When something goes wrong or looks fishy for a particular host in your infrastructure how do you know who to ask about it? In an infrastructure managed by many and used by many it is also helpful to know what each hosts’ purpose is. In this article we show how to add maintainer and purpose information to individual hosts in your infrastructure via the CMDB feature of Mission Portal. We will also add a Build Module to add this information to the /etc/motd file for each associated host.

File integrity monitoring is an important aspect in managing your infrastructure. Tripwire and AIDE are often cited as necessary tools by compliance frameworks1,2,3. Of course CFEngine can manage a file to make sure it contains desired content, but did you know that CFEngine also has the capability to simply monitor a file for change? In this blog post we take a look at CFEngines’ changes attribute for files promises.

As it was well received last year, we decided to do another security-focused holiday calendar this year. The concept was roughly the same, but instead of only adding security hardening modules, we’ve also added in some other security advice and blog posts to improve the variety. Now that we’re halfway through to 24 (or 25), let’s recap the first half of the calendar.

Automation can reduce the complexity of Kubernetes deployment and management, enabling organizations to devote their energies to creating business value rather than wrestling with their Kubernetes infrastructure.

Most automation approaches start in the same place; coding. For years, IT professionals have relied on scripts or series of scripts to perform tasks and then link them to provide an ‘automation. No-code or low-code reduces complexity and resource overhead, allowing both non-technical and technical users to automate processes through graphical user interfaces (GUI). In most cases, this involves drag-and-drop boxes that imitate a user’s interactions in a process.

In CFEngine Enterprise we collect information from each system in the infrastructure as inventory. Some inventory is available by default, and more can be added using modules or writing policy. You can use inventory information to create a Compliance Report with checks that determine if the information complies with your security requirements. In this blog post, we will use some modules from CFEngine Build which provide inventory data, and build a Compliance Report on top of those.

When you’re facing a cyberattack, waiting even just minutes to respond could be the difference between business as usual and a calamity. It may only take that long for threat actors to exfiltrate sensitive data or disrupt critical systems. That’s one reason why automating remediation is an essential ingredient in an effective cybersecurity strategy.

Security automation is an increasingly critical element in optimizing enterprise cybersecurity postures. Today, Torq announced its users are executing more than 1,000,000 daily security automations using our security automation platform – a major milestone that underlines the traction and importance of unifying today’s complex security stacks.

All software of any significant size has bugs, vulnerabilities, and other weaknesses. This includes the operating system (OS), libraries, command line tools, services and graphical applications. Across your infrastructure, you should have an overview of what operating systems and software you have installed. Additionally, automated ways of upgrading the OS, as well as packages are desirable.