Activate SecOps with Vulnerability Remediation Integrated with Tenable
SaltStack Enterprise 6.2 is now generally available and represents our continued commitment to provide innovative solutions for security and IT operations teams. This new SaltStack release integrates with leading infrastructure security tools from Tenable and Splunk to help activate SecOps teams through automated vulnerability remediation. Highlights of this release include:
- The ability to use SaltStack Protect to remediate vulnerabilities discovered by Tenable.io vulnerability scans.
- Event-driven automation integrated with Splunk.
Integrate the best vulnerability management with the best vulnerability remediation
Tenable is widely recognized as one of the best vulnerability management solutions in the industry. According to an analysis by Principled Technologies, Tenable is the number one platform in the market for vulnerability and security configuration covering up to 22% more CVEs than comparable tools.
It’s no surprise that when we talked to our own customers, SaltStack integration with Tenable.io was one of the most sought after features for security operations teams.
With the release of SaltStack Enterprise 6.2, we are happy to announce the availability of integration with Tenable products; which SaltStack customers can now use to import Tenable.io vulnerability assessment scans into SaltStack Protect (a SaltStack Enterprise add-on module) to automate the remediation of infrastructure vulnerabilities.
The SaltStack integration with Tenable helps security and IT teams solve a common disconnect I discuss with the Security Weekly team in this webcast. It is the classic SecOps challenge in which security teams perform assessments and then hand off unwieldy spreadsheets or PDF reports that include thousands of un-actionable vulnerabilities for the IT operations team to remediate.
Here’s a quick video preview of how the SaltStack integration with Tenable works.
Please note, in this release we took a file-based approach to import vulnerabilities from Tenable products, but watch for an API-level integration in an upcoming SaltStack release.
Splunk Integration Example
Splunk has done an amazing job helping security and IT operations teams use data to optimize and secure digital infrastructure. In its simplest form SaltStack Enterprise customers can configure the Splunk Universal Forwarder to feed SaltStack-generated events to Splunk to be indexed.
The Splunk integration combined with another new SaltStack Enterprise 6.2 feature is the ability to forward events to any Salt Returner such as Redis, SQL, or even a local file.
Here’s an example of how the Splunk Universal Forwarder can be configured in the SaltStack Enterprise Operations Framework (raas.conf) to write events to a file. This can then be sent to a monitoring solution such as Splunk, Datadog, ElasticSearch or a similar service.
event_return_queue: 10 event_return_queue_max_seconds: 5 sseapi_rpc_queue: name: sseapi-rpc strategy: always push_interval: 5 batch_limit: 20 age_limit: 3600 size_limit: 360000 vacuum_interval: 86400 vacuum_limit: 100000 sseapi_event_queue: name: sseapi-events strategy: always push_interval: 5 batch_limit: 20 age_limit: 86400 size_limit: 35000000 vacuum_interval: 86400 vacuum_limit: 350000 forward: - rawfile_json
Now with these two simple steps the integration is possible:
./splunk add forward-server http://SPLUNK-IP:9997 -auth admin:password (configure forwarder)
./splunk add monitor /tmp/events.json (monitor the file with Splunk forwarder)
Once the forwarding is configured, the SaltStack machine data can then be analyzed in Splunk. Here’s an example:
A similar approach with the Salt Returner would work with other vendors such as Datadog, ElasticSearch, and many other monitoring solutions.
Try SaltStack Software
Join this webinar to see a demo of the SaltStack Enterprise 6.2 release in action. If you want to see for yourself, there are three ways to try SaltStack software depending on your familiarity:
- If you are new to SaltStack, try hosted tutorials of Salt, SaltStack Enterprise and SaltStack products for SecOps. Nothing to install.
- Existing customers can download SaltStack Enterprise 6.2.
- Request a free trial of SaltStack Enterprise and SaltStack SecOps products here.