Current Status
Week 10 (days 24.-28.7.)
Final week of the WIMMA Lab. We were supposed to focus on documentation, but we still had a lot to do regarding Broseidon. The open source team continued working with Misp and managed to integrate it with Wazuh. The Palo Alto oriented team configured some alerts, but concentrated mostly on documentation planning and writing.
On the DevOps side of things we mostly focused on final touches and small fixes. The Career Scouter team made some changes to their application, so we worked with them to get it working. We also fixed TLS encryption for Tukko.
The testing team successfully built the integration triangle. Now we had the capability to automatically fetch tests from GitLab using Argo CD and trigger Testcube to run those tests.
Week 9 (days 17.-21.7.)
The Palo Alto oriented team worked on forwarding notifications and alerts from Prisma Cloud. With some effort, we managed to get simple alerts to show on Discord using webhooks. We also experimented with Prisma Cloud integration with Slack, which offered more detailed and polished alerts out of the box. Prisma Cloud integration with Teams was ostensibly successful, but alerts never came through.
The testing team managed to integrate Testkube with ArgoCD using plugins. We configured Testkube to run tests automatically whenever an appropriate Kubernetes resource for the application changed. We then started looking into how to fetch the tests from developers’ repositories.
The open source team managed to install containerized MISP on a dedicated machine due to high resource requirements. MISP integration with Wazuh is still work-in-progress. We also learned how to implement custom rules for Wazuh.
Week 8 (days 10.-14.7.)
This week Mysticons spent a couple of days getting the documentation up to date. We reviewed everything we had done so far and prioritized getting OPF to a presentable shape. Other small work included working on test automation and cooperating with a test tribe on how we could benefit from Testkube. On the pipeline side of things it was mostly fixing bugs.
The open source team focused on how to configure Wazuh and add integrations. We learned how to use Shuffle for alert redirection and managed to integrate it with Wazuh. Shuffle was then successfully configured to send the alerts to Discord.
The Palo Alto oriented team looked into ways to shift security more left. We experimented with twistcli-tool to scan the libraries the developers use. We also tested the Palo Alto VScode plugin and how it could be used to prevent security issues even before committing any code. Besides that, we evaluated the highest priority problems to concentrate on in the PA cluster. At the end of the week we managed to get Defenders deployed correctly and gained visibility into the cluster.
Week 7 (days 3.-7.7.)
Happy week!
This week we managed to integrate Prisma Cloud tools and a good part of the open source SOC technologies. Open source team successfully deployed Falco eBPF monitoring on the testing cluster and then integrated it into Wazuh for further visualization. The Palo Alto oriented team managed to deploy Prisma Cloud defenders on the PA cluster and also deployed them on the open source cluster for testing purposes. At first we had some integration issues when it came to connecting defenders to the Prisma Cloud, but at the end of the week we managed to get things working as intended.
On the DevOps team we improved the pipeline so that it would send the build artifacts over to the configuration repository. This means we finally had a rudimentary, yet fully automated, pipeline from the developers to the K8s clusters with the help of the Argo CD. Furthermore, Argo CD integration with Discord webhooks has been completed and it now automatically sends notifications to the Mysticons-botchannel when a new application is deployed. Testkube has also been installed on the MicroK8s and some trial tests were successfully executed.
Week 6 (days 26.-30.6.)
More K8s configuring and attempting to get it up and running so we could start implementing Palo Alto Prisma Cloud to our environment with the Palo Alto oriented team.
The Palo Alto oriented team successfully deployed a K8s cluster. Shortly after that we realized setting up a cluster with more than one master required some changes to the initialization process. After solving that problem, we started studying pod scheduling concepts; taints, affinities etc. We managed to get the ingress controllers running only on the master nodes.
Work continued on the infrastructure automation, but we didn’t have time to set up Ansible. Besides that, we wrote a simple pipeline script to build containers from dockerfiles to the GitLab registry. We also made a configuration repository for the applications so that we could finally start automating everything regarding the application deployment.
Week 5 (days 19.-22.6.)
Midsummer!
This week we redeployed the open source cluster again to affirm our knowledge. The DevOps team focused on automating the infrastructure deployment so that we could easily tear down and deploy clusters in quick succession.
The Palo Alto oriented team switched from MicroK8s to a full sized K8s cluster. Learning how to install K8s without the conveniences that Microk8s provides took the better part of the week. Work continued with the Testkube on the Minikube cluster, but it did not get to the functional state yet.
We restructured our OPF framework and made plans for how to approach documentation from now on. We made initial plans on some needed visual changes in the OPF page, mostly regarding the logos that will be used.
Week 4 (days 12.-16.6.)
Recuperation week.
This week we focused on deploying other teams’ applications on our open source cluster using Argo CD. We consulted with other teams in order to get their Git workflows suitable for deploying to Kubernetes. Separate containers were deployed but getting them to communicate was still an issue.
In the testing department we switched from Squash to Testkube and further improved our SOC stack by adding MISP, removing Grafana and investigating how to manage logging and parsing the events that will be happening inside the SOC cluster.
Week 3 (days 5.-9.6.)
Open Doors Event week!
This week we were busy preparing for the Open Doors Event. Starting the week with Palo Alto Prisma: Practice Lab. We also made significant improvements to our production environment and SOC architecture. Then we finalized our presentations and demo environments, created individual posters and got dressed well for the big day.
Week 2 (days 29.5.-2.6.)
Taking steps on building the teams OPF pages throughout the week. First versions of the upcoming hosting environment topology drawn out . Working to get ready for Open Doors in general. Elevator / introduction speeches for the Open Doors event were rehearsed.
A visit to GoFore, listening to presentations, spending time at the premise and networking. Annimari Lehtomäki visited and talked about BioPaavo and their Hackathon activities.
Week 1 (days 22.-26.5.)
Each team member started learning about the technologies we will be using, e.g. Docker, Kubernetes and SOC components. We set up individual test servers for experimenting and learning. We also started building an understanding on what we Mysticons as a team do.
We discussed more with visitors who came to give insight into their work. Topics were varied such as using GitLab or GitHub in projects, UX designing, importance of understanding user needs and about becoming a tester in the industry.
Week 0 (days 15.-19.5.)
Introduction week!
This week was a dedicated orientation week. We received a lot of information about the upcoming summer and how things are run at WIMMA Lab. We were given our assignments and we did some basic project management tasks such as filling the team and product canvases for the projects. We had several visitors throughout the week, many of them WIMMA Lab alumni, from different companies to give us a presentation on what they do.
We also came up with the preliminary plans on how to approach our assignment. We researched how SOCs and GitOps are usually implemented in production environments.