***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/cap-security-operations-and-monitoring/blob/main/README.md) >

## CompTIA Cybersecurity Analyst (CySA+) - Course Material 2022
###### Topic: ``Automation``
***

Course material for the ``CompTIA Cybersecurity Analyst (CySA+)`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Automation](#a) <br/><br/>

- [Vulnerability Feed Configuration](#1) <br/><br/> 
    - [Plugins / Network Vulnerability Tests](#1) ``NVT`` <br/><br/>
        - [Security Content Automation Protocol](#1) ``SCAP`` <br/><br/>
            - [``NIST``](#1) <br/><br/>
                - [Accepted Practices for Automating Vulnerability Scanning](#1) <br/><br/>
        - [Open Vulnerability and Assessment Language](#1) ``OVAL`` <br/><br/>
            - [Reporting the State of Security Surrounding a Vulnerability](#1) <br/><br/>
                - ``XML Schema`` <br/><br/>
        - [Extensible Configuration Checklist Description Format](#1) ``XCCDF`` <br/><br/>
            - Best Practice Configurations <br/><br/>
                - ``XML Schema`` <br/><br/>
        - [Simple Object Access Protocol](#1) ``SOAP`` <br/><br/>
            - [Exchange Messages](#1) <br/><br/>            
                - ``XML-based Web Service Protocol`` <br/><br/>
        - [Security Assertion Markup Language](#1) ``SAML`` <br/><br/>
            - [Exchange Authentication Information between a Client / Service](#1) <br/><br/>
                - ``XML-based Data Format`` <br/><br/>       
- [``SAML``](#2) <br/><br/> 
    - [Establishing a Transaction](#2) <br/><br/> 
        - [Browser Requests a Resource](#2) <br/><br/> 
            - Associated Service <br/><br/>
        - [Redirect Browser to Validate](#2) <br/><br/> 
            - [Obtain Authenticated Session](#2) ``IdP`` <br/><br/> 
        - [Identity Provider Requests Credentials](#2) <br/><br/> 
        - [Service](#2) ``Credentials Correct`` <br/><br/>
            - [Validates Signatures / Establishes Session](#2) <br/><br/> 
- [``REST``](#2) <br/><br/> 
    - [Flexible](#2) <br/><br/> 
        - [Sent via HTTP](#2) ``Instead of Structured XML`` <br/><br/>
- [``API``](#2) <br/><br/> 
    - [Library / Programming Utility](#2) <br/><br/> 
        - [Access Functions of the Network Stack](#2) ``TCP/IP`` <br/><br/> 
        - [Automate Provisioning of Resources](#2) <br/><br/> 
        - [Configure Changes to 3rd-party Solutions](#2) <br/><br/> 
- [Scripting](#3) <br/><br/> 
- [Workflow Orchestration](#4) <br/><br/> 
    - [Advanced Automation within a Large Enterprise Setting](#4) <br/><br/>
        - [Keep Track of Scripts / Help Schedule Triggers](#4) <br/><br/>
            - [Tools](#4) <br/><br/>
                - [ [``chef.io``](https://www.chef.io/) ] <br/><br/>
                - [ [``Puppet``](https://puppet.com/) ] <br/><br/>
                - [ [``Ansible``](https://www.ansible.com/) ] <br/><br/>
                - [ [``Docker``](https://www.docker.com/) ] <br/><br/>
    - [Serverless](#4) <br/><br/>
        - [Service Category](#4) ``Compute``/``Storage``/``Database``/``Messaging``/``API Gateways`` <br/><br/>
            - Configuration / Management / Billing of Servers Invisible to the End-user <br/><br/>
                - [Function as a Service/Server](#4) ``FaaS``/``Subset of Serverless`` <br/><br/>
                    - [Event-driven Computing Paradigm](#4) ``Application Code / Containers only Run in Response to Events / Requests`` <br/><br/>
- [Automating Threat Intelligence](#5) <br/><br/> 
    - [Artificial Intelligence](#5) ``AI`` <br/><br/> 
    - [Machine Learning](#5) ``ML`` <br/><br/> 
        - Solving a Task given a Labeled Dataset <br/><br/>
    - [Artificial Neural Networks](#5) ``ANN`` <br/><br/>  
- [Automated Malware Signature Creation](#6)

<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Automation
***

> Explain infrastructure vulnerability scanning automation

> Define service-oriented automation

> Compare different automation concepts

The following concepts and technologies are used to best incorporate automation into recurring security tasks like vulnerability scanning, threat feed ingestion, and detection/response procedures.

< [Table of Contents](#top) | [References](#references) >
<a id="1"></a>
***
###### Vulnerability Feed Configuration
***

A vulnerability feed is a synchronisable (same time / same rate / time-coordinated) list of data and scripts used to check for vulnerabilities - also referred to as Plugins or Network Vulnerability Tests (``NVT``).

