PyCon 2019 | A Snake in the Bits: Security Automation with Python

PyCon 2019 | A Snake in the Bits: Security Automation with Python

Partner with aster.cloud
for your next big idea.
Let us know here.

From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.

CYBERPOGO.COM :: For the Arts, Sciences, and Technology.

DADAHACKS.COM :: Parenting For The Rest Of Us.

ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.

TAKUMAKU.COM :: For The Hearth And Home.

ASTER.CLOUD :: From The Cloud And Beyond.

LIWAIWAI.COM :: Intelligence, Inside and Outside.

GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.

FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.

ASTERCASTER.COM :: Supra Astra. Beyond The Stars.

BARTDAY.COM :: Prosperity For Everyone.

Speaker: Moses Schwartz, Andy Culler Security incident response is an intense, high stress, high skill job that relies heavily on human judgement. Despite that, for reasons that we can’t begin to understand, a big part of an incident responder’s job seems to be opening numerous browser tabs and copy-pasting bits of text from one system to another. The hard parts of incident response can’t be automated, but there are entire classes of busy-work that we can eliminate with a few web hooks and some artisanal Python.

In this talk we’re going to discuss how to use Python to automate security incident response team (SIRT) operations. We’ll give an overview of what a typical SecOps/SIRT infrastructure looks like, how and where automation fits in, and dive into some code. We’ll walk through a simple example, with screenshots and code, of automating a SecOps process. We want to show that getting started with security automation doesn’t have to be difficult or expensive (though vendors will happily take your money). Just a little bit of Python can make some great quality of life improvements for incident responders.

Slides can be found at: https://speakerdeck.com/pycon2019 and https://github.com/PyCon/2019-slides