Security Operations Deployment Meeting
15/03/2022
Attendees
|
Kyle Pidgeon
|
|
Liam Atherton
|
|
Rob Harper
|
|
David Crooks
|
|
Thomas Birkett
|
|
Greg Corbett
|
|
Chris Brew
|
|
Ian Collier
|
|
Anish Mudaraddi
|
|
Derek Ross
|
|
Philip Garrad
|
Start 9:34
Intro
1st meeting of SOC
Special circumstances – Services need to be patched by April 1st
How to make a one off request something that is business as usual
Philip and David creating definition of “Fully Patched”
Patching and Pakiti
Things to do within the next couple of weeks to make patching easier
Chris B– Pakiti3? Doesn’t tell patch status, just tells what is installed. Thinks there is a way to get patch status from existing data.
Conclusion – No CVEs = patched
Pakiti 2 and Pakiti 3 agree that fully up to date worker nodes have no CVEs, its possiable that there are no CVEs, would need to confirm as nodes are containerised
David – Tom/Rob/James Adams to work on getting all the Tier-1 results into the main Pakiti instance
Derek to do the same for RIG
David to talk to Alex for Cloud
David to set up meeting with Yakov next week
SOC Update
Handover from Olivier to Liam
Hardware is in and cabled – With the exception of one cable (work to be done by Martin Summers)
Aquilon/Zeek config installed on virtual project to apply to sec ops archtype this week
Confluence up and running, David adding people where needed
Oliver SOC documentation and OpenSearch/Kafka pages
Shared Mail box set up
Transitioning towards being deployed, confidence in zeek beginning to be deployed by end of month
Need Deployment checklist
Firewall log analysis
Logstash needs to work with OpenSearch
Need raw syslog ideally with things that are useful or OpenSearch
Philip to send file to Greg, Anish and Kyle (Mike Jones to get in contact with Greg/Kyle)
AOB
Better Time to be found for future meetings