Automation SIG: A New SIG Adventure
By Aaron Kaplan
Wednesday, January 5th, 2022
Motivation
Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look
at automation.
However, there is no single silver bullet for "automating-away" all of the incident response on the defenders side.
Fortunately, FIRST is a strong community which improves security together. The Malta theme conference was "Security is not an island", SIGs are created for this
exact purpose. In other words: it makes sense to share knowledge within the SIG, learn from each other and share the condensed knowledge back to the FIRST
community. Together we are stronger. Divided we fall.
What we will do
Our aim is to start with a tour of what exists. We would like to gather your stories first. Your successes and even more interesting - your failures in order to not
repeat the same mistakes twice.
From there, we would also like to build a list of tools that have prooven to be effective together with their strenghts and weaknessess and their applicability. After
all, a tool that works very well for a specific use-case might not be the right one for a different setting. By grouping all the tools available (commercial & open-
source), each of us will have a starting point to look at which one might be appropriate to support our own needs.
Who?
We also believe in collaboration. It's why we want this SIG to be open to anyone willing to contribute but also establish links with other commmunities like IHAP
(Incident Handling Automation Projects group) and TF-CSIRT.
How to get in touch
We plan to kick-start this SIG with a short survey on your needs, your experiences and your potential input.
The SIG will have quarterly calls starting end of January 2022.
In addition, we will use FIRST's wiki for documentation purposes and for sharing your know-how
back to the wider FIRST community.
You can reach the SIG-chairs via email. In addition, we have a Slack channel.
Joining the SIG is easy: just log into the FIRST portal and click join: https://portal.first.org/g/Automation%20SIG
