Hello all,
I'd just like to stress a point that Liviu brought up in the last SOC
meeting, that even if you don't currently have the resources to set up a
production Bro instance there is still a lot to be gained from learning
how to set up Bro even on a "dummy" instance like a small VM listening
to its own ports. So don't let a lack of hardware put you off!
Cheers,
Matt
On 14/11/17 13:28, David Crooks wrote:
> Dear all,
>
> As we talked about in Ops this morning, the first workshop of the WLCG SOC working group will take place at CERN on the 11th (afternoon) and 12th (all day) of December 2017 (https://indico.cern.ch/event/676160/). The workshop format will be that of a hands-on hackathon with the aim of helping attendees with deployment of security tools like Bro and MISP at their local sites. Where possible sites should anticipate having resources identified prior to the workshop to allow for assisted deployments.
>
> To help sites decide if they would benefit from attending, we would identify these broad areas as being of particular focus for this workshop:
>
> 1) Installation of Bro
> 2) Installation of MISP
> 3) Integration of Bro & MISP
> 4) Enrichment of Bro data and integration into wider SOC components
>
> The intention of the workshop is to allow sites with different levels of experience and areas of interest to make meaningful progress. As such a single formal structure for the main workshop cannot be defined in advance, however a guide timeline for a site with no previous experience could be (for the full day of the 12th of December):
>
> 9-10: Initial site preparation including network configuration and initial basic configuration
> 10-12: Initial installation and configuration of Bro
> 2-3: Initial installation and configuration of MISP web instance
> 3-4: Integration of MISP and Bro
> 4-6: Discussion
>
> The workshop page be found on indico here: https://indico.cern.ch/event/676160/ . The outline agenda for each day is planned as (exact timings to follow):
>
> Monday 2pm-6pm
> - Introduction
> - Demonstration of CERN SOC
> - Discussion of outcomes for the workshop including necessary components and specific goals of individual sites
>
> Tuesday 9am-6pm
> - Guided workshop as discussed above
> - Identify areas where sites can work together, for example to generate provisioning modules or to enhance existing documentation
> - Wrap up period to include feedback, ongoing activities generated from workshop, future goals for working group, and potential future workshop plans
>
> Additional resources can be found at the working group website: https://wlcg-soc-wg.web.cern.ch/. If you are interested in attending please register on the indico page and contact myself ([log in to unmask]) and Liviu Vâlsan ([log in to unmask]) to let us know if you are intending to attend in person. If you require a visitor’s pass to attend in person, please make a note of this in the registration.
>
> Best wishes,
> David
>
>
>
>
> [University of Glasgow: The Times Scottish University of the Year 2018]
>
|
