Skip to Content
Security Automation with Ansible 2
book

Security Automation with Ansible 2

by Akash Mahajan, MADHU AKULA
December 2017
Intermediate to advanced
364 pages
7h 30m
English
Packt Publishing
Content preview from Security Automation with Ansible 2

ElastAlert rule configuration

Assuming that you already have Elastic Stack installed and logging SSH logs, use the following ElastAlert rule to trigger SSH attack IP blacklisting:

es_host: localhostes_port: 9200name: "SSH Bruteforce attack alert"type: frequencyindex: filebeat-*num_events: 20timeframe:  minutes: 1# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.htmlfilter:- query:    query_string:      query: '_type:sshlog AND login:failed AND (username: "ubuntu" OR username: "root")'alert:  - slack:      slack_webhook_url: "https://hooks.slack.com/services/xxxxx"      slack_username_override: "attack-bot"      slack_emoji_override: "robot_face" - command: ["/usr/bin/curl", "https://xxxxxxxxxxx.execute-api.us-east-1.amazonaws.com/dev/zzzzzzzzzzzzzz/ip/inframonitor/%(ip)s"] ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Implementing DevOps with Ansible 2

Implementing DevOps with Ansible 2

Jonathan McAllister
Practical Ansible 2

Practical Ansible 2

Daniel Oh, James Freeman, Fabio Alessandro Locati
Learning Ansible 2 - Second Edition
Practical Security Automation and Testing

Publisher Resources

ISBN: 9781788394512Supplemental Content