This blog will cover enabling SecOps functionality on SaltStack, which provides compliance and vulnerability capabilities for the workload.
Before we dive into how to enable the SecOPs feature, I will quickly share a bit more on VMware SaltStack.
SaltStack, by default, comes as SaltStack Config, which helps maintain configuration and perform day 2 actions. Essentially, the benefit of SaltStack is to provide native config management, self-healing config with event-driven automation & orchestration. It supports building and scheduling repeatable jobs for self-service automation. Also, preserve tons of workload/systems with fast, hyper-scale automation. SaltStack supports flexible control with agents, agentless, and API proxy agents.
For more details on SaltStack, please refer to the official VMware documentation.
Now, what is SecOps functionality within SaltStack? Let’s go through it quickly before we see how to enable the feature.SaltStack SecOps is an offering to provide IT compliance and vulnerability management. It actively ingests vendor CVE advisories, builds scans and remediations workflow to address them, and delivers this security content to customers as a service.
One key aspect is that it actively detects and fixes compliance drift with automated remediation, saving resources, improving the security posture, and reducing the risk.
SaltStack SecOps isn’t shipped by default with SaltStack Config deployment. Instead, customers need to acquire an appropriate SecOps add-on license to enable this feature.
Let us see how to enable this feature in SaltStack Config.
As you see in the below screenshot, Compliance and Vulnerability tabs/objects are missing. Here is what you see after the initial deployment of StaltStack Config.
To enable the SecOps feature, we need to add the license key into the SaltStack Config vApp.
Connect to the SaltStack via SSH and create a file under /etc/raas directory.
Next, change the file ownership and assign permissions.
Finally, restart the SaltStack raas service. Login into the SaltStack config to verify the SecOps functionality.
Notice, additional features are now available as ‘Compliance’ & ‘Vulnerability’. Besides, you can see SecOps tab is enabled now under Administration.
Before we wrap this blog, this is how SaltStack SecOps Compliance policies show a ‘compliance’ and ‘assessment’ summary for the workload you intend to check compliance.
