OSBot is a security bot that can help automate security tasks and decisions using data. It can generate graphs of data from tools like Jira to help understand security issues and their relationships. It uses a serverless architecture with components like Jira, Elastic, Slack, and Jupyter notebooks. The bot can create schemas to map real world data, generate workflows, and link together related information like policies, vulnerabilities, and risks for context-specific security projects. This allows for fact-based security decisions and global dashboards. Presentations and the code for OSBot are available to learn more.

1. Using OWASP Security Bot
(OSBot) to make Fact
Based Security Decisions
Sep 2019, @DinisCruz
Lightning talk (15m)

2. What can OSBot do for me?

3. Make sense of reality

4. Be your friend (that automates you)

5. Graph your CISO’s world

6. CLI (Command Line Interface) to your data

7. REPL your world (Read Evaluate Print Loop)

8. Threat Models (in a scalable way)

10. DataScience your data

11. Screenshots of OWASP Pages

12. Screenshots of Jira issues

13. Graph project’s to outcomes and threats

14. Incident workflow automation
Real-word example

15. Workflow
Person
Credentials Application
uses
to access
conditions
generate
Alert
acknowledged in Slack by
entered in
action updates status of alert in

16. Slack as UI , Jira as Database

17. Jira as (graph) database

18. Ask user if they were the ones login in
https://twitter.com/DinisCruz/status/1153591757290057733

19. GSBot Commands

31. graph expand GSP-181 1 delivers,is needed by
graph expand GSP-181 2 delivers,is needed by

32. graph expand GSP-181 3 delivers,is needed by
graph expand GSP-181 3 delivers,is needed by,fixes,achieves

33. Security Team
Data Science Tech Stack

34. Serverless stack

35. Scalable data creation workflow

36. JIRA

37. Elastic (ELK)

38. Slack

39. Jupyter notebooks

40. Other Key Components

41. Jira Schema

44. Create schema that represents the business

45. Map reality

46. Workflow everything

47. Risk workflows

48. Scale using Workflows
RISK Workflow VULN Workflow

49. Global Dashboards that actually are FACT based

50. Hyperlinked RISKs (from R1s to R4s to V1s to V3s)

51. Modern approach to managing security RISKs
https://www.soa.org/globalassets/assets/Files/Research/Projects/research-new-approach.pdf

52. Linked Security Policies
=
Fact based
Security Decisions

53. Hyperlinked policies in Jira
Policy’s pdfs
do not scale
because it is not
possible to link real-world
data to the respective policy

54. Convert policy into an graph

55. Policies Links to Facts Links to Vulns Links to Risks

56. Context specific Jira projects (for example FACTs)

57. Wardley Maps

58. Meet Simon ….

59. Using Wardley Maps on Healthcare
https://wardle.org/strategy/2018/07/19/mapping.html

60. Maps help to visualise strategy (and bias)

61. Metadata use in Maps is very powerful
https://medium.com/@erik_schon/the-art-of-strategy-811c00a96fad

62. Advanced Wardley Mapping

63. Create Wardley maps using OSBot

64. OSBot via Jupyter

65. Where is the code?

67. How do I learn more?

68. Jon Hawes BSides Vegas 2019 presentation
https://www.slideshare.net/JonHawes3/building-an-enterprise-security-knowledge-graph-to-fue
l-better-decisions-faster

69. Other presentations (in slideshare)
https://www.slideshare.net/DinisCruz/creating-a-graph-based-security-organisation-apr-2019-owasp-london-
chapter-meeting
https://www.slideshare.net/DinisCruz/osbot-data-transformation-workflow-from-gsheet-to-jupyter-156132054https://www.slideshare.net/DinisCruz/osbot-jira-data-import-from-gsheet-to-jira-via-jupyter-v09
https://www.slideshare.net/DinisCruz/gsbot-commands-slack-bot-used-to-access-jira-data

70. Thanks