Badge +5

Hi Jitendra,

  1. Calm provides an API and a CLI that can be consumed by Jira. It’s your choice which one to use. I’m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.
  2. If the security devices have an API, you can use Calm EScript tasks. If they don’t but have a CLI, then you’ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices
  3. With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases.