SOC Update (9-13 March 2020)
Progress / Completed Projects & Tasks
- Fortigate Firewall / UTM Security features standard and hardening.
- Standard agreed and pushed to Wisma 77 firewall in ID.
- Akamai WAF IP Reputation Module
- Initial meeting help with infra web team to discuss plan of action.
- Showed client reputations findings for www and m for the last 90 days.
- FAQ and Project Documentation released
- AWS Centralised Security Logging Project
- Final discussion held with infra team to move forward with implementation.
- Linux Hardening Golden AMI tools
- Exploring tools
- Access to AWS inspector granted in tvlk-sec-dev
- SIEMonster Pre-Prod Roll-out on AWS
- Issues with the Master Agreement and Tax withholding and Net30 vs Net6 resolved. AP to process invoice.
Plan / Work in progress
- SIEMonster Pre-Prod Roll-out on AWS
- Akamai WAF IP Reputation Module
- 2nd meeting to discuss further question and go over timeline and review of the data shared.
- Craft notice for the rest of stakeholders on www and m.
- Onboard tvlk-dev and tvlk-data AWS accounts to SAML (on-going)
- Incident Playbooks , SoP in the works.
- Linux Hardening Golden AMI tools
- Finalising Ubuntu and revamping actionable and scriptable hardening guide.
- Exploring tools to provide actionable scriptable hardening.
- Oval + Vulns + Ansible.
- AWS Inspector
- Project page
Roadblocks / Problems
Notable Incidents
SOC-113 Possible Database dump posted in Twitter
RCA: TBD
Status: Possible false claim. DB schema has not been recognised by any team. Reporter (“hacker) ”has been persuaded to remove the posts from twitter and facebook and instead report to us responsible via the BugCrowd. Invitation has been given but no report has been submitted.
https://29022131.atlassian.net/browse/SOC-113