SOC Update (27 Apr - 30 Apr 2020)
Progress / Completed Projects & Tasks
- SIEMonster Sec Prod Roll-out
- AWS GuarDuty and VPC logs via Wazuh S3 bucket config tested and completed.
- Pushed tvlk-dev GuardDuty and vpc logs account for testing.
- UTM Hardening applied in SG UTMs. Logs being collected.
- WordPress Hardening Guide 1st Draft completed.
- Tlvk-dev clean up.
- Audited and clean up 40+ accounts of users no longer in Traveloka.
Plan / Work in progress
- SIEMonster Sec Prod Roll-out on AWS
- Windows Servers. (Sysmon, Wazuh, winlogbeat) roll out to all 80+ servers.
- Continue working on integrating other relevant log sources.
- Kaspersky AV logs and Ad-Audit Plus logs.
- UTMs logs from other sites.
- AWS Guarduty logs and Cloud Conformity alert integration from central logs tvlk-audit account.
- Continue testing OpenSource EDR tools + DLP related capabilities (Velociraptor vs OS-Query)
- End-point AV Kaspersky policy audit and deployment coverage review.
- Finalize AV Policy Config Document with the recommendations.
- Linux Hardening Golden AMI tools
- Helping Ravi reviewing and finalising the hardening scripts. ( Ansible + Bash and Oval)
- Onboard tvlk-dev and tvlk-data AWS accounts to SSO(on-going)
- Little progress in tvlk-dev.
- Reviewing active user accounts for the past 15 days and plan to action to enforce SSO and disable non-active accounts.
- Phralad Ram stepped out to try and help with the enforcement.
- Discuss plan of action and prepare notice to stake holders.
- Need to align with Johaness and HR to fix the clean up procedure going forward for this and other aws account.
- Akamai WAF IP Reputation Module CR in hold.
- We will re-align with the FE team first to find out if they have resources to re-engage with us on this. Reset new Timeline / ETA.
Roadblocks / Problems
- AWS Centralized logs Project tlvk-audit currently in hold
- Infra -cloud under cost reduction project.
Notable Incidents
None