Reviewing some key terms:

> Security Content Automation Protocol [ [``SCAP``](https://csrc.nist.gov/projects/security-content-automation-protocol/) ]

A ``NIST`` framework that outlines various accepted practices for automating vulnerability scanning - uses several different components to accomplish its mission.

> Open Vulnerability and Assessment Language [ [``OVAL``](https://oval.mitre.org/) ]

An XML schema for reporting the state of security surrounding a vulnerability.

> Extensible Configuration Checklist Description Format [ [``XCCDF``](https://www.nist.gov/publications/specification-extensible-configuration-checklist-description-format-xccdf) ] 

An XML schema specifically structured for different types of best practice configurations.

> Simple Object Access Protocol (``SOAP``)

An XML-based web service protocol that is used to exchange messages. 

By not properly securing the ``SOAP`` protocol, you are leaving web services vulnerable to probing, parsing, external references, malware, and SQL injection.

> Security Assertion Markup Language (SAML)

An XML-based data format used to exchange authentication information between a client and a service.

< [Table of Contents](#top) | [References](#references) >
<a id="2"></a>
***
###### ``SAML``/``REST``/``API``
***

[ [``SAML``](https://www.indusface.com/blog/what-is-saml-authentication/) ] oftentimes follows the same general sequence when establishing a transaction:

- Browser requests a resource from associated service.


- If a valid session is not present, the service will redirect the browser to validate and get an authenticated session from the Identity Provider [ [``IdP``](https://www.cloudflare.com/en-gb/learning/access-management/what-is-an-identity-provider/) ].


- The ``IdP`` will then request credentials if not already signed.


- Lastly, the service will validate the signatures and establish a session if they are correct.

![image.png](attachment:image.png)

``REST`` format is much more flexible and can be sent via ``HTTP`` instead of structured ``XML``.

``API`` (Application Programming Interface) is a library or programming utility used to enable software developers to access functions of the TCP/IP network stack under a particular OS.

Can be used to automate the provisioning of resources, or can be used to configure changes to third-party solutions.

< [Table of Contents](#top) | [References](#references) >
<a id="3"></a>
***
###### Scripting
***

Using popular scripting languages:

- ``JavaScript``


- ``Ruby``


- ``Python``

Administrators can create logic statements to quickly string together different types of commands and actions to perform check tests or complete tedious tasks on the fly.

< [Table of Contents](#top) | [References](#references) >
<a id="4"></a>
***
###### Workflow Orchestration
***

More advanced automation within a large enterprise setting, there are orchestration tools that can be used to keep track of all your scripts and help schedule triggers for them as needed. 

Tools that can help with resource, workload, and service orchestration tasks:

- [ [``chef.io``](https://www.chef.io/) ]


- [ [``Puppet``](https://puppet.com/) ]


- [ [``Ansible``](https://www.ansible.com/) ]


- [ [``Docker``](https://www.docker.com/) ]

> Serverless

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

- Function as a Service [ [``FaaS``](https://www.ibm.com/cloud/learn/faas) ]

A cloud service model that supports serverless software architecture by provisioning runtime containers in which to execute code in a particular programming language.


> ``Serverless`` and ``FaaS`` models rely heavily on orchestration.

Examples include ``AWS Lambda`` and ``Azure`` functions. 

Ultimately, by going with a ``FaaS`` solution, it empowers you as the consumer to only use and pay for what you need, and to not have to worry about any backend services (outside of auditing / availability issues).

< [Table of Contents](#top) | [References](#references) >
<a id="5"></a>
***
###### Automating Threat Intelligence
***

The following concepts are all used in conjunction with security monitoring tools to better automate how threat intelligence can be more proactively used in the decision making process of detection and even prevention.

> Artificial Intelligence (AI)

The science of creating machines with the ability to develop problem-solving and analysis strategies without significant human intervention.

> Machine Learning (ML)

A component of ``AI`` that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified, but without further explicit instructions.

> Artificial Neural Networks (ANN)

In ``AI``, an architecture of input, hidden, and output layers that can perform algorithmic analysis of a dataset to achieve outcome objectives - also known as neural network.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="6"></a>
***
###### Automated Malware Signature Creation
***

Once ``ML`` techniques have been mastered and properly tuned, the ability to automatically detect new malware signatures becomes streamlined and has a fast turn around.

``SOAR`` platforms are a newer technology that take all the concepts of ``ML`` and orchestration, and combine them into an all-in-one solution that helps to build out playbooks or responses to different actions as they occur.

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cybrary, "Automation," [cybrary.it](https://web.archive.org/web/20220724081418/https://www.cybrary.it/), n.d..

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK