Automating SOC processes with CALM | Nutanix Community
Skip to main content
Solved

Automating SOC processes with CALM

  • June 16, 2021
  • 1 reply
  • 112 views
J
Forum|alt.badge.img

Hi Experts,

We have a requirement to automate SOC process as much as possible,

For example - using ticketing system (JIRA), when a request is raised to block a large list of IP's or domains, the ticket should be implemented automatically with out human intervention.

Need to understand,

  1. If it is possible to integrate CALM with JIRA workflow ? and how ?
  2. If it is possible to automate block/release process of IPs/Domains at security devices with the help of CALM? and how ?
  3. What other security related tasks we can achieve with the help of CALM here.

Looking for some direction and supportive to move ahead.

Best answer by JoseNutanix

Hi Jitendra,

  1. Calm provides an API and a CLI that can be consumed by Jira. It’s your choice which one to use. I’m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.
  2. If the security devices have an API, you can use Calm EScript tasks. If they don’t but have a CLI, then you’ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices
  3. With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases. 
View original
Did this topic help you find an answer to your question?
This topic has been closed for comments

1 reply

JoseNutanix
Nutanix Employee
Forum|alt.badge.img+5
  • JoseNutanixNutanix Employee
  • Nutanix Employee
  • 150 replies
  • Answer
  • June 16, 2021

Hi Jitendra,

  1. Calm provides an API and a CLI that can be consumed by Jira. It’s your choice which one to use. I’m not familiar with Jira workflow, but if it is able to connect to a machine hosting the Calm CLI (Calm DSL), then this will be the easier approach to follow if you are unfamiliar with Calm APIs.
  2. If the security devices have an API, you can use Calm EScript tasks. If they don’t but have a CLI, then you’ll have to check if using Endpoints Calm is able to connect via SSH to them. Calm requires SFTP enabled in the remote device. Not all the times this approach works due to security enforcement enabled in those devices
  3. With Calm you can achieve pretty much what you need. With the approaches shared before that should give you an idea to understand how you can address other use cases. 
Jose Gomez | Sr. Tech Marketing Engineer for NCM and Cloud Native | jose.gomez@nutanix.com | @pipoe2h
Terms & Conditions