In this episode of the Inner Circle podcast, my guest is Christer Edwards from Adobe Security, Christer is a developer and a member of the team that developed HubbleStack–an open source security compliance tool.
Christer and I discuss the origin of HubbleStack and why they decided to create it in the first place. We also talk about what it does, why they chose to make it an open source project, and what the future might hold for HubbleStack.
This is only the second episode of Inner Circle, so I’m still working out some of the technical details of connecting with guests and recording. I cleaned up the audio as much as I can, and it is functional, but I will need to make some changes going forward to make sure I get the best quality audio from my guests.
In case you have trouble understanding some of what Christer say when explaining the components that make up HubbleStack, a blog post from Adobe explains it:
- Nova – This is the audit piece of Hubble. It uses a set of user-defined profiles to audit against security standards, such as CIS (Center for Internet Security) standards. It returns successes and failures as well as a compliance percentage for the system.
- Nebula – This is the information-gathering piece of Hubble. It primarily uses the open source project osquery (https://osquery.io) to collect all sorts of raw information from the systems which we can then use to search for patterns, vulnerabilities, and attacks.
- Pulsar – This is the file integrity monitoring piece of Hubble. On Linux it uses inotify to monitor file events on the system and send them wherever you specify.
- Quasar – Quasar is the reporting piece of Hubble. It is a series of modules which help you get the data to its final destination.
I hope you enjoy the podcast and learn a thing or two about HubbleStack and Adobe Security. Go check out the tool for yourself. I would love to get some feedback from the TechSpective audience about what you like or don’t like about HubbleStack. The good news is, it’s open source. If you don’t like something, you can change it or contribute to the project so everyone can benefit.