Hello! My name is Colton Myers and I am the co-creator and architect of HubbleStack, an open-source security compliance project written in Python. Christer Edwards, another member of our team, named the tool after the Hubble telescope. Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives us a window into the complexities of our infrastructure!

To help facilitate faster compliance with security controls across Adobe, especially due to our many acquisitions in recent years, we found that we needed a tool to handle security auditing and compliance that scaled across many teams with varying infrastructure.

We tried a couple of third party vendors, but struggled to get the data we needed with the performance we required. Open source software is also our preference wherever possible.

Christer decided to get a proof of concept replacement into development. It was based around SaltStack – our tool of choice for configuration management. The new tool worked really well. We quickly pivoted to create a version that uses SaltStack as a library and doesn’t require Salt to be installed on the target system.

It is composed of a few different components:

  1. Nova – This is the audit piece of Hubble. It uses a set of user-defined profiles to audit against security standards, such as CIS (Center for Internet Security) standards. It returns successes and failures as well as a compliance percentage for the system.
  2. Nebula – This is the information-gathering piece of Hubble. It primarily uses the open source project osquery (https://osquery.io) to collect all sorts of raw information from the systems which we can then use to search for patterns, vulnerabilities, and attacks.
  3. Pulsar – This is the file integrity monitoring piece of Hubble. On Linux it uses inotify to monitor file events on the system and send them wherever you specify.
  4. Quasar – Quasar is the reporting piece of Hubble. It is a series of modules which help you get the data to its final destination.

The project has grown at an incredible pace at Adobe. It is now deployed to almost every server across Adobe. We collect almost 5TB of data per day for our Experience Cloud solutions. Hubble has been a great help for us to find and fix issues that other tools may have otherwise missed.

But this is only the beginning! We want to continue to add more capabilities to the tool. We want to flesh out our CIS audit profiles, add more STIG (Security Technical Implementation Guides) and other audit profiles, and add more modules to gather different data. We also invite others to help contribute to the development of Hubblestack. The project is open sourced and you can join the project on GitHub.

Colton Myers
Software Engineer, Digital Marketing solutions

Compliance, DYK?, Major Initiatives, Open Source, Security Automation

Posted on 12-14-2017