- Published on
A bot that intercepts SIEM alerts, auto-enriches them with IP reputation, user activity, and asset ownership, then drops a pre-triaged summary into Slack before a human ever opens the ticket.
Okta
All Posts
- cybersecurity (14)
- automation (10)
- python (8)
- jira (7)
- soc (6)
okta (5)
- open-source (5)
- fastapi (3)
- ai (3)
- vendor-risk (3)
- s3 (2)
- phishing (2)
- gmail-add-on (2)
- aws (2)
- slack (2)
- iam (2)
- hipaa (2)
- docker (2)
- workday (1)
- chrome-extension (1)
- chatbots (1)
- google-apps-script (1)
- lambda (1)
- opensearch (1)
- log-monitoring (1)
- pci-dss (1)
- script-integrity (1)
- risk-management (1)
- vciso (1)
- Published on
A scheduled Python detection that flags accounts hit with 20+ failed logins from rotating IPs in a 5-minute window and auto-opens a Jira ticket for the SOC, turning auth-log noise into something actually actionable.- Published on
A nightly cron job that pulls control evidence from AWS, Okta, GitHub, CrowdStrike, and Proofpoint into dated, immutable folders in S3 — so audit prep is a download instead of a fire drill.- Published on
How I wired Workday terminations into an automated workflow that deactivates the user in Okta — cascading deprovisioning to every connected app — strips group memberships, and files a Jira deprovisioning ticket with a full audit trail.- Published on
Learn how to automate Okta log detections using OpenSearch and Python to identify risky activity, reduce noise, and streamline SOC workflows by creating actionable Jira tickets.