When I was introduced to the Demisto playbook editor the first thing had to say was WOW, Demisto has made security automation as easy as Visio. The second thing I had to say was, damn I wish I had this for Ansible!
IT Operations has always had scripting and point solutions for specific use cases, but low-code platforms for IT Operations that tied together significant portians of the IT Infrastructure are non-existent. Innovations in IT automation have brought us fantastic tools to our warchests like Ansible, Terraform, and Chef, but these aren't necessarily making things easier for general purpose system administrators. They all require non-insignificant investments of time and study before yielding value. It's not surprising that products like ServiceNow that are bridging the gap are extremely popular.
One of the automation tools that I'm intimately familiar with is Ansible. Ansible has a mild barrier to entry and a steep learning curve to mastery, as their playbooks are written entirely in a declarative markup language with YAML, and has limited ability to perform if/then/else logic. It's meant to be declarative of desired end state with the modules determining how to get there. There is no graphical interface, or easy drag/drop workflow engine like we do in XSOAR. Many first time users see Ansible playbook development akin to programming and quickly give up. Similarly those that don't often struggle to have Ansible interact with regular users, as it doesn't have anything remotely like XSOAR's friendly user interface, data collection or reporting capabilities. It is a tool for automation engineers.
My submission is not just a XSOAR playbook, but in fact a set additional integrations that supercharge XSOAR using Ansible modules. This opens up the possibilities for many more use cases in XSOAR by filling in the gaps required for IT infrastructure operations. I like the Desolvable Host Agents in XSOAR, but they don't compare to the power of Ansible's Modules and their agentless functionality. The integrations I have written my be powered by Ansible and run on the XSOAR server itself, but are first class citizens within XSOAR with high quality command documentation, argument options, context outputs, and importantly performance and scaling. If you didn't look under the covers of the Python code, you would not know that you are using the Ansible engine at all. There is no markup or scripting to be found, and credential management for access to systems by these integrations is done with the native XSOAR platform. I have seamlessly woven the two together, giving you the power and integration breadth of Ansible within XSOAR without any addition servers or components outside of the XSOAR engine itself. You easily use my added commands just the same as any other XSOAR integration.
The gaps I have filled cover the following areas:
- Windows and Linux host management
- Cisco Routing and Switching
- Certificate and DNS management
- Control over Kubernetes
- VMware vSphere Virtualisation
- Improved Azure Integration
- Hetzner Cloud
- Alibaba Cloud
In total I have added 13 integrations and over 500 commands.
I have provided a demonstration playbook that shows the usage of the Windows host integrations in conjunction with the rich existing XSOAR functionality, in ways that would not be possible by using only XSOAR, or Ansible on it's own.
This playbook follow the SOAR philosophy of enabling an non-subject matter expert to execute a complicated procedure with protective guardrails to ensure their success.
Please note the integrations require my Ansible-Runner container to function. My PR is still in the process of being accepted: https://github.com/demisto/dockerfiles/pull/2772
In lieu of this container image being available you can generate the required image using the following XSOAR command: /docker_image_create name=ansible-runner dependencies=ansible-runner,paramiko,ansible==2.9.12,psutil,ssh_agent_setup,pywinrm>=0.2.2,requests-ntlm,hcloud>=1.0.0,pyvmomi,openshift>=0.6,pyyaml>=3.11,azure-mgmt-compute,azure-mgmt-storage,azure-mgmt-resource,azure-mgmt-network,dnspython,footmark>=1.1.16 packages=gcc,linux-libc-dev,libc6-dev,sshpass,openssh-client