◦ Need to analyze wide variety of audit and security logs from various sources. ◦ Need to use the policy engine for automated response. • OPA ◦ Able to manage Policy as code in Rego easily ◦ Unified way to write the policies in one language across different technologies. ◦ Testing and coverage support. ◦ Simple to deploy and maintain using GitOps ◦ Built-in Decision Logs. ◦ Ability to build complex responses and not just pass/fail. ◦ Strong adoption in the OSS community and Cloud Native Why OPA & Rego for security compliance
change often, aren’t fully known at policy creation, or would simply be impractical to embed and manage inside the policy. Examples: ◦ Suspicious IP address list ◦ Groups to users list ◦ Employee list with high privileged access • It’s possible to leverage OPA policy document model data object • We built an OPA Data server that can provide the data to OPA server • OPA Data Server is called from OPA policies using built-in http functions. ◦ It uses OPA package in Go. it’s very flexible. Using dynamic external data for policies
useful for automation when handling structured security log. ◦ Able to use the ecosystem easily ◦ Able to handle various logs ◦ Able to use scalable technology and stable GitOps for policy • We can extend the ability when needed ◦ Rego can be able to handle dynamic rule by HTTP request