- Published on
A bot that intercepts SIEM alerts, auto-enriches them with IP reputation, user activity, and asset ownership, then drops a pre-triaged summary into Slack before a human ever opens the ticket.
Soc
All Posts
- cybersecurity (14)
- automation (10)
- python (8)
- jira (7)
soc (6)
- okta (5)
- open-source (5)
- fastapi (3)
- ai (3)
- vendor-risk (3)
- s3 (2)
- phishing (2)
- gmail-add-on (2)
- aws (2)
- slack (2)
- iam (2)
- hipaa (2)
- docker (2)
- workday (1)
- chrome-extension (1)
- chatbots (1)
- google-apps-script (1)
- lambda (1)
- opensearch (1)
- log-monitoring (1)
- pci-dss (1)
- script-integrity (1)
- risk-management (1)
- vciso (1)
- Published on
A scheduled Python detection that flags accounts hit with 20+ failed logins from rotating IPs in a 5-minute window and auto-opens a Jira ticket for the SOC, turning auth-log noise into something actually actionable.- Published on
A pipeline that picks up the emails users report through my Gmail phishing add-on, detonates their URLs in a sandbox, reads the verdict, and auto-quarantines malicious mail before anyone gets a chance to click.- Published on
A nightly cron job that pulls control evidence from AWS, Okta, GitHub, CrowdStrike, and Proofpoint into dated, immutable folders in S3 — so audit prep is a download instead of a fire drill.- Published on
Learn how to build a Gmail add-on to report phishing emails, automate analysis with AI and ThePhish, and integrate with Jira for streamlined SOC operations.- Published on
Learn how to automate Okta log detections using OpenSearch and Python to identify risky activity, reduce noise, and streamline SOC workflows by creating actionable Jira tickets.