ChatOps将Slack等聊天应用的优点与聊天机器人强大的自动化功能相结合,以简化事件响应.
Rapid7 SOAR ProductWith ChatOps, 安全和IT专业人员可以将他们已经拥有的工作对话与他们用于执行该工作的实际工具集成在一起. 他们还可以使用ChatOps来协调IT和安全流程,以便更清楚地了解他们的安全环境.
具有协作功能和聊天机器人驱动的自动化功能,可在单个界面中使用, security and IT teams can engage in group conversations, automate key security tasks, 并访问团队成员实时采取的行动的完整视图. This helps them work more efficiently, 将软件更新或补丁部署到生产中,并以更快的速度解决潜在的安全事件.
ChatOps, a term that was originally coined on GitHub, 有时也被称为对话驱动的协作或对话驱动的DevOps. With ChatOps facilitating timely collaboration between security and IT teams, organizations can improve and accelerate their security incident response processes.
While gathered in a chat room, 团队成员键入聊天机器人使用插件或自定义脚本执行的命令. For example, 安全分析师可以在群组聊天中直接发出命令,告诉聊天机器人聚合关键信息并检索漏洞的修复程序.
The chatbot then hands that command off to IT, who accepts and applies the patch. 完成后,聊天机器人可以返回结果的详细日志来验证 patching was successful—right into the chat window. Not only can the entire team see exactly what has happened, but it can also coordinate follow-up steps in real time.
ChatOps can aid in orchestrating incident response as well, 与安全系统集成,在发生事故时及时发出通知. For example, 入侵检测系统可以在凌晨2点触发一个关于异常代码部署的警报到Slack通道.m.
Upon seeing this alert pop up, 然后,开发团队的成员可以通知其他人,让他们知道这就是他,他现在正在欧洲旅行, the unusual time for the deployment. On the other hand, if it turned out no one was sure what caused the alert, 团队可以直接在Slack渠道中动员快速响应,而不必召开耗时的作战室会议.
正如软件开发团队所知,构建和部署应用程序可能是一个复杂的过程. With the transparency that ChatOps provides, no one has to wonder who issued a command if a glitch arises, 因为所有人都可以在聊天窗口看到所发生的事情的完整记录.
Developers can collectively diagnose and resolve issues as they crop up. Security teams can even designate Slack channel(s) to orchestrate routine tasks, such as routine investigatory follow-ups, alert enrichment, or malware containment, so they can more easily focus on more strategic priorities such as threat hunting and responding.
The automation enabled within ChatOps can reduce instances of human error, 使开发人员能够自动执行已经经过测试和审查的命令. Since everyone is in the same chat session, 团队成员可以快速发布和完成请求,而不必使用繁琐的票务流程.
非技术人员甚至可以使用ChatOps来检查事件的状态,而不会打扰开发人员或他们的安全同事, allowing them to concentrate on the task at hand. ChatOps中提供的实时文档不仅从工作流优化的角度来看是有益的,而且对于法规遵从性和安全性也是有益的.
ChatOps also streamlines remote team collaboration and new hire orientation, 帮助同事更轻松地协调他们的共同工作,无论他们的地理位置或任期长短. ChatOps also builds team camaraderie, bringing a little fun into the development and incident response processes.
And, with streamlined mobile access to the tools they use at work, 开发人员和他们的安全同事可以处理时间敏感的请求或问题,无论他们发生在哪里——无论是在咖啡店还是排队看电影.
Ultimately, ChatOps加快了产品上市时间,同时也显著减少了评估和解决潜在安全事件所需的时间.
Thinking of using ChatOps at your organization? These four tips can help you make the most of your solution:
您选择的ChatOps工具将取决于您的协作、开发和安全需求. For example, not all security tools may integrate with chat apps such as Slack—or, if they do, the integration may be only one-way, 为你提供通知,而不让你把任务从Slack委派给你的同事 security orchestration tools. 确保选择最能支持团队工作流需求的ChatOps工具.
在组织中存在对自动化的重大文化阻力并不罕见. 出于这个原因,最好从小的更改开始,并在此基础上逐步构建.
尝试从一些被动的东西开始,比如自动查询,然后再进行自动部署任务. 通过逐步和仔细地向参与的每个人展示ChatOps的好处, 你可以建立他们对技术的信心,增加你成功的机会.
您可以将聊天机器人配置为根据您在聊天会话过程中自然使用的语言执行命令. For example, if you ask your colleagues, “Hey, what’s going on with this server?你的聊天机器人可以自动启动并返回你要求的信息,而不需要任何人动一根手指. This makes everyone’s work more convenient, increasing the likelihood of adoption.
Team members are going to query your chatbot as they’re learning how to use it. 对于那些刚刚了解公司运作方式的新员工来说尤其如此. 配置你的聊天机器人,让它在人们询问如何使用某些命令时给出有用的答案. 如果你愿意,你甚至可以给它注入一些符合公司文化的个性.
ChatOps将开发人员和安全专业人员直接使用的工具置于工作场所对话中, 加强团队协作,解决从事件响应到补丁部署等各种任务的问题. ChatOps can even be beneficial from a cultural standpoint, strengthening work relationships and boosting your team’s effectiveness. With the powerful security automation and collaboration capabilities found in ChatOps, 您的公司可以加速其事件响应,并实现更快的上市时间.