During this series of blog posts, I am showcasing the process of updating my outdated Ansible playbooks. By doing so, this allows me to take advantage of newer versions of Ansible along with updated vendor modules. As I have mentioned in several of my previous blog posts, I am a huge fan of automation and […]
Ansible Playbooks: After revisiting some of my ansible playbooks, I noticed that a few were no longer working. This prompted me to dig a little deeper and I realized the need to update my scripts. Since I initially created my playbooks on my MacBook and on a RHEL8 VM in my lab, I decided to start
This is a high-level representation of how a SIEM rule in Chronicle might look to detect a scenario where a user account experiences multiple failed logins (due to invalid credentials) followed by a successful login. The rule is tailored for authentication logs from sources like Okta, Duo, and Google Workspace. Here’s a breakdown of what
In today’s complex and ever-changing IT environment, it’s more important than ever to have a comprehensive observability solution that can help you collect, analyze, and act on data from all of your systems and applications. Cribl is an observability pipeline that gives you the freedom to make choices that best serve your business without the
In the dynamic realm of cybersecurity, organizations face a relentless barrage of threats that necessitate innovative solutions. Traditional security measures are increasingly inadequate against the onslaught of sophisticated attacks. This is precisely where the synergy of Google’s Security Orchestration, Automation, and Response (SOAR) platform and the Google Security Command Center (SCC) comes to the rescue.