ELK Stack Automation and the Elasticsearch API
Today, we’re going to automate the Elasticsearch Search API to rapidly create canned and shareable threat hunting tools for you and your team. We will use the Packetbeat data shipper for easy setup and access to network data such as low-level DNS packet attributes and IP flow data.
How to Subscribe to GSuite and Google Workplace Notifications
Let’s take a look at how to subscribe to a G Suite endpoint and receive webhooks for important user account events. This will let us build custom workflows and tailored security responses for a range of scenarios.
Getting Connected to the CrowdStrike API
Today, we’re going to take a brief look at how to get connected (and authenticated) to the CrowdStrike API. This will enable us to avail of many of the below aspects of the CrowdStrike Falcon platform.
Splunk Automation Guide
We will explore and then automate search operations for a simple Threat Hunting example. We will then turn our learnings into a fully-fledged self-service internal tool for use by colleagues (or perhaps other teams in your organization).
Qualys Vulnerability Management Automation Guide
Let’s start by familiarizing ourselves with the Qualys VM/PC REST API. We will combine some simple steps into a more complex (but not complicated) outcome.