Zentral - what's new? - MacDevOps:YVR 2017

Preview:

Click to see full reader

Citation preview

Zentral - what's new?open hub for monitoring

Henry Stamerjohann Apfelwerk GmbH & Co. KG, Germany

@henry@head_min

https://osquery.io

https://github.com/google/santa

event processing + filtering

• collect structured information • ready to analyze • act on • time-sensitive decisions

Event data

Observe Orient Decide Act

https://en.wikipedia.org/wiki/OODA_loop

Observe

Orient Decide

Events Act

event stream processing

Events

Notifications

Inventory software management

configuration management

zentral

https://github.com/zentralopensource/zentral

Zentral

MunkiOSQuery

Santa

Sal

Inventory

API

Puppet DB

JamfPro

Watchman

FileWave

Munki

OSQuery

Events + config

TLS

Munki

Santa

OSQuery

/var/log/

Auditd

JamfPro logs

Log shipping

LogstashFilebeat

internal events

Infrastructure events

Nagios

?

Events

external events

Syslog

Event store / backends

Elastic Search

KinesisStore

Jira

Slack SMS

Zendesk

Email

Trello

Actions

Notification / actions

Jss API

Probes = events + filters

Events (filter only)

Probe types

Probe

Metadata filter

Payload filter

Inventory filter

Event Probe

Event types

Probe feeds

Feeds (samples to start with)

Probe types

Probe feeds

Probe feeds

Probe + config

Probe types

Config + Events filter

Probe config

Probe

Config TLS

OSQuery

Santa

Monolith = munki config

Client event stream

Client events

MunkiMunki

Client events

Santa

Client events

OSQuery

Client events

Inbound events

aggregate system events

aggregate system events + build audit trails

SRSLY ?

Google Santa

select * from santa_collectedapplication;

SAML, and, and…

SSO / SAML

SimpleMDM

Ad hoc signed .pkg

Ad hoc signed .pkg

• community support via GitHub (free) • support contract, paid tier (on request)

• SaaS (cloud based service) • Professional services, custom development • Integration support (on premise)

Support

Deploymentsimple Zentral all-in-one (to get started) • Amazon AWS (prod. / eval.) • GoogleCloudServices (prod. / eval.) • Vagrant box (evaluation) • VMware .ova (evaluation) • docker-compose (dev. / eval.)

Links

goo.gl/etN3sv

thank you !

twitter: @head_min slack: henry

Recommended

Spring Tooling: What's new and what's coming
Technology
2010 777: The Social Business: What's Now, What's New and What's Next?
Business
What's NEW, What's NEXT, What's HOT!
Business
PlantPAx® System What's New & What's Next
Technology
emflConf 2016 - What's Now, What's New and What's Next
Presentations & Public Speaking
Tech Trends: What's new, What's important in 2013
Business
Rotary's Websites: What's New and What's Next
Technology
ODA: What's New?
Technology
What's new?!
Documents
What's New & What's Next from AWS?
Technology
Globalization: What's New? What's Not?
Documents
What's new and what's next in Rudder
Technology
Early Warning Systems: What's New? What's Working?
Documents
What's New?
Spiritual
Spark what's new what's coming
Software
ERM: What's New & What's Next
Economy & Finance
Crossing the Chasm - What's New, What's Not
Business
Angular 2 - What's new and what's different
Technology
BDF What's NEW
Business
SharePoint 2016 - What's New, What's Not
Technology