Ansible Workshop - Ansible Security Automation

This is the documentation for Ansible Automation Platform 1.2. If you are looking for Ansible Automation Platform 2, please go to

Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. Ansible Security Automation is our expansion deeper into the security use case. The goal is to provide a more efficient, streamlined way for security teams to automate their various processes for the identification, search, and response to security events.

In this workshop you will learn - step by step - how you can use Ansible to orchestrate 3 security investigation and response activities involving multiple security tools: an enterprise firewall (CheckPoint Next Generation Firewall), an intrusion detection system (Snort) and a SIEM (IBM QRadar).

Read this in other languages:
uk English, japan 日本語, france Français.

Time planning

The time required to do the workshops strongly depends on multiple factors: the number of participants, how familiar those are with Linux in general and how much discussions are done in between.

Given students with basic experience with Ansible:

If your experience is different in schedulung those workshops, please let us know and fill an issue.

Lab Diagram

ansible rhel lab diagram

Section 1 - Introduction to Ansible Security Automation Basics

Section 2 - Ansible Security Automation Use Cases

Red Hat Ansible Automation