◦ Need to analyze wide variety of audit and security logs from various sources. ◦ Need to use the policy engine for automated response. • OPA ◦ Able to manage Policy as code in Rego easily ◦ Unified way to write the policies in one language across different technologies. ◦ Testing and coverage support. ◦ Simple to deploy and maintain using GitOps ◦ Built-in Decision Logs. ◦ Ability to build complex responses and not just pass/fail. ◦ Strong adoption in the OSS community and Cloud Native Why OPA & Rego for security compliance
change often, aren’t fully known at policy creation, or would simply be impractical to embed and manage inside the policy. Examples: ◦ Suspicious IP address list ◦ Groups to users list ◦ Employee list with high privileged access • It’s possible to leverage OPA policy document model data object • We built an OPA Data server that can provide the data to OPA server • OPA Data Server is called from OPA policies using built-in http functions. ◦ It uses OPA package in Go. it’s very flexible. Using dynamic external data for policies
useful for automation when handling structured security log. ◦ Able to use the ecosystem easily ◦ Able to handle various logs ◦ Able to use scalable technology and stable GitOps for policy • We can extend the ability when needed ◦ Rego can be able to handle dynamic rule by HTTP request
rung
yuj1osm
vaaaaanquish
cyberagentdevelopers
bengo4com
autifyhq
furuton
pamelafox
masahirokawahara
ny7760
shlominoach
dougneiner
chriscoyier
shpigford
hatefulcrawdad
matthewcrist
andyhume
malarkey
thoeni
keathley
thekraken
danielanewman
