spyros gasteratos
Spyros has over 15 years of experience building and maintaing DevSecOps programmes in organizations of all sizes. He's a passionate OpenSource supporter and his latest interest is security information and tooling harmonization. To this end he maintains the open source projects Smithy -- the security tooling workflow automation enigne and OpenCRE.org the largest security knowledge graph in the world.
Session
In today’s world, security without tool and information harmonization is impossible.
Sadly and understandably, most security projects excel at doing one thing very well, however this is insufficient for most projects and organizations who need a combination of tooling in order to efficiently implement a cybersecurity strategy.
This is why we built and open-sourced Smithy.
Smithy is a framework/SDK and an optional execution engine that allows practitioners to orchestrate any security tool and translate its information to the popular security results standard OCSF. Translating outputs to OCSF format is not an easy process as the standard can be loose in some parts.
In this talk we will walk the audience through our context, why we built Smithy, how the SDK works and our design decisions. We’ll also talk about how we leveraged protobuf to extend the OCSF format and accelerate our development thanks to its strong types, code generation capabilities and built in versioning.
Further we will show participants what are the supported components, how to create a sample component and of course pitfalls, tips and tricks.
At the end of the talk, participants will be able to orchestrate any security tool that provides an api or some sort of way to gather its results into any cybersecurity programme, for free.