Security Operations Deployment Team

Europe/London
    • 1
      General
      • Pakiti update
      • SOC update
      • Firewall analysis update

      Security Operations Deployment Meeting

      15/03/2022

      Attendees

      Kyle Pidgeon

      Liam Atherton

      Rob Harper

      David Crooks

      Thomas Birkett

      Greg Corbett

      Chris Brew

      Ian Collier

      Anish Mudaraddi

      Derek Ross

      Philip Garrad

       

      Start 9:34

      Intro

      1st meeting of SOC

      Special circumstances – Services need to be patched by April 1st

                    How to make a one off request something that is business as usual

                    Philip and David creating definition of “Fully Patched”

      Patching and Pakiti

      Things to do within the next couple of weeks to make patching easier

                    Chris B– Pakiti3? Doesn’t tell patch status, just tells what is installed. Thinks there is a way to get patch status from existing data.

                                   Conclusion – No CVEs = patched

      Pakiti 2 and Pakiti 3 agree that fully up to date worker nodes have no CVEs, its possiable that there are no CVEs, would need to confirm as nodes are containerised

      David – Tom/Rob/James Adams to work on getting all the Tier-1 results into the main Pakiti instance

                    Derek to do the same for RIG

                    David to talk to Alex for Cloud

      David to set up meeting with Yakov next week

      SOC Update

      Handover from Olivier to Liam

      Hardware is in and cabled – With the exception of one cable (work to be done by Martin Summers)

      Aquilon/Zeek config installed on virtual project to apply to sec ops archtype this week

      Confluence up and running, David adding people where needed

                    Oliver SOC documentation and OpenSearch/Kafka pages

      Shared Mail box set up

      Transitioning towards being deployed, confidence in zeek beginning to be deployed by end of month

      Need Deployment checklist

      Firewall log analysis

      Logstash needs to work with OpenSearch

      Need raw syslog ideally with things that are useful or OpenSearch

      Philip to send file to Greg, Anish and Kyle (Mike Jones to get in contact with Greg/Kyle)

      AOB

      Better Time to be found for future meetings