Hey all,
Currently have some tasks around pulling together some central process for the upkeep of our infrastructure (Patching critical devices for vulnerabilities/ bugs etc). Unfortunately, we don't have any central inventory or NSOT system due to the way org is structured to use as a base. (Separate distinct BUs)
The current process is around excel documents and manual data entry from version reports (Cattools) and then manual lookups to Vendors for the latest code etc.
Was wondering how others have this and what tooling you may use? Dabbled in some Python scripts to pull vulnerability details from cisco and have been thinking how to pull this into a repeatable process and automate as much it as possible, as this will be handed off to other teams to manage on day-to-day.
My initial thoughts were NSOT (Netbox?) w/inventory of devices > interacts with devices to get the latest data (NAPALM/ ANSIBLE) > interacts with vulnerability data (Via Public APIs) > engineer reviews data (New vulnerability this version X is vulnerable) and initiates upgrades. (Actual upgrade part is separate although forms part of the process).
Powerapps (Microsoft) could be an option for that external lookup but might involve some manual entry.
Any thoughts on this would be appreciated.
EDIT: We do have a CMDB (service now) coming but this is for one part of the business only.
No comments:
Post a Comment