Scheduled scans using Ansible Tower for operating systems and kernel security
Continuous security scanning requires us to manage it in a software like Ansible Tower. While most of the discussed tools can be used for scanning and maintaining a benchmark for security, we should think about the entire process of the incident response and threat detection workflow:
- Preparation
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
Setting up all such scanners is our preparation. Using the output of these scanners gives us the ability to detect and analyze. Both containment and recovery are beyond the scope of such tools. For the process of recovery and post-incident activity, you may want to consider playbooks that can trash the current infrastructure and recreate it as it is.
As part of our preparation, it may be useful to get familiar with the following terms as you will see them being used repeatedly in the world of vulnerability scanners and vulnerability management...