Blog
Deep dives, playbooks, and field notes on Terraform, cloud security, network automation, and the AI agents reshaping platform engineering.
87 posts
Splunk Incident to ServiceNow Ticket + Slack Alert
Automatically open a ServiceNow ticket and notify your security channel whenever a Splunk incident fires.
Read moreOutlook Phishing Detection with VirusTotal
Scan every inbound Outlook email for malicious URLs and attachments, delete threats, and notify Slack.
Read moreGmail Phishing Detection with VirusTotal
Scan incoming Gmail messages for malicious links and attachments, delete threats, and alert security.
Read moreCrowdStrike Host Isolation with ServiceNow & Slack
Isolate or restore a compromised host in CrowdStrike, notify the device owner, and track it in ServiceNow.
Read moreCrowdStrike + Okta EDR Compliance Validation
Daily check that every Okta-enrolled employee has a CrowdStrike agent running on their device.
Read moreCrowdStrike + Google Workspace EDR Compliance
Validate CrowdStrike Falcon is installed on every Google Workspace user's device, reported daily.
Read moreCrowdStrike + Jamf Mac Fleet EDR Validation
Verify every Jamf-enrolled Mac has a working CrowdStrike Falcon sensor, daily.
Read moreCrowdStrike IOC Hunt Across Fleet
Search your entire CrowdStrike fleet for a specific Indicator of Compromise and report matches to Slack.
Read moreCrowdStrike Stale Sensor Cleanup
Find and remove CrowdStrike Falcon sensors inactive for over 12 hours, with Slack approval.
Read